Solved: Assigning VLAN to subnets

AceScottie · ‎04-04-2017

Hello.

Im struggling configuring a network in Packet Tracer (v7).

I have a router(2911) and some switches(2960-24TT).

I have configured dot1Q on the g0/0 interface of the router and created 6 sub interfaces. each sub interface has been assigned a different ip subnet.

I am trying to link the 6 vlans created on the switches and the sub-interfaces on the router.

I have tried adding the sub interfaces to the vlans on the router and using trunking.

I have tried adding routing information on the switches (ip route and ip default-gateway) neither of which works (adding default gateway to the vlan directly).

im not sure how Im suppose to pass all 6 subnets through a single switch.

Jon Marshall · ‎04-04-2017

If you only want vlan 10 clients to be able to communicate with other vlan 10 clients then don't create a vlan 10 interface on the router.

However assuming you want to be able to route somewhere else you need to use acls on the router to control which vlans can communicate with each other.

Jon

View solution in original post

Jon Marshall · ‎04-04-2017

On the switch you create the vlans in the vlan database. Then you configure the link to the router as a trunk allowing all those vlans. Then you configure ports on the switch to be in whatever vlan you want.

The end devices eg. PCs use an IP from the subnet assigned to the vlan they are in and the default gateway is the IP address of the subnet on the router.

Jon

Julio E. Moisa · ‎04-04-2017

Hi

If you are implementing intervlan routing using router on a stick scenario, like you mentioned previously: I have tried adding the sub interfaces to the vlans on the router and using trunking.

For example:

ROUTER

Interface g0/0
description TO-SWITCH
no shutdown

interface g0/0.10
encapsulation dot1q 10
ip add 192.168.10.1 255.255.255.0

interface g0/0.20
encapsulation dot1q 20
ip add 192.168.20.1 255.255.255.0

SWITCH

vlan 10

vlan 20

interface g1/0/48
description TO-ROUTER
switchport
switchport trunk encapsulation dot1q (if it is allowed otherwise it already works with dot1q)
switchport mode trunk
no shutdown

This configuration should be enough.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

AceScottie · ‎04-04-2017

Thanks for the help.

i managed to get the vlans and dot1q working with what you said (didnt realist it sorted vlans and dot1q automatically).

now im having a problem with segregation. I created individual vlans to stop pcs on 1 subnet accessing PCs on another subnet, however currently everything can talk to each other over the sub-interfaces.

i only want subnet 1 (vlan 10) to be able to communicate to anything else on subnet 1 but not with anything on subnet 2 (vlan 20).

PDU message "the destination IP address matches the IP address of one of the interfaces".

Jon Marshall · ‎04-04-2017

If you only want vlan 10 clients to be able to communicate with other vlan 10 clients then don't create a vlan 10 interface on the router.

However assuming you want to be able to route somewhere else you need to use acls on the router to control which vlans can communicate with each other.

Jon

Julio E. Moisa · ‎04-04-2017

Hi

I agree with Jon, the only way to block traffic should be with access list applied on each sub-interface. In other switch models and scenarios VACL could be used.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<