Broadcast and Vlan

susim · ‎05-24-2014

Hi

Broadcasts and IP networks are not limited to VLANs. Then why we would say vlans are separate broadcast domains

Thanks

Reza Sharifi · ‎05-24-2014

Hi, you can have multiple subnets in one vlan by using a secondary address, but that is not a very common. Most common designs use one subnet per vlan and in this case each vlan is a separate broadcast domain HTH

susim · ‎05-25-2014

vlan id 5 and vlan 10
assign one port in vlan 5 and another port in vlan 10 ,
assign ip address 192.168.1.1 and 192.168.1.2, they will communicate
why is that ?

milan.kulik · ‎05-25-2014

They should not communicate if your VLANs are not interconnected somewhere.

How is your switch configured in details?

Best regards,

Milan

susim · ‎05-25-2014

There is no routing between the vlans , and there is no ip address assigned to the vlan interface

milan.kulik · ‎05-25-2014

In that case I believe there might be some port in VLAN5 connected by a cable to other port in VLAN10 somewhere.

Don't you see the MAC addresses assigned to 192.168.1.1 and 192.168.1.2 in both VLANs?

susim · ‎05-25-2014

Yes i can see , The thing is i was not clear about how a vlan separating a broadcast domain ?

milan.kulik · ‎05-26-2014

If you can see both MACs in both VLANs, it's another symptom your VLANs are interconnected somewhere.

Try to create a new VLAN and assign one of the PCs to it (no other port).

You will not be able to Ping from that PC to the other then!

VLAN separate broadcast easy way: No frame from one VLAN (including broadcasts) is forwarded to other VLANs.

Best regards,

Milan

susim · ‎05-27-2014

Hi

Thanks for your reply , i think i could not make clear the question .

What i understand vlan separate broadcast domain . PC A is in vlan5 , pc b is in vlan 6 . but both are in the same network . from PC -A i can PING PC-B .i can ping broadcast address 192.168.1.255 , from PC-B i ll get reply . Maybe the question is very dump . Please help

Please find the attached topology

milan.kulik · ‎05-27-2014

Hi,

I still think this should not happen.

Are there any other devices connected to the same switch?

Can you provide the switch config?

Best regards,

Milan

susim · ‎05-27-2014

Hi milan

Sorry for the wrong attachment , i have corrected it . Please check it

milan.kulik · ‎05-28-2014

Hi,

let me ask one simple question then:

How is the connection between your switches configured?

As you say: "All ports are in VLAN5" on the first switch and "All ports are in VLAN6" on the second switch, does that mean there is no trunk configured to connect the switches together?

And simply one access port in VLAN5 on the first switch is connected by a cable to one port in VLAN6 on the second switch?

That would explain everything: As the access ports don't tag the frames with any VLAN tag, you have created one common VLAN5-6 this way!

Just change the ports which are connecting the switches together into trunks and you will not be able to Ping from one PC to the other anymore!

Best regards,

Milan

susim · ‎05-28-2014

"All ports are in VLAN5" on the first switch and "All ports are
in VLAN6" on the second switch, does that mean there is no trunk configured
to connect the switches together?

yes

And simply one access port in VLAN5 on the first switch is connected by a
cable to one port in VLAN6 on the second switch?

yes

That would explain everything: As the access port don't tag the frames with
any VLAN tag, you have created one common VLAN5-6 this way!

Does it mean broadcasts are not limited to vlans ?

milan.kulik · ‎05-28-2014

Broadcasts ARE limited to VLANs.

But you are creating one big VLAN here!

Let me explain once more:

From the first switch point of view:

All ports are within VLAN5. So a broadcast received on one port is sent out to all other ports.

One of the ports is physically connected to the second switch. As all ports on the second switch are assigned to VLAN6 on the second switch, it simply receives the broadcast from the first switch and forwards it to all ports within the same VLAN to which the ports which received the broadcast belongs to (VLAN 6).

The switches are having no chance to realize YOU have connected one port assigned to VLAN5 on the first switch to a port assigned to VLAN6 on the second switch.

This is something which should not be done unless absolutely necessary.

YOU are creating one common VLAN composed of two parts per switch. No matter how you call it per switch, it's still one VLAN!

Am I clear now?

Best regards,

Milan

susim · ‎06-06-2014

Thanks milan

For your great explanation .

As per the diagram attached ,

PC-A sends frame . When it leaves the port which is connected , it tags vlan 5 .

The switch already learned the mac-address of the PC-B on port fa0/8 ( fa0/8 (vlan 5) connected second switch fa0/8(vlan 6)

since it identified the destination port is fa0/8 , it removes the vlan information and send to port fa0/8

is it correct

or

PC-A sends frame . When it leaves the port which is connected it does not tag any vlan information to the frame

The switch already learned the mac-address of the PC-B on port fa0/8

since it identified the destination port is fa0/8 ,it sends the frame to fa0/8

Thanks