Communicate between Different VLAN in same subnet

ankitohc · ‎01-05-2024

Hi Team,

I have one L3 switch and two PC with different VLANs

I know we can't have same subnet for different VLAN's however using this topology.. How can i archive this?

and I can add more devices on top however will not change the configuration.

how VLAN 1 will communicate with VLAN 2 - PC on left to PC on right

M02@rt37 · ‎01-05-2024

hello @ankitohc

happy new year !

As concerned your topology, what is the mask of PCs ? regarding IP addresses PC seem to be in the same subnet no ? then it should be the same vlan id no ?

As concerned routing between two PCs on that Switch ; 2 PCs on different subnet and vlan, you need to activate ip routing on that L3 Switch.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

ankitohc · ‎01-05-2024

Happpy new year Buddy

PC 1 on left side 10.10.2.1/24 VLAN 1

PC 2 on right side 10.10.2.2/24 VLAN 2

They are on same subnet with different VLANs

M02@rt37 · ‎01-05-2024

@ankitohc

It is not possible for two devices on the same physical network to be in the same subnet with different VLANs. VLAN are used to logically segment a network into multiple broadcast domains, allowing different VLANs to operate as if they were on separate physical networks.

In your scenario, PC 1 and PC 2 are assigned to different VLANs (VLAN 1 and VLAN 2, respectively). Each VLAN should have its own unique subnet to ensure proper network segmentation. If they share the same subnet (10.10.2.0/24 in your example), they would be part of the same broadcast domain, defeating the purpose of VLANs.

To correct this, you should assign different subnets to each VLAN. For example:

PC 1: 10.10.1.1/24 (VLAN 1)
PC 2: 10.10.2.1/24 (VLAN 2)

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

ankitohc · ‎01-05-2024

To correct this, you should assign different subnets to each VLAN. For example:

PC 1: 10.10.1.1/24 (VLAN 1)
PC 2: 10.10.2.1/24 (VLAN 2)

Yes I know that is general practice which we learn from books however still Is there any way to communicate within same subnet and adding any router or using VRF or something I am just asking.. I can be wrong as well

M02@rt37 · ‎01-05-2024

@ankitohc

If you want to make devices in different VLANs communicate while being in the same IP subnet, you could use a Layer 3 device (like a router) to route traffic between the VLANs.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

ankitohc · ‎01-05-2024

what should be configuration if i use router?

MHM Cisco World · ‎01-05-2024

the different vlan break the broadcast which need to Know the MAC
so use router instead of PC

then add MAC manually
and try ping
MHM

Joseph W. Doherty · ‎01-05-2024

The basic problem you have, the same network is expected to be within the same L2 domain.

You could do what you ask using NAT, such that each VLAN/subnet "sees" the other subnet as not part of itself. For example each VLAN might be 10.10.2.0/24 and "see" the other VLAN's network as 10.10.3.0/24.

Most L3 switches don't support NAT, but most routers would.

Torbjørn · ‎01-05-2024

I assume this is for a theoretical lab exercise? I would not recommend doing this in any kind of production network. The simplest way to achieve this is bridging the VLANs by connecting a VLAN 1 access port to a VLAN 2 access port on the switch and enabling BPDU filter on the ports.

If it was a different VLAN than VLAN 1 you could have used private VLANs to achieve this. You could have done so by configuring one of the VLANs the primary VLAN while configuring the other VLAN as a secondary VLAN.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

ankitohc · ‎01-05-2024

Can you please share the configuration?

Torbjørn · ‎01-05-2024

Are you running EVE-ng?

If it allows you to connect a device to itself you can connect port Gi0/2 to Gi0/3 and enter the following config:

int gi0/2
 switchport mode access
 switchport access vlan 1
 switchport nonegotiate
 spanning-tree bpdufilter enable
 no cdp enable
int gi0/3
 switchport mode access
 switchport access vlan 2
 switchport nonegotiate
 spanning-tree bpdufilter enable
 no cdp enable

If it doesn't allow you to connect devices to themselves you can achieve the same thing by adding another switch and connecting the switches like so: SW1 Gi0/2 - SW2 Gi0/3, SW1 Gi0/3 - SW2 Gi0/2 and apply the same lines of config to both switches.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Joseph W. Doherty · ‎01-05-2024

Although bridging the VLANs is possible, you effectively create one combined VLAN, which negates the point of having separate VLANs. Of course as a "theoretical lab exercise", sure, why not. Otherwise as you also write "I would not recommend doing this in any kind of production network."

BTW, what I suggested might be used in a real world situation when you merge companies having overlapping private IPs.

ankitohc · ‎01-05-2024

Yes you are right meger companies in a real world situation, however can you please help me with command.. I am not sure how to configure bridge VLANS

Joseph W. Doherty · ‎01-05-2024

As @Torbjørn wrote "The simplest way to achieve this is bridging the VLANs by connecting a VLAN 1 access port to a VLAN 2 access port on the switch and enabling BPDU filter on the ports."

You may wish to also disable CDP on those ports, as it will complain about the VLAN mismatch.