Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7468
Views
15
Helpful
6
Replies

Connecting two access ports (Different VLANs) without using a router, multilayer switch or Inter-VLAN Technique :)

Go to solution
Iluvnetwork
Level 1
Level 1

‎11-10-2017 02:02 AM - edited ‎03-08-2019 12:41 PM

Today, my friend gave me a network quiz to test whether I understood VLAN or not. The question was "It is possible to connect two access ports (Different VLANs) without using a router, multilayer switch or Inter-VLAN technique. I couldn't solve it....

                                  [L2 Switch]

                Port 1(VLAN 2) Port 2 Port 3 Port 4(VLAN3)

                        |                                             |

                    PCA(MAC:AAA)                   PCB(MAC:BBB)

Here is the answer he gave me: https://imgur.com/a/e5SHh

Make port 2 access vlan 2 and port 3 access vlan 3. Then connect Port 2 and Port3. In this case, PCA can connect PCB. My question is how L2 switch forwards the packet from PCA to PCB? PCA will send the frame untagged to port 1 -> L2 switch will tag VLAN 2 tag -> According to MAC address table, L2 switch would forward the frame to port 4 -> Port 4 will drop the frame. Can anyone explain to me how my friend solution works? Also, please let me know how the MAC address table would look like in this case.

1 person had this problem
Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-10-2017 02:33 AM - edited ‎11-10-2017 02:33 AM

 

All that is doing is joining two different vlans or broadcast domains together which is fine for theoretical question but don't do this in a production network. 

 

It works because with access ports there is no vlan tagging so the switch simply assumes any traffic received on an access port is traffic within that vlan. 

 

As for the mac address tables, haven't got a switch to play with but would assume PCA would be in vlan 2 and PCB in vlan 3. 

 

Jon

View solution in original post

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎11-10-2017 02:41 AM

Hi there,
You need to add some caveats to your friends solution:
* VLAN2 & VLAN3 need to be configured with the same subnet ID and mask. If the subnets are not the same then PCA will not ARP for PCB, it will always send the packet to the VLAN2 gateway.
* On your L3 switch these VLANs would need to be routed in separate VRFs

Assuming these have been satisfied then yes it would work.
The switch could learn of PCB MAC address and add it to the VLAN2 MAC address table, as broadcast traffic would be sent out of port3 and arrive at port2. Allowing VLAN3 MAC address to be learnt and vice-versa.
Alternatively and providing point 1 above was satisfied, PCA would ARP for PCB, this broadcast would be sent down port2-> port3, and the reply would arrive on port2, therefore be learnt for the VLAN2 MAC address table.

#sh mac-address table dynamic

2	AAAA.AAAA.AAAA.AAAA	DYNAMIC		Gi1/0/1
2	BBBB.BBBB.BBBB.BBBB	DYNAMIC		Gi1/0/2
3	AAAA.AAAA.AAAA.AAAA	DYNAMIC		Gi1/0/3
3	BBBB.BBBB.BBBB.BBBB	DYNAMIC		Gi1/0/4

cheers,

Seb.

 

View solution in original post

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to Iluvnetwork

‎11-10-2017 09:25 AM - edited ‎11-10-2017 09:25 AM

When PCA ARPs for PCB, the broadcast would leave via port2 and arrive on port3. At this stage the source MAC (PCA) would be added to the MAC address table for VLAN3 and continue to be broadcast on all configured switchports except the one it was received on, therefore being sent to port4.

When PCB replies, the MAC address table for VLAN3 now has an entry for PCA so will forwarded it back down port3.

 

The PCA frames would never be directly forwarded from port1 to port4 (different VLANs), they have to go via port2 -> port3 and vice-versa.

 

cheers,

Seb.

View solution in original post

6 Replies 6

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-10-2017 02:33 AM - edited ‎11-10-2017 02:33 AM

 

All that is doing is joining two different vlans or broadcast domains together which is fine for theoretical question but don't do this in a production network. 

 

It works because with access ports there is no vlan tagging so the switch simply assumes any traffic received on an access port is traffic within that vlan. 

 

As for the mac address tables, haven't got a switch to play with but would assume PCA would be in vlan 2 and PCB in vlan 3. 

 

Jon

Go to solution
Iluvnetwork
Level 1
Level 1
In response to Jon Marshall

‎11-10-2017 08:53 AM - edited ‎11-10-2017 08:59 AM

What is the production network? It would be awesome if you kindly explain to me why I shouldn't do thins in a production network. Thank you very much :)

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎11-10-2017 02:41 AM

Hi there,
You need to add some caveats to your friends solution:
* VLAN2 & VLAN3 need to be configured with the same subnet ID and mask. If the subnets are not the same then PCA will not ARP for PCB, it will always send the packet to the VLAN2 gateway.
* On your L3 switch these VLANs would need to be routed in separate VRFs

Assuming these have been satisfied then yes it would work.
The switch could learn of PCB MAC address and add it to the VLAN2 MAC address table, as broadcast traffic would be sent out of port3 and arrive at port2. Allowing VLAN3 MAC address to be learnt and vice-versa.
Alternatively and providing point 1 above was satisfied, PCA would ARP for PCB, this broadcast would be sent down port2-> port3, and the reply would arrive on port2, therefore be learnt for the VLAN2 MAC address table.

#sh mac-address table dynamic

2	AAAA.AAAA.AAAA.AAAA	DYNAMIC		Gi1/0/1
2	BBBB.BBBB.BBBB.BBBB	DYNAMIC		Gi1/0/2
3	AAAA.AAAA.AAAA.AAAA	DYNAMIC		Gi1/0/3
3	BBBB.BBBB.BBBB.BBBB	DYNAMIC		Gi1/0/4

cheers,

Seb.

 

Go to solution
Iluvnetwork
Level 1
Level 1
In response to Seb Rupik

‎11-10-2017 08:45 AM

Holy Moly, Thanks. One more question :) If PCA sends a packet to PCB, the L2 switch will forwards the packet to port 2 and port 4 right? The frame forwarded to port 4 would be dropped, but the frame forwarded to port 2 will be received by PCB Right?
0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to Iluvnetwork

‎11-10-2017 09:25 AM - edited ‎11-10-2017 09:25 AM

When PCA ARPs for PCB, the broadcast would leave via port2 and arrive on port3. At this stage the source MAC (PCA) would be added to the MAC address table for VLAN3 and continue to be broadcast on all configured switchports except the one it was received on, therefore being sent to port4.

When PCB replies, the MAC address table for VLAN3 now has an entry for PCA so will forwarded it back down port3.

 

The PCA frames would never be directly forwarded from port1 to port4 (different VLANs), they have to go via port2 -> port3 and vice-versa.

 

cheers,

Seb.

Go to solution
Iluvnetwork
Level 1
Level 1
In response to Seb Rupik

‎11-10-2017 10:41 AM

Holy Moly! Completely Understood :) I really appreciate for your patience. Thank you very very much!
0 Helpful
Customers Also Viewed These Support Documents