Re: Help: Connect 2 separate vlan without using router

PandaTV · ‎12-22-2019

Hi guys, I need your on this activity. So I'm working on this network ID 192.168.7.0 and I only got 2 switches and 6 computers. So in switch 1, PC1,2 and 3 are connected and on switch 2, PC4, 5 and 6 are connect and both switches are connected to each other.

So I set them with this ip addresses

PC1 - 192.168.7.2

PC2 - 192.168.7.3

PC3 - 192.168.7.4

PC4 - 192.168.7.12

PC5 - 192.168.7.13

PC6 - 192.168.7.14

and since I don't have any routers, so there's no gateway to work with.

What i did is I setup 3 different vlans, vlan 10,20 and 30. in vlan 10, only PC1 is in it. In vlan 20, only pc 4 is in it. And in vlan 30, PC2,3,5 and 6 are in in. so what I'm trying to do is connect vlan 10 and vlan 30 but vlan 10 is not connected to vlan 20. Same goes for vlan 20 being connected to vlan 30 but not connected to vlan 10.

i dont want pc 1 communicating with pc4 but can communicate with the rest of the pc. the pkt file is attached below. Thanks for your help!

Dan Lukes · ‎12-22-2019

1, You mentioned three VLANs, but IP addresses seems to belong to single NET (well, you mentioned no mask, thus I can't be sure - may be you has allocated addresses from two networks, 172.168.7.0/29 and 172.168.7.8/29 - all at all, there are no three separate ntwork block, one for each VLAN).

2. General rule is - you just can't connect two LANs (term LAN includes VLAN as well) with no router. But even casual PC can route (it depends on OS running on it, but it's possible on most systems).

Unfortunately, you described no task/goal. Regardless of it I can say your network will not work, but I'm unable to advise a solution unless I know the mission.

PandaTV · ‎12-22-2019

Hey, thanks for responding. So yea, my only goal here is to have PC1 ping all other PCs except PC4. Same goes for PC4 not being able to communicate with PC1 but can communicate with the rest of the PCs. I was given the task with only 2 switches and 6 computers. So I thought vlan is the only solution. Do you think you can help me with this problem?

Dan Lukes · ‎12-22-2019

It depends on features available. As I claimed already, you can't route traffic between (V)LANs with no router.

1. Assuming mutilayer switch - you have roouter (embedded into switch, not standalone, but it's not matter). COnfigure VLANs, routing, may be IP filtering (if avaiable)

2. No router, even embedded one. All PCs needs to be in single (V)LAN. Use ACL to restrict PC1<->PC4 traffic (assuming ACL is avaiable on switches).

3. Use private VLAN (if available). PC1 & PC4 needs to be connected to "isolated" port, all other will be connected to promiscuous.

This list may not be exhaustive. May be I missed a solution candidate.

PandaTV · ‎12-22-2019

I don't really know what to do since the task that was given to me doesn't include any routers, so I'm kind of confused as to what to do.

pieterh · ‎12-23-2019

tell us some more about your task.

do you need to realize this in a production or a lab/training environment?

VLANS are invented to separate traffic, as if they where separate LAN's.

so you need an extra function if you want to communicate between LAN's.

one extra function is a router, but this option is dropped.

another function is Cisco Private VLAN's this may be the function you need but this only works on Cisco equipment.