05-23-2022 12:55 PM
Hi everyone,
I am new and I cannot solve small problem.
I would be grateful if someone could explain me how is it work.
I am attaching screenshot of my network.
I want to make that 2 switches on the top should not see the 2 switches at the bottom.
I configured vlan 1 ip address in the first switch from the left and 2 switches on the top (the same network) and I addedd PCs there to the same network and it works great. Every PC pings to other on the top.
I tought I can just make another vlan and set ip address for that for the switches at the bottom, but unfortunately when I configure the same way as before, but vlan 100 or vlan 2 or any, these vlans are always down. When I type "no shutdown" command, nothing happens.
Vlan 1 was up immediately, but I cannot change any other vlan to up. What am I doing wrong?
05-23-2022 12:58 PM
Hi
You need to create the vlan first:
conf t
vlan 100
then, you can assign IP
int vlan 100
ip add 192.168.1.100 255.255.255.0
Then you can add some PC ports on it.
05-23-2022 04:17 PM
Hello
Configure the rtr to perform the intervlan routing, append a routed access-list to deny communication between the two vlans, Lastly create the vlans on all switchs and trunk the interconnects between them,
The result should be any host in different vlans should not be able to communicate with each
RTR
access-list 101 deny ip any 192.168.2.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny ip any 192.168.1.0 0.0.0.255
access-list 102 permit ip any any
int g0/1
description vlan 1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
int g0/1.2
description vlan 2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 102 in
Switch connecting to RTR
int gig0/2
Description trunk to rtr
switchport mode trunk
vlan2
exit
05-25-2022 01:27 AM
Hello
Configure the rtr to perform the intervlan routing, append a routed access-list to deny communication between the two vlans, Lastly create the vlans on all switchs and trunk the interconnects between them,
The result should be any host in different vlans should not be able to communicate with each
RTR
access-list 101 deny ip any 192.168.2.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny ip any 192.168.1.0 0.0.0.255
access-list 102 permit ip any any
int g0/1
description vlan 1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
int g0/1.2
description vlan 2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 102 in
Switch connecting to RTR
int gig0/2
Description trunk to rtr
switchport mode trunk
vlan2
exit
05-24-2022 02:02 AM
if you made a new VLAN doesn't mean each VLAN should IP address. VLANs, just divided your switch into the logical part when you move the port into the VLANs.
#config mode.
VLAN 100
exit
Interface vlan10
No shut
if you want to assign IP add then you can configure it for the management
Thanks,
Jitendra
05-24-2022 07:23 AM
Thank you all for help.
Now the Vlans are up, but unfortunately I cannot understand one more thing.
In the first vlan 1 (at the top) all devices are visible for themselves. For example from every PC I can ping every PC and every switch.
At the bottom I made the same way, but instead vlan 1, vlan 2. I made different IP address - Instead of 192.168.1.xxx (at the top) I made 192.168.2.xxx (at the bottom in all switches and devices). All switches on vlan 2 and in the same network.
From PC I can ping every other PC, so there must be connection between switches, but unfortunately I cannot ping any switch. "Request time out". How is it possible, that PCs can ping every other PC, but switches not?
I am attaching my .pkt file.
05-24-2022 07:45 AM
In order for you to have Inter vlan communication, you need to have a L3 device. You can use a L3 switch or a router.
As you topology already have a router, I configured it to you so you can test.
Try to ping from PC1(2) which is in vlan 3 to PC1(4) which is vlan 2. The ping packet goes to the router and is completed as the router knows both network.
You can see that I configured subinterfaces on the router .
05-24-2022 09:51 AM
Oh really, once again thank you so much for your help, I really appreciate that.
However I wanted to do that 2 switches at the top with associated PCs should not see the other ones and the 2 switches at the bottom with the PCs should not see the rest in the network. I just wanted 2 independent networks there.
Is that possible?
2 switches and PCs at the top should be in different network than 2 switches and PCs below.
05-24-2022 10:19 AM - edited 05-24-2022 10:21 AM
This is an interesting situation actually. The reason you can´t is because you are using vlan 1. I actually created on the router one subinterface for vlan 1, and if you use the Simulation mode on PacketTracer, you can see the packet doing the path correct. However, on the Real Mode, the ping does not complete.
This might be happening due the reason that the VLAN 1 is the default Native vlan. Which means it is not tagged by default. As it is not tagged, when it enter the routers interface, it is not delived to the correct subinterface and therefore, it not properly routed.
Try to fix it by yourself change the vlan on the switch from 1 to any number, for example to 10....reconfigure the IP address on interface vlan 10 and change the router subinterface to GigabitEthernet0/0/0.10 and add the ip addresss on it.
You probably are going to ping.
Let me know the result.
PS: whatever vlan you choose, you need to create it on the switch 0 and switch 4 with the command
conf t
"vlan x"
05-24-2022 03:42 PM - edited 05-24-2022 03:43 PM
Hello
@Flavio Miranda wrote:
I actually created on the router one subinterface for vlan 1,.
Did you specify native on this sub-interface if not than it wont be native and WILL be tagged, ONLY on a physical routed interface does it default to being untagged.
Native untagged
int x/x
description vlan 1
ip address xxxx
or
int x/x.1
description vlan 1
encapsulation dott1q 1 native
ip address xxxx
tagged
int x/x.1
description vlan 1
encapsulation dott1q 1
ip address xxxx
05-25-2022 01:27 AM
Hello
@Flavio Miranda wrote:
I actually created on the router one subinterface for vlan 1,.
Did you specify native on this sub-interface if not than it wont be native and WILL be tagged, ONLY on a physical routed interface does it default to being untagged.
Native untagged
int x/x
description vlan 1
ip address xxxx
or
int x/x.1
description vlan 1
encapsulation dott1q 1 native
ip address xxxx
tagged
int x/x.1
description vlan 1
encapsulation dott1q 1
ip address xxxx
05-25-2022 08:16 AM
05-25-2022 08:20 AM
Hello
@Karcio22 wrote:
I am not sure if I expressed myself correctly, so I am attaching picture with marked networks which I would like to make. I mean, Between NET1 and NET2 should be no connection. They cannot see each other.
The ROAS example I posted previous would provide this.
RTR
access-list 101 deny ip any 192.168.2.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny ip any 192.168.1.0 0.0.0.255
access-list 102 permit ip any any
int g0/1
description vlan 1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
int g0/1.2
description vlan 2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 102 in
Switch connecting to RTR
int gig0/2
Description trunk to rtr
switchport mode trunk
vlan2
exit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide