Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
10
Helpful
12
Replies

How to turn up the vlan?

Karcio22
Level 1
Level 1

‎05-23-2022 12:55 PM

Hi everyone, 

I am new and I cannot solve small problem.

I would be grateful if someone could explain me how is it work.

I am attaching screenshot of my network.

 

I want to make that 2 switches on the top should not see the 2 switches at the bottom.

I configured vlan 1 ip address in the first switch from the left and 2 switches on the top (the same network) and I addedd PCs there to the same network and it works great. Every PC pings to other on the top.

 

I tought I can just make another vlan and set ip address for that for the switches at the bottom, but unfortunately when I configure the same way as before, but vlan 100 or vlan 2 or any, these vlans are always down. When I type "no shutdown" command, nothing happens. 

Vlan 1 was up immediately, but I cannot change any other vlan to up. What am I doing wrong?

Labels:
Preview file
55 KB
0 Helpful
12 Replies 12

Flavio Miranda
VIP
VIP

‎05-23-2022 12:58 PM

Hi

 You need to create the vlan first:

conf t

vlan 100

 

then, you can assign IP

int vlan 100

ip add 192.168.1.100 255.255.255.0

 

Then you can add some PC ports on it.

0 Helpful

paul.driver
Level 1
Level 1

‎05-23-2022 04:17 PM

Hello

Configure the rtr to perform the intervlan routing, append a routed access-list to deny communication between the two vlans, Lastly create the vlans on all switchs and trunk the interconnects between them,

The result should be any host in different vlans should not be able to communicate with each

 

RTR
access-list 101 deny ip any 192.168.2.0 0.0.0.255
access-list 101 permit ip any any

access-list 102 deny ip any 192.168.1.0 0.0.0.255
access-list 102 permit ip any any

int g0/1
description vlan 1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in


int g0/1.2
description vlan 2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 102  in

Switch connecting to RTR
int gig0/2
Description trunk to rtr
switchport mode trunk

vlan2
exit


0 Helpful

paul driver
VIP
VIP
In response to paul.driver

‎05-25-2022 01:27 AM

Hello

Configure the rtr to perform the intervlan routing, append a routed access-list to deny communication between the two vlans, Lastly create the vlans on all switchs and trunk the interconnects between them,

The result should be any host in different vlans should not be able to communicate with each

 

RTR
access-list 101 deny ip any 192.168.2.0 0.0.0.255
access-list 101 permit ip any any

access-list 102 deny ip any 192.168.1.0 0.0.0.255
access-list 102 permit ip any any

int g0/1
description vlan 1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in


int g0/1.2
description vlan 2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 102  in

Switch connecting to RTR
int gig0/2
Description trunk to rtr
switchport mode trunk

vlan2
exit


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Jitendra Kumar
Spotlight
Spotlight

‎05-24-2022 02:02 AM

if you made a new VLAN doesn't mean each VLAN should IP address. VLANs, just divided your switch into the logical part when you move the port into the VLANs.

 

#config mode.

VLAN 100

exit

Interface vlan10

No shut

 

if you want to assign IP add then you can configure it for the management 

 

Thanks,

Jitendra

Thanks,
Jitendra

Karcio22
Level 1
Level 1

‎05-24-2022 07:23 AM

Thank you all for help.

Now the Vlans are up, but unfortunately I cannot understand one more thing.

In the first vlan 1 (at the top) all devices are visible for themselves. For example from every PC I can ping every PC and every switch.

 

At the bottom I made the same way, but instead vlan 1, vlan 2. I made different IP address - Instead of 192.168.1.xxx (at the top) I made 192.168.2.xxx (at the bottom in all switches and devices). All switches on vlan 2 and in the same network.

From PC I can ping every other PC, so there must be connection between switches, but unfortunately I cannot ping any switch. "Request time out". How is it possible, that PCs can ping every other PC, but switches not?

I am attaching my .pkt file.

projekt.zip
0 Helpful

Flavio Miranda
VIP
VIP
In response to Karcio22

‎05-24-2022 07:45 AM

In order for you to have Inter vlan communication, you need to have a L3 device. You can use a L3 switch or a router.

As you topology already have a router, I configured it to you so you can test.

 Try to ping from  PC1(2) which is in vlan 3 to PC1(4) which is vlan 2.  The ping packet goes to the router and is completed as the router knows both network.

You can see that I configured subinterfaces on the router . 

 

 

 

projekt_v3.zip
0 Helpful

Karcio22
Level 1
Level 1

‎05-24-2022 09:51 AM

Oh really, once again thank you so much for your help, I really appreciate that. 

However I wanted to do that 2 switches at the top with associated PCs should not see the other ones and the 2 switches at the bottom with the PCs should not see the rest in the network. I just wanted 2 independent networks there.

Is that possible?

 

2 switches and PCs at the top should be in different network than 2 switches and PCs below.

0 Helpful

Flavio Miranda
VIP
VIP
In response to Karcio22

‎05-24-2022 10:19 AM - edited ‎05-24-2022 10:21 AM

 

This is an interesting situation actually. The reason you can´t is because you are using vlan 1.  I actually created on the router one subinterface for vlan 1, and if you use the Simulation mode on PacketTracer, you can see the packet doing the path correct. However, on the Real Mode, the ping does not complete.

 This might be happening due the reason that the VLAN 1 is the default Native vlan. Which means it is not tagged by default. As it is not tagged, when it enter the routers interface, it is not delived to the correct subinterface and therefore, it not properly routed.

 Try to fix it by yourself change the vlan on the switch from 1 to any number, for example to 10....reconfigure the IP address on interface vlan 10 and change the router subinterface to  GigabitEthernet0/0/0.10 and add the ip addresss on it.

You probably are going to ping.

Let me know the result.

 

PS:  whatever vlan you choose, you need to create it on the switch 0 and switch 4 with the command

conf t

"vlan x"

0 Helpful

paul.driver
Level 1
Level 1
In response to Flavio Miranda

‎05-24-2022 03:42 PM - edited ‎05-24-2022 03:43 PM

Hello

@Flavio Miranda wrote:

  I actually created on the router one subinterface for vlan 1,.

 Did you specify native on this sub-interface if not than it wont be native and WILL be tagged, ONLY on a physical routed interface does it default to being untagged.


Native untagged
int x/x
description vlan 1
ip address xxxx

or

int x/x.1
description vlan 1
encapsulation dott1q 1 native
ip address xxxx

tagged
int x/x.1
description vlan 1
encapsulation dott1q 1
ip address xxxx

0 Helpful

paul driver
VIP
VIP
In response to paul.driver

‎05-25-2022 01:27 AM

Hello

@Flavio Miranda wrote:

  I actually created on the router one subinterface for vlan 1,.

 Did you specify native on this sub-interface if not than it wont be native and WILL be tagged, ONLY on a physical routed interface does it default to being untagged.


Native untagged
int x/x
description vlan 1
ip address xxxx

or

int x/x.1
description vlan 1
encapsulation dott1q 1 native
ip address xxxx

tagged
int x/x.1
description vlan 1
encapsulation dott1q 1
ip address xxxx


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Karcio22
Level 1
Level 1

‎05-25-2022 08:16 AM

I am not sure if I expressed myself correctly, so I am attaching picture with marked networks which I would like to make. I mean, Between NET1 and NET2 should be no connection. They cannot see each other.

Preview file
95 KB
0 Helpful

paul driver
VIP
VIP
In response to Karcio22

‎05-25-2022 08:20 AM

Hello

@Karcio22 wrote:

I am not sure if I expressed myself correctly, so I am attaching picture with marked networks which I would like to make. I mean, Between NET1 and NET2 should be no connection. They cannot see each other.

The ROAS example I posted previous would provide this.

 

RTR
access-list 101 deny ip any 192.168.2.0 0.0.0.255
access-list 101 permit ip any any

access-list 102 deny ip any 192.168.1.0 0.0.0.255
access-list 102 permit ip any any

int g0/1
description vlan 1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in


int g0/1.2
description vlan 2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 102  in

Switch connecting to RTR
int gig0/2
Description trunk to rtr
switchport mode trunk

vlan2
exit

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card