Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
3
Replies

internet and vlan

Go to solution
vishalpatil86
Level 1
Level 1

‎06-01-2011 11:43 PM - edited ‎03-06-2019 05:18 PM

hi,

i have following setup -

edge switches

core switch

firewall

ISP line is connected to firewall and from firewall, it goes to core switch.

Edge swiches are connected directly to core switch. finally users are connected to edge swicth.

There are vlans defined in core and edge switches.

when user connects to internet, first it is authenticated from firewall and then allows internet connection.

vlan 201 is defined in edge switch and core switch also. suppose this user wants to connect to internet,

first it will be authenticated and then he will able to browse.

my question is how ISP identifies that to which vlan this traffic belongs to or how user will get identified?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
fgasimzade
Level 4
Level 4

‎06-01-2011 11:54 PM

ISP has nothing to do with your vlans, if it is directly connected to your firewall. It is layer 3 communication between ISP and your firewall

View solution in original post

0 Helpful

Go to solution
fgasimzade
Level 4
Level 4
In response to vishalpatil86

‎06-02-2011 12:14 AM

Well, when a packet comes back from the Internet to your Firewall, firewall performs NAT to find to which local address this packet id dedicated. Then, this packet arrives to the switch with the destination IP address of your local computer. If layer 3 is enabled on the switch, it looks up it's routing table to find the destination subnet. Lets imagine you comp address is 192.168.1.5 and your switch has interface VLAN1 with 192.168.1.1. The switch now knows that this subnet is in VLAN1. Then the switch performs ARP lookup to find MAC address associated with 192.168.1.5, and based on this MAC address it lookups up his MAC address table to find a port to which your computer is connected.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
fgasimzade
Level 4
Level 4

‎06-01-2011 11:54 PM

ISP has nothing to do with your vlans, if it is directly connected to your firewall. It is layer 3 communication between ISP and your firewall

0 Helpful

Go to solution
vishalpatil86
Level 1
Level 1
In response to fgasimzade

‎06-01-2011 11:58 PM

ok,

once traffic entered in firewall and goes to core switch then,

hoe core switch decides to which vlan it needs to send traffic?

0 Helpful

Go to solution
fgasimzade
Level 4
Level 4
In response to vishalpatil86

‎06-02-2011 12:14 AM

Well, when a packet comes back from the Internet to your Firewall, firewall performs NAT to find to which local address this packet id dedicated. Then, this packet arrives to the switch with the destination IP address of your local computer. If layer 3 is enabled on the switch, it looks up it's routing table to find the destination subnet. Lets imagine you comp address is 192.168.1.5 and your switch has interface VLAN1 with 192.168.1.1. The switch now knows that this subnet is in VLAN1. Then the switch performs ARP lookup to find MAC address associated with 192.168.1.5, and based on this MAC address it lookups up his MAC address table to find a port to which your computer is connected.

0 Helpful
Customers Also Viewed These Support Documents