07-31-2006 03:30 AM - edited 03-05-2019 12:00 PM
Dear All,
i am still new to the CISCO World.
i have a question regarding VLANS & really i want you to explain to me if i was correct or not ?
---------------------------------------
The Question is :-
if i have Cisco Switch 3560 Series, and this switch is 48 Ports.
i did not do any thing on this switch except add IP-Address , & Subnet mask.
the switch does not have any VLANS at all and its only 1 switch .
Now Here is my question :-
if i have 2 PC , the first one is in Fe 0/1 , and the second one is in Fe 0/2.
the First PC have this IP-Address ( 192.168.1.1 / 255.255.255.0 ) & No GW & No DNS at all .
the Second PC have THis IP-Address ( 172.16.1.1 / 255.255.0.0 ) & No GW & No DNS at all.
Now, if the First PC get infected by SPYWARE or VIRUSE or What ever Or MALWARE, Do you think the Second well get affected as well, becasue there is one Broadcast domain , and all the Ports are in same Broadcast domain and all the traffic will be in the same braodcast domain , but if i have 2 broadcast domain as 2 VLANS, only the PC's which is in this Broadcast domain only where ever its located accross the network will get affect only . but all the others PC which they are in another Broadcast domain will not get affected.
----------
is that correct or not ?
i know this is not the only thing from using the VLANS, But i want to know , is this Point Correct or Not ?
07-31-2006 03:53 AM
this same thread has been in discussion in the LAN/Switching forum.
08-14-2006 06:01 AM
VLAN's are reffered as Layer 2 Broadcast domains, this is only concerns ARP request en reply's, this does not mean to breakup layer 3 broadcast domains.
As long you do not route between the VLANs (Inter-VLAN routing) than the VLANs are issolated from each other.
I hope to full fill your question.
08-15-2006 02:44 AM
Well, you have 2 PCs, each PC is in a differant networks.. i means 192.168.1.0 and 172.16.0.0 are differant and you need a layer 3 to communicate them. as you are using this switch with only one VLan, i think that the 2 PCs cannot communicate!! have you tried to ping one from the other??
I think that a virus cannot go from a PC to another.
08-15-2006 06:23 AM
Hi,
This is quite interesting scenario.
Please be advised that certain Malware / Worms are programmed to try all the possible combinations of IP Addresses / Subnets.
Also even if you dont use the GW or DNS then also all that the worm has to do is to landp a packet full of the payload and that it!
It doesnt require a full communication like we do!
Hence a Worm/Malware that has infected one of the machines can effectively infect the other, if there are no other precautionary measures in the picture.
Please rate if it helps.
Regards,
Wilson Samuel
08-16-2006 12:34 AM
Hi,
What you say about malware is right, they try all possibilites.. but still the problem is if the switch will forward the frame or not??
as the 2 PCs are not in the same network, it means that unless the infected PC tries to send the virus, the other will not receive it! I think it's due to the second PC, the network layer doesn't accept packets from a differant network!!!
To verify! that's what I tried:
I used a 2950 switch with no Vlan configured, I used 2 PCs configured within a same network, the ping passed.. but when I tried to change the netword for one PC than the ping fail, so when you are at a differant network addressing scheme you need a layer 3 function (a router or a layer 3 switch)
Hope this can help,
Please rate if that help,
Omar,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide