11-02-2012 02:05 AM - edited 03-07-2019 09:49 AM
Hi all, I've a simple doubt that needs clarification
Switch A
Fa0/23 (VLAN 60, access mode). connect to the internet GW 192.168.1.1 mask 255.255.255.0 (for eg).
Fa0/22 (VLAN505, access mode).
PC B
- connected to VLAN 505
- IP address 192.168.1.100 configured (Same subnet mask 255.255.255.0)
- GW 192.168.1.1
My question is can PC B (Connect to port with VLAN 505) access the internet via VLAN60 to GW 192.168.1.1 and why? Thanks!
11-02-2012 02:24 AM
As per my understanding with given config
vlan 505 is for communication segment i.e.., for switches and routers communication.
Vlan 60 is connected to internet gateway. there shoild be intervlan routing in coreswitch with the help of which internet is provided. Hope answer to question.
interface FastEthernet0/22
Description connect to another switch
switchport access vlan 505
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/23
Description connect internet GW
switchport access vlan 60
switchport mode access interface FastEthernet0/22
Description connect to another switch
switchport access vlan 505
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/23
Description connect internet GW
switchport access vlan 60
switchport mode access
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
11-02-2012 02:45 AM
My question is can PC B (Connect to port with VLAN 505) access the internet via VLAN60 to GW 192.168.1.1 and why? Thanks!
Answer is no. You have two separate vlans, 505 and 60 with no layer 3 devices between them(Router or SVI on the switch).
Even if you did have a layer 3 device between them, you have will have the same /24 subnet on two interfaces which the Router or Switch(SVI) would not allow you to configure.
Lee
11-02-2012 03:36 AM
Hi
- what device is connected to switch port fa0/23?
- why do have same subnet for two different vlans? if they are separated it shouldnt be a problem, but if you want use GW from that vlan i dont think it will be working properly
- you need to do some intervlan routing to communicate between vlans
your question: can PC on one LAN/subnet use GW from other LAN/subnet?
answear is YES.
I would do it this way:
(I am assuming that device with IP 192.168.1.1 is router and you can manage it, correct me if I am wrong)
Switch A
Fa0/23 (TRUNK-allowed vlans 60 and 505)
Fa0/22 (VLAN505, access mode). subnet for VLAN 505 192.168.2.0/24 (different than VLAN60)
PC B -> same
- connected to VLAN 505
- IP address 192.168.2.100 configured (Same subnet mask 255.255.255.0)
- GW 192.168.1.1
Router
Fa0/0 - trunk to Switch A
Fa0/0.60
ip add 192.168.1.1 255.255.255.0
Fa0/0.505
ip add 192.168.2.1 255.255.255.0
ip proxy-arp
This way PC will be at VLAN 505 subnet 192.168.2.0/24 with GW on different subnet 192.168.1.1. When PC would like to communicate outside its subnet, it will send it to GW:
1. arp request for 192.168.1.1
2. router with proxy-arp enabled will hear this request and send MAC address of Fa0/0.505 interface
3. PC will send all traffic to Router which decide where to route it.
I think proxy-arp is enabled by default but I am not sure. Some more details
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml
Also cisco recommends to DISABLE proxy arp because it can hide some misconfiguration in network, like this one which you trying to achieve
11-03-2012 04:38 AM
Thx all for the reply, my understanding is same as u guys, it should not be able to access to the internet becoz the vlan is diff. But right now traffic from vlan 505 can actually go out via vlan60, fa0/23. Furthermore 0/23 is not a trunk port. It is actually working..
Actually it is a proxy server connecting to vlan505, fa0/22, and pointing exactly to GW 192.168.1.1 in vlan60. The internet access works, im wondering why. The switch config is exactly as attached.
11-03-2012 04:51 AM
Hi Sam,
Are you able to reach proxy IP from Vlan 60 If yes,
next question is the port on proxy is enabled for every subnet if yes.
then it is the responsibility of proxy to avail the internet for every user as per the authentication and access provided to him in it.
Are you able to reach proxy IP from Vlan 60.
If yes, next question is the port on proxy is enabled for every subnet.
then it is the responsibility of proxy to avail the internet services for every user as per the authentication and access provided to him in it.
Please rate helpful posts
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
11-03-2012 04:49 AM
- what device is connected to switch port fa0/23?
Im not sure because its connected to the internet access in data centre, it could be another switch on the isp side or a router
- why do have same subnet for two different vlans?
The subnet (255.255.255.248) is actually a public ip range provided by isp. So basically fa0/23 is connected to isp side on vlan60. I feel strange that why the proxy connected to fa0/22 is on vlan505, but point to public range GW and it actually works. I dont understand..
11-03-2012 05:02 AM
Dear Sam,
is it same subnet or same network? I am sorry to ask because you may have same subnet for different networks
11-04-2012 07:09 PM
Hi Muhammad, it is the same subnet.
For eg. Subnet 192.168.1.0 / 255.255.248
So right now is:
internet GW = 192.168.1.1 / 255.255.255.248
VLAN60 (Fa0/23) connected to GW 192.168.1.1 / 255.255.255.248
VLAN505 (Fa0/22), connected to Proxy 192.168.1.4 / 255.255.255.248
Proxy is on the same subnet as internet GW although connected to port with diff VLAN.
Back to the question again, why Proxy (configured as same subnet range) on diff VLAN can access to internet?
11-04-2012 09:25 PM
Please provide output for
sh vlan
sh int trunk
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide