cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
872
Views
0
Helpful
9
Replies

Some doubts on VLAN

kimsionggoh
Level 1
Level 1

Hi all, I've a simple doubt that needs clarification

Switch A

Fa0/23 (VLAN 60, access mode). connect to the internet GW 192.168.1.1 mask 255.255.255.0 (for eg).

Fa0/22 (VLAN505, access mode).

PC B
- connected to VLAN 505

- IP address 192.168.1.100 configured (Same subnet mask 255.255.255.0)
- GW 192.168.1.1

My question is can PC B (Connect to port with VLAN 505) access the internet via VLAN60 to GW 192.168.1.1 and why? Thanks!

9 Replies 9

As per my understanding with given config

vlan 505 is for communication segment i.e.., for switches and routers communication.

Vlan 60 is connected to internet gateway. there shoild be intervlan routing in coreswitch with the help of which internet is provided. Hope answer to question.

interface FastEthernet0/22

Description connect to another switch

switchport access vlan 505

switchport mode access

speed 100

duplex full

!

interface FastEthernet0/23

Description connect internet GW

switchport access vlan 60

switchport mode access interface FastEthernet0/22
Description connect to another switch
switchport access vlan 505
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/23
Description connect internet GW
switchport access vlan 60
switchport mode access

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Lee Smitherman
Level 1
Level 1

My question is can PC B (Connect to port with VLAN 505) access the internet via VLAN60 to GW 192.168.1.1 and why? Thanks!

Answer is no.  You have two separate vlans, 505 and 60 with no layer 3 devices between them(Router or SVI on the switch).

Even if you did have a layer 3 device between them,  you have will have the same /24 subnet on two interfaces which the Router or Switch(SVI) would not allow you to configure.

Lee

blau grana
Level 7
Level 7

Hi

- what device is connected to switch port fa0/23?

- why do have same subnet for two different vlans? if they are separated it shouldnt be a problem, but if you want use GW from that vlan i dont think it will be working properly

- you need to do some intervlan routing to communicate between vlans

your question: can PC on one LAN/subnet use GW from other LAN/subnet?

answear is YES.

I would do it this way:

(I am assuming that device with IP 192.168.1.1 is router and you can manage it, correct me if I am wrong)

Switch A

Fa0/23 (TRUNK-allowed vlans 60 and 505)

Fa0/22 (VLAN505, access mode). subnet for VLAN 505 192.168.2.0/24 (different than VLAN60)

PC B -> same
- connected to VLAN 505

- IP address 192.168.2.100 configured (Same subnet mask 255.255.255.0)
- GW 192.168.1.1

Router

Fa0/0 - trunk to Switch A

Fa0/0.60

ip add 192.168.1.1 255.255.255.0

Fa0/0.505

ip add 192.168.2.1 255.255.255.0

ip proxy-arp

This way PC will be at VLAN 505 subnet 192.168.2.0/24 with GW on different subnet 192.168.1.1. When PC would like to communicate outside its subnet, it will send it to GW:

1. arp request for 192.168.1.1

2. router with proxy-arp enabled will hear this request and send MAC address of Fa0/0.505 interface

3. PC will send all traffic to Router which decide where to route it.

I think proxy-arp is enabled by default but I am not sure. Some more details

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml

Also cisco recommends to DISABLE proxy arp because it can hide some misconfiguration in network, like this one which you trying to achieve

Best Regards Please rate all helpful posts and close solved questions

Thx all for the reply, my understanding is same as u guys, it should not be able to access to the internet becoz the vlan is diff. But right now traffic from vlan 505 can actually go out via vlan60, fa0/23. Furthermore 0/23 is not a trunk port. It is actually working..

Actually it is a proxy server connecting to vlan505, fa0/22, and pointing exactly to GW 192.168.1.1 in vlan60. The internet access works, im wondering why. The switch config is exactly as attached.

Hi Sam,

Are you able to reach proxy IP from Vlan 60 If yes,

next question is the port on proxy is enabled for every subnet if yes.

then it is the responsibility of proxy to avail the internet for every user as per the authentication and access provided to him in it.

Are you able to reach proxy IP from Vlan 60.

If yes, next question is the port on proxy is enabled for every subnet.

then it is the responsibility of proxy to avail the internet services for every user as per the authentication and access provided to him in it.

Please rate helpful posts

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

- what device is connected to switch port fa0/23?

Im not sure because its connected to the internet access in data centre, it could be another switch on the isp side or a router

- why do have same subnet for two different vlans?

The subnet (255.255.255.248) is actually a public ip range provided by isp. So basically fa0/23 is connected to isp side on vlan60. I feel strange that why the proxy connected to fa0/22 is on vlan505, but point to public range GW and it actually works. I dont understand..

Dear Sam,

is it same subnet or same network? I am sorry to ask because you may have same subnet for different networks

Hi Muhammad, it is the same subnet.

For eg. Subnet 192.168.1.0 / 255.255.248

So right now is:
internet GW  = 192.168.1.1 / 255.255.255.248

VLAN60 (Fa0/23) connected to GW 192.168.1.1 / 255.255.255.248

VLAN505 (Fa0/22), connected to Proxy 192.168.1.4 / 255.255.255.248

Proxy is on the same subnet as internet GW although connected to port with diff VLAN.

Back to the question again, why Proxy (configured as same subnet range) on diff VLAN can access to internet?

Please provide output for

sh vlan

sh int trunk

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco