08-03-2018 06:09 AM - edited 03-08-2019 03:49 PM
Switch 3560
So I have 2 vlans, 50 and 100. Surprisingly, I was able to ping the PC on vlan50 from the PC on vlan100 and vice versa. I thought PCs in different vlans were unable to communicate. Please explain.
Thanks you
08-03-2018 06:14 AM - edited 08-03-2018 06:14 AM
It is certainly possible to ping PCs in different VLANs if the PCs are configured with a default gateway pointing at the 3560 and the 3560 is configured to route between VLANs.
Regards,
08-03-2018 06:19 AM
I get that but I didn't setup any routes
my config below
01:05:50: %SYS-5-CONFIG_I: Configured from console by console ru
Building configuration...
Current configuration : 4200 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SL-Core-SW
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
ip dhcp excluded-address 192.168.50.1 192.168.50.100
ip dhcp excluded-address 192.168.100.1 192.168.100.100
!
ip dhcp pool vlan50
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
!
ip dhcp pool vlan100
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/25
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/26
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/27
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/28
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/29
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/30
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/31
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/32
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/33
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/34
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/35
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/36
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/37
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/38
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/39
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/40
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/41
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/42
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/43
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/44
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/45
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/46
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/47
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
ip address 192.168.1.33 255.255.255.0
shutdown
!
interface Vlan50
ip address 192.168.50.1 255.255.255.0
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
ip default-gateway 192.168.1.1
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
transport input telnet
line vty 5 15
password cisco
login
transport input telnet
!
end
08-03-2018 06:26 AM - edited 08-03-2018 06:42 AM
You don't need to configure any routes, as the two vlans are directly connected to the same 3560 and this device has all the information it needs to route IP packets from one vlan to the other. Given that "ip routing" is configured, the behavior you are seeing is normal.
I also see that your dhcp configuration provides a default gateway to the PC.
Regards,
08-03-2018 06:41 AM - edited 08-03-2018 06:41 AM
You don't need routes, as the respective destinations are directly connected.
You have assigned gateways and IP routing is enabled, hence inter-VLAN routing is possible.
By default this means all VLAN's are routable, you need to configure ACL's to prevent this.
EDIT: or disable routing, assuming it's not required.
Martin
08-03-2018 06:37 AM
There are a few reasons why this is possible.
A VLAN is a broadcast domain, essentially it creates multiple logical switches within a physical one.
I would first like to confirm that both interfaces nodes are assigned to the respective VLAN's you state?
What network configuration have you assigned to the clients?
For VLAN's to communicate with each other, the traffic needs to traverse a L3 device, this can be a router or a MLS (multi layer switch).
Additionally, there are techniques that can accomplish this when networks are not secured properly. One being 'VLAN hopping' although for this a trunk connection is required between switches, as you only have one, it eliminates it.
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide