Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
862
Views
0
Helpful
5
Replies

Surprisingly, I was able to ping the PC in a different vlan

andyferguson1977
Level 1
Level 1

‎08-03-2018 06:09 AM - edited ‎03-08-2019 03:49 PM

Switch 3560

 

So I have 2 vlans, 50 and 100.  Surprisingly, I was able to ping the PC on vlan50 from the PC on vlan100 and vice versa.  I thought PCs in different vlans were unable to communicate.  Please explain.   

 

Thanks you

Labels:
0 Helpful
5 Replies 5

Harold Ritter
Cisco Employee
Cisco Employee

‎08-03-2018 06:14 AM - edited ‎08-03-2018 06:14 AM

It is certainly possible to ping PCs in different VLANs if the PCs are configured with a default gateway pointing at the 3560 and the 3560 is configured to route between VLANs.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

andyferguson1977
Level 1
Level 1
In response to Harold Ritter

‎08-03-2018 06:19 AM

I get that but I didn't setup any routes

 

my config below

01:05:50: %SYS-5-CONFIG_I: Configured from console by console ru
Building configuration...

Current configuration : 4200 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SL-Core-SW
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
ip dhcp excluded-address 192.168.50.1 192.168.50.100
ip dhcp excluded-address 192.168.100.1 192.168.100.100
!
ip dhcp pool vlan50
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
!
ip dhcp pool vlan100
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/25
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/26
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/27
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/28
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/29
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/30
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/31
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/32
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/33
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/34
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/35
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/36
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/37
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/38
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/39
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/40
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/41
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/42
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/43
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/44
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/45
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/46
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/47
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
ip address 192.168.1.33 255.255.255.0
shutdown
!
interface Vlan50
ip address 192.168.50.1 255.255.255.0
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
ip default-gateway 192.168.1.1
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
transport input telnet
line vty 5 15
password cisco
login
transport input telnet
!
end

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to andyferguson1977

‎08-03-2018 06:26 AM - edited ‎08-03-2018 06:42 AM

You don't need to configure any routes, as the two vlans are directly connected to the same 3560 and this device has all the information it needs to route IP packets from one vlan to the other. Given that "ip routing" is configured, the behavior you are seeing is normal.

 

I also see that your dhcp configuration provides a default gateway to the PC.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Martin Carr
Level 4
Level 4
In response to andyferguson1977

‎08-03-2018 06:41 AM - edited ‎08-03-2018 06:41 AM

You don't need routes, as the respective destinations are directly connected.

You have assigned gateways and IP routing is enabled, hence inter-VLAN routing is possible.

By default this means all VLAN's are routable, you need to configure ACL's to prevent this.

EDIT: or disable routing, assuming it's not required.

Martin

0 Helpful

Martin Carr
Level 4
Level 4

‎08-03-2018 06:37 AM

There are a few reasons why this is possible.

A VLAN is a broadcast domain, essentially it creates multiple logical switches within a physical one.

I would first like to confirm that both interfaces nodes are assigned to the respective VLAN's you state?

What network configuration have you assigned to the clients?

For VLAN's to communicate with each other, the traffic needs to traverse a L3 device, this can be a router or a MLS (multi layer switch).

Additionally, there are techniques that can accomplish this when networks are not secured properly. One being 'VLAN hopping' although for this a trunk connection is required between switches, as you only have one, it eliminates it.

 

Martin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card