Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
926
Views
0
Helpful
9
Replies

VLAN Question

rwamstutz
Level 1
Level 1

‎08-29-2007 12:00 PM - edited ‎03-05-2019 06:10 PM

All, if I have a VLAN 300 with a management interface of 10.3.240.240 and a VLAN 400 with a management interface of 10.247.1.1, and each port is in the same subnet as the specified VLAN, what prevents traffics from entering the other VLAN?

Labels:
0 Helpful
9 Replies 9

bjw
Level 4
Level 4

‎08-29-2007 12:06 PM

L3 Routing allows VLANS (broadcast domains)to find each other. If the Switch is connected to a router and both subnets are advertised and not inhibited from interacting (Routing protocol config or ACL inhibitors), or the switch itself is a L2/L3 device with routing enabled, then they theoreticaly can interact.

0 Helpful

rwamstutz
Level 1
Level 1
In response to bjw

‎08-29-2007 12:09 PM

Then how do I prevent two VLANs from broadcasting traffic into each VLAN, that is on the same swith?

0 Helpful

bjw
Level 4
Level 4
In response to rwamstutz

‎08-29-2007 12:14 PM

Being that a VLAN is defined as it's own broadcast domain means that all ports on VLAN 1 will hear all broadcasts within that VLAN. If VLAN 2 is added to a switch, then the same holds true for that VLAN. They are separate broadcast domains.

0 Helpful

bjw
Level 4
Level 4

‎08-29-2007 12:19 PM

Now if your question really is to ensure that NO HOST on VLAN 300 could ever exchange packets with ANY HOST on VLAN 400, that would be an ACL on each VLAN that specificaly excludes the entire VLAN Network Segment. Broadcast traffic is different than Uni-cast/Multi-cast traffic.

Then there's Private Vlans:

http://www.cisco.com/en/US/customer/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007e717.html

Which is a whole different level of separation/protection, ect

0 Helpful

rwamstutz
Level 1
Level 1
In response to bjw

‎08-29-2007 12:22 PM

ok, so if my objection is to have machine traffic on Vlan 247 and Data Traffic on VLAN 300, IPX traffic from printers on VLAN 300, will not go over to vlan 247?

0 Helpful

bjw
Level 4
Level 4
In response to rwamstutz

‎08-29-2007 12:27 PM

Yes, as long as you configure the next-hop router/routing protocol to not allow it. It won't do it on a layer 2 switch with routing disabled.

Look at this Doc

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

0 Helpful

Francois Tallet
Level 7
Level 7
In response to rwamstutz

‎08-29-2007 12:41 PM

IPX traffic cannot get out of its vlan because you are not routing IPX. Only IP traffic could be routed between the vlans. If you want to avoid that, you have lots of solutions like disabling routing, implementing access lists, removing the IP addresses etc...

Vlan are still providing you with isolation at layer 2, even with your current configuration.

Regards,

Francois

0 Helpful

Francois Tallet
Level 7
Level 7
In response to bjw

‎08-29-2007 12:37 PM

Note that private vlan will not prevent communication at layer 3.

F.

0 Helpful

bjw
Level 4
Level 4
In response to Francois Tallet

‎08-29-2007 12:49 PM

Agreed,

Routing, routing, routing, acls, filters, pbr.. it all depends on what the real operational goals are designed in.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card