cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
2362
Views
9
Helpful
38
Replies

Vlan trunk protocol vs IP protocol

rabbdavid
Level 1
Level 1

I got a doubt about trunking protocol on switches which puts in communication different vlan, and a L3 device with its  gateway IP protocol <span;>which puts in communication different networks.

1st. Question
First of all even if maybe is a silly question I need you to confirm to me if 2 smaller subnets (/25 i.g.) derived from a bigger network (/24 I.g.), can be considered as 2 different networks.

2nd Question
if i have 1 router only and many switches connected to it one after the other,  is it possible to get more than 2 subnets?

3rd Question

I know trunk link works at L2 whilst IP protocol is working at L3, but vlan and subnet are associated, so if I send a packet from a source ip address of a subnet to a destination ip address of a different subnet, and i have not configured trunk link, can the packet arrive the same?

If arrives, what's the pro to have a trunk link?

4th Question
If it's the opposite scenario, I mean I have configured trunk link but I have not any subnets (I want to work at L2 only), so I have more vlan which house many end devices, can the frame arrive from an end device to another both in case they belong to the same vla, and in case they belong to different vlan?

1 Accepted Solution

Accepted Solutions

Okay, let me comment on VLANs vs. IP.

Firstly, although VLAN, as you likely know, stands for a Virtual LAN (Local Area Network), they really are not Virtual LANs, at least in the older meaning of LANs, which were networks interconnected by (local) "high speed" links (compared to WANs [Wide Area Networks]).  The older LANs might be a single L2 domain (as VLANs are today), or it might have been a mixture of L2 and L3 (common in "larger" LANs).

Within the older LANs, you might have, as above, just a single L2 domain, and if so, you didn't need L3 for routing, within the LAN.  Or you might have multiple L2 segments, within the older LANs.  If you did, just like between L2 segments within a WAN, you can not intercommunicate without L3.  It's this later case that VLANs emulate, i.e. totally isolated L2 segments, which cannot intercommunicate without L3, within a LAN or WAN.

Why have multiple L2 segments, within a LAN or WAN?  Well, the problem with L2 segments, originally there was a common "wire" that all hosts used to intercommunicate.  Think of it much like having a room full of people.  Anyone can speak to anyone, but all can hear all conservations.  The problem is, it doesn't scale, just like a room of people.  Any difference between having 5, 50, 500 or 5,000 people trying to talk between themselves within the same room?

Also on WANs, as their links, compared to LANs, were slow and expensive, do you want all conversations to use the WAN links?

L3 allows us to partition L2 segments, so only traffic that must travel between "rooms" does.

The forgoing make much more sense if, for example, you were using L2 segments using 10Base2, 10Base5 or 10BaseT.  L3 routers, were the way to efficiently handle L2 segment intercommunication.

Remember, a key point, hosts within the same L2 segment don't need to use the L3 transit (which, also, BTW, [then] was comparatively slow too).

So, consider a LAN network supporting an accounting workgroup and a marketing workgroup, might be:

(L2 accounting segment) <L3 device> (L2 marketing segment).

Before VLAN switches, you might have an (accounting switch) <router> (marketing switch); notice two physical router connections needed.

But with a VLAN switch, you might have a (VLAN switch [accounting VLAN 5, marketing VLAN 6]) <router>, but how do we connect that VLAN switch to the router?

Or say, you need more ports than one switch provides, so perhaps you have:

(VLAN switch [accounting VLAN 5, marketing VLAN 6]) <?> (VLAN switch [accounting VLAN 5, marketing VLAN 6]) <router>

Besides the VLAN switch connection to the router, how do we also interconnect the two switches?

Well, in both case, since we have two VLANs, we might have two physical connections between the switches and the switch and router, one link, for one each of those two links, assign one to VLAN 5 and the other to VLAN 6, just the same as if we were to configure ports for hosts in those VLANs.

That's not an awful approach for two VLANs, but if we had 10 or 50 VLANs?

The alternative is to use a single trunk link between the switches and the switch and router.  On this link, frames are tagged with what VLAN they belong to, so logically, it's just like having separate physical links, one per VLAN.

Notice with these VLAN interconnections, I didn't mention L3, because we're only extending a L2 segment, or VLAN, either using a link per VLAN or a trunk link.

However, if you want traffic to transit between the L2 segments, you need L3, which in the case of the non-VLAN switches, shows VLANs and/or trunks aren't needed.

As you note you have Packet Tracer, try setting up networks, as above.  If you get stuck on that, attach your PT file, and I, or others, should be able to help you out.

If the above isn't clear, let me know.  BTW, again, this is "basic", but often it doesn't seem that way when first learning it.  So, don't be embarrassed to admit still being confused.  Most of us all once were, at least I was; often still am too.  ; )

View solution in original post

38 Replies 38

liviu.gheorghe
Spotlight
Spotlight

Hello @rabbdavid ,

1. Yes, two /25 subnets are considered different networks at Layer 3

2. Yes, it's possible. You can configure many vlans on the switches, each vlan having assigned it's own subnet. You can configure the router - switch link as a trunk and in this way the router becomes aware of the different vlans in your network and can route packets between the vlans. This scenario is called "router on a stick".

3. No. Like mentioned at the previous answer, inter-vlan communication needs a Later 3 device, a router.

4. If the end hosts are in the same vlan, they can communicate directly. In case the hosts belong to different vlans, they need a router to communicate.

Hope this helps.

Regards, LG
*** Please Rate All Helpful Responses ***

Thanks for your fast answer. So, if I am interpreting correctly, just subletting a lan network in more than 2 subnets (more than the common interface number of a standard router) is not enough to pass packets among these subnets, unless maybe I create a sub interface... (hope I am not saying a stupid thing).

I mean, subletting means just dividing a lan but if I don't create VLANS (virtual lan), subletting is just end to itself, is not helpful.

What confuses me is trunk link.

In case I have only a router with one switch and I divide my network in 3 subnets and create 3 corresponding vlans, trunk link is mandatory, right?

Also in case I have only 2 subnets, one router and if you want a switch, is enough and I should not need a trunk link right?

Also, if I separate conceptually frame and packets, a trunk link is needed to pass frames among different switches but only if they are in same vlans, right?

 

Joseph W. Doherty
Hall of Fame
Hall of Fame

#1 Yes.

#2 It depends on logical and/or physical configuration.  I.e. it's possible, but would need particulars to say specifically yea or ney.

#3 ". . . but vlan and subnet are associated . . .". not as I suspect you might believe.  Trunk port isn't relevant. L2 domain(s) relationship to L3 networks is relevant to answer your question.

#4 To transit between L2 domains you need L3.

Possibly you're a bit confused about trunk links.  Their purpose is to multiplex multiple L2 domains across the same (logical) link.  Otherwise you would need one transit link per L2 domain (which works and might be done for various reasons).

Thanks for your fast answer as well

Can you please provide me with more details on this point "Trunk port isn't relevant. L2 domain(s) relationship to L3 networks is relevant to answer your question."?

Also on this side "Otherwise you would need one transit link per L2 domain (which works and might be done for various reasons)." When could this solution be convenient? 

 

 

Your 2nd question first, using trunks is generally more convenient.  Again, various reasons not to use a trunk, most, if not all, I disagree with.  For example to guaranteed bandwidth to VLAN(s) between switches.  IMO, better dealt with using QoS, but then many network engineers don't well understand QoS.

Or, in one case, I setup a trunk for multiple OSPF areas.  Another engineer replaced trunk with links dedicated per each OSPF area, because otherwise that engineer thought it was too confusing.

To your 1st question, again, a trunk is a way to multiplex multiple VLANs on a single logical link.  It doesn't have anything to do with L3, although router interfaces with subinterfaces might seem it does.

Again, I suspect you don't (yet) fully understand VLANs, trunks and/or L3.  I'm unsure how to proceed to help you understand.  It's very basic stuff but doesn't seem so when first learning it.

If you can provide some detail about you networking knowledge, I might be able to help you understand some key points so that the relationships will be clear.

BTW, do you have a copy of Cisco's Packet Tracer?  If not, highly recommend it for basic networking experimentation labs.  Price is right, too.

Probably what I mistake with is that I treat frames and packets separately. 

Maybe if you check one of my other answers above (the one I gave to Liviu) you can understand my doubt.

If to put in communication different networks I always need a L3 device and, just subletting is enough, why creating trunk and vlans?

My knowledge is not very deep, I just done with CCNA course. I am reading again my notes, re-watch the video lessons and read when I can the pdf file provided with the course but I feel very unstable and confusing.

I have packet tracer however. 

 

In your first answer to me

You told me about relationship between L2 and L3 domains. And I asked if you can provide me with more details. I know maybe is hard but if you can try I'd appreciate. 

Also, you told me trunk lets pass different vlans frames on same physical link between two switches. And if you don't use trunk link you can place single links to get the end devices of SW1 communicated with the end devices of SW2; and sometimes this could work for various reasons. And so I asked you, when could this option (more single links) be an advantage in the place of using trunk link? 

As for qos and ospf areas, they are just two subjects we touched in the course. Maybe you know this already. Qos is a side subject that normally is not treated at all in ccna course or is treated marginally.

Ospf is an important part of the program but normally the exercise you do during the course and the laboratory doesn't train the students to use deeply ospf areas. We know asbr and abr router but just as name definition. So students in my course and me in particular isn't prepared at all on those subjects. So I can't reply to your mentions in your last answer.

 

 

 

Okay, let me comment on VLANs vs. IP.

Firstly, although VLAN, as you likely know, stands for a Virtual LAN (Local Area Network), they really are not Virtual LANs, at least in the older meaning of LANs, which were networks interconnected by (local) "high speed" links (compared to WANs [Wide Area Networks]).  The older LANs might be a single L2 domain (as VLANs are today), or it might have been a mixture of L2 and L3 (common in "larger" LANs).

Within the older LANs, you might have, as above, just a single L2 domain, and if so, you didn't need L3 for routing, within the LAN.  Or you might have multiple L2 segments, within the older LANs.  If you did, just like between L2 segments within a WAN, you can not intercommunicate without L3.  It's this later case that VLANs emulate, i.e. totally isolated L2 segments, which cannot intercommunicate without L3, within a LAN or WAN.

Why have multiple L2 segments, within a LAN or WAN?  Well, the problem with L2 segments, originally there was a common "wire" that all hosts used to intercommunicate.  Think of it much like having a room full of people.  Anyone can speak to anyone, but all can hear all conservations.  The problem is, it doesn't scale, just like a room of people.  Any difference between having 5, 50, 500 or 5,000 people trying to talk between themselves within the same room?

Also on WANs, as their links, compared to LANs, were slow and expensive, do you want all conversations to use the WAN links?

L3 allows us to partition L2 segments, so only traffic that must travel between "rooms" does.

The forgoing make much more sense if, for example, you were using L2 segments using 10Base2, 10Base5 or 10BaseT.  L3 routers, were the way to efficiently handle L2 segment intercommunication.

Remember, a key point, hosts within the same L2 segment don't need to use the L3 transit (which, also, BTW, [then] was comparatively slow too).

So, consider a LAN network supporting an accounting workgroup and a marketing workgroup, might be:

(L2 accounting segment) <L3 device> (L2 marketing segment).

Before VLAN switches, you might have an (accounting switch) <router> (marketing switch); notice two physical router connections needed.

But with a VLAN switch, you might have a (VLAN switch [accounting VLAN 5, marketing VLAN 6]) <router>, but how do we connect that VLAN switch to the router?

Or say, you need more ports than one switch provides, so perhaps you have:

(VLAN switch [accounting VLAN 5, marketing VLAN 6]) <?> (VLAN switch [accounting VLAN 5, marketing VLAN 6]) <router>

Besides the VLAN switch connection to the router, how do we also interconnect the two switches?

Well, in both case, since we have two VLANs, we might have two physical connections between the switches and the switch and router, one link, for one each of those two links, assign one to VLAN 5 and the other to VLAN 6, just the same as if we were to configure ports for hosts in those VLANs.

That's not an awful approach for two VLANs, but if we had 10 or 50 VLANs?

The alternative is to use a single trunk link between the switches and the switch and router.  On this link, frames are tagged with what VLAN they belong to, so logically, it's just like having separate physical links, one per VLAN.

Notice with these VLAN interconnections, I didn't mention L3, because we're only extending a L2 segment, or VLAN, either using a link per VLAN or a trunk link.

However, if you want traffic to transit between the L2 segments, you need L3, which in the case of the non-VLAN switches, shows VLANs and/or trunks aren't needed.

As you note you have Packet Tracer, try setting up networks, as above.  If you get stuck on that, attach your PT file, and I, or others, should be able to help you out.

If the above isn't clear, let me know.  BTW, again, this is "basic", but often it doesn't seem that way when first learning it.  So, don't be embarrassed to admit still being confused.  Most of us all once were, at least I was; often still am too.  ; )

Ho Joseph, I think you explained all clearly. For the way I am I say myself if I get lost on simple subjects I can't do more complex part of the networking stuff. So I am easily to get down/disappointed. Discouraging by myself leads me not to keep on studying and trying to enter in this job field. I am 36, almost 37 and I'd like to quit my current job, try something new which is more stimulating and could take me to higher career and greater working satisfaction.  I say myself I have to insist, no matter if I take longer than others or if I have to read again for 10 times the same thing before I master it, but comparing to other which are younger and quicker than me makes me feel unsuited for all this stuff.

Anyway, sorry for this steam-off, I did not mean to bother you.

I'll try to simulate in PT and send you the file for you to check. Thanks a lot for the availability and support from all of you.

 

Hi Joseph, sorry to bother you again. I thought everything was clear in my mind after read your last message, I was convinced but I have still some doubts. I attach here my packet tracer - I would have liked to creat many of them with some variants, but I got stuck to the first, so before inventing more excercises I need to figure out my mistakes here and how to amend them.

So I am asking for your help again.

I can't load packet tracer files here, so I send you wetransfer link to download it: https://we.tl/t-IdvXw5SR3Q

Not a bother.

BTW, a PT file, to be an attachment, needs to be zipped in these forums.

I've loaded the PT file.  What issues/questions do you have?

I do notice, you have issues with your inter device links.

What do you want to try to do?  Many options with your setup for the inter device configs.

Some pointers.

Since you have VLANs 5 and 6 defined on both switches, assuming they should be the "same" VLANs 5 and 6 (which appears to be the intent based on the PC IPs) across the two switches, you need to interconnect the VLANs.  You have two links, which is fine, but both links are running VLAN 1, the default VLAN.  You could set on of those interconnections as an access VLAN 5, on both switches, and the other as an access VLAN 6.  That knits together the the two VLANs and should allow VLAN 5 or VLAN 6 PCs to ping other same VLAN PCs regardless of which switch hosts are connected to.

Doing the forgoing, though, does support pinging between the VLANs.

On the router, you have one interface defined with subinterfaces, for both VLANs 5 and 6 networks.  But, that interface connects to the switch whose switch port is also defaulting as a VLAN 1 access port.  On the switch, you need to change g0/1 to a trunk port.

Once you do that, you should be able to ping any host between the two VLAN networks.

That leaves us g0/1 on the router and g0/2 switch 1 with useless configs.  There are several directions we could go in, using that link.

Also with the two links between switches, you might drop down to using but one, but as a trunk link.  Or place both links into an Etherchannel, and make it a trunk link.  By default, a trunk link between switches, will carry all the VLANs.

With the two router interfaces, we might have one be the gateway for the 10.x.x.x/27 network and the other the gateway for the 11.x.x.x/27 network.  If you do that, the switch ports would be defined as access ports for the VLAN hosting the relevant network.

Or, you could make both switch<>router links, trunk ports, on the switches, but the router can only host one interface per subnet.  I.e. you wouldn't have dynamic fail over, but if either trunk link failed, you could manually add the needed subinterface(s).

So, work you way through what I've mentioned above.  Let me know how it goes. 

 

Since you have VLANs 5 and 6 defined on both switches, assuming they should be the "same" VLANs 5 and 6 (which appears to be the intent based on the PC IPs) across the two switches, you need to interconnect the VLANs.  You have two links, which is fine, but both links are running VLAN 1, the default VLAN.  You could set on of those interconnections as an access VLAN 5, on both switches, and the other as an access VLAN 6.  That knits together the the two VLANs and should allow VLAN 5 or VLAN 6 PCs to ping other same VLAN PCs regardless of which switch hosts are connected to.

This precision: ā€œā€¦You say VLAN on both switches are the ā€œsameā€ with same IP subnetā€¦ā€ is confusing me.

Isnā€™t that a must?

I mean, VLAN5 bound with ā€œsubnet 5.5.5.5ā€ created on a switch, can not be bound with a different subnet when created on a different switch

 

Anyway, I tried to do what you mentioned here in the way I am about to explain you now, and I think I had written this also in my notes on PT exercise, I hope you noticed my questions under the topology.

What I tried to do is this:

Port f0/6 on both switches was joined/associated with VLAN6

Port f0/7ā€¦. On VLAN5

But I donā€™t know if it is a problem of PT but did not work.

Sometimes PT get stuck and just reloading fixes the bugs.

Anyhow, Iā€™ll try again and let you know

What I wanted to verify, was what you told me in your pre-last message, meaning that L2 segments can interconnect and communicate between them without need of L3 device, if I place as many link as VLANs I have configured.

When I say ā€œcommunicate between themā€ I mean devices in one VLAN on Swith #1 can forward frames to devices on the same VLAN on Switch #2.

Communication among different VLANs is not possible if not for L3 device.

This is to demonstrate that in case of few VLANs I could even avoid trunk links, but using as many links as VLANs.

 

On the router, you have one interface defined with subinterfaces, for both VLANs 5 and 6 networks.  But, that interface connects to the switch whose switch port is also defaulting as a VLAN 1 access port.  On the switch, you need to change g0/1 to a trunk port.

Once you do that, you should be able to ping any host between the two VLAN networks.

I know this theoretically, but I would have liked to find a solution ā€“ maybe even with more routers involved ā€“ to get different VLANs communicated one each other without using trunk links, otherwise Iā€™d configure trunk link between the two switches and one trunk link only from router to the switch #1.

Basically is that possible to put in communication devices of 2 VLANs scattered on 2 switches, using one router only and without configuring a trunk link?

Or say, how can I configure what is called CLASSIC INTERVLAN?

I thought about this all day yesterday and for me the answer is yes you can use only one router but ONLY if VLANs are NOT SPREAD on the two switches. SW1 must have devices of VLAN5 only, and SW2 must have devices of VLAN 6  only.

I would like to put in practice what you described as typical situation in past when you could base on NON-VLAN switches only.

If I have devices on VLAN5 and VLAN6 on both switches, and I have one router only, the only solution is to put one only  trunk link between router and one of the two switches, and one trunk link between the two switches

 

With the two router interfaces, we might have one be the gateway for the 10.x.x.x/27 network and the other the gateway for the 11.x.x.x/27 network.  If you do that, the switch ports would be defined as access ports for the VLAN hosting the relevant network.

I agree with you but I got stuck thinking that, if both links between router and the two switches are connected to access ports on switches, on each link the frames of one specific VLAN only can pass through, am I wrong?

If I am right, how can I make pass the frames of the two VLANs on both router-switch links, without using trunk links between router and switch?

 

Or, you could make both switch<>router links, trunk ports, on the switches, but the router can only host one interface per subnet.  I.e. you wouldn't have dynamic fail over, but if either trunk link failed, you could manually add the needed subinterface(s).

If I configure the router-switch links as trunk link (which I do not want to do because Iā€™d like to put in practice what we talked about in your pre-last message), in the end I canā€™t make VLAN5 communicate with VLAN6 because I should split in  each of the router interface in two subinterfaces with same subnets on both interfaces and with IPV4 this is not possible, or am I saying wrong?

 

PS: thanks for suggestion on how to send PT files. I read the notice when I was attaching it yesterday, but I have WINRAR only on my PC and I did not manage. I try to download WINZIP for easing the file transfer next time. Thanks.

"I mean, VLAN5 bound with ā€œsubnet 5.5.5.5ā€ created on a switch, can not be bound with a different subnet when created on a different switch"

Yes it can.  VLANs are defined per switch.  You can even have VLAN 5 on one switch interconnect to VLAN 6 on another switch, and they would be the same L2 domain.  (Doing this is a bad idea!!!)

It will take me some time to parse through your two replies.  I might also try some of what I suggest on my copy of you PT file on my copy of PT and see what results I get.  (Yes, PT, especially historically, has been buggy, but the recent versions don't seem as buggy although they often don't support more advanced IOS features.)

Just updated your original PT file to make inter switch link access ports and trunk to router.  Can ping between PCs, same VLAN and between VLANs.  Take a look at attachment.

Review Cisco Networking for a $25 gift card