VLAN Question

Unanswered Question
Aug 29th, 2007
User Badges:

All, if I have a VLAN 300 with a management interface of and a VLAN 400 with a management interface of, and each port is in the same subnet as the specified VLAN, what prevents traffics from entering the other VLAN?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

L3 Routing allows VLANS (broadcast domains)to find each other. If the Switch is connected to a router and both subnets are advertised and not inhibited from interacting (Routing protocol config or ACL inhibitors), or the switch itself is a L2/L3 device with routing enabled, then they theoreticaly can interact.

rwamstutz Wed, 08/29/2007 - 12:09
User Badges:

Then how do I prevent two VLANs from broadcasting traffic into each VLAN, that is on the same swith?

Now if your question really is to ensure that NO HOST on VLAN 300 could ever exchange packets with ANY HOST on VLAN 400, that would be an ACL on each VLAN that specificaly excludes the entire VLAN Network Segment. Broadcast traffic is different than Uni-cast/Multi-cast traffic.

Then there's Private Vlans:


Which is a whole different level of separation/protection, ect

rwamstutz Wed, 08/29/2007 - 12:22
User Badges:

ok, so if my objection is to have machine traffic on Vlan 247 and Data Traffic on VLAN 300, IPX traffic from printers on VLAN 300, will not go over to vlan 247?

Francois Tallet Wed, 08/29/2007 - 12:41
User Badges:
  • Gold, 750 points or more

IPX traffic cannot get out of its vlan because you are not routing IPX. Only IP traffic could be routed between the vlans. If you want to avoid that, you have lots of solutions like disabling routing, implementing access lists, removing the IP addresses etc...

Vlan are still providing you with isolation at layer 2, even with your current configuration.



Francois Tallet Wed, 08/29/2007 - 12:37
User Badges:
  • Gold, 750 points or more

Note that private vlan will not prevent communication at layer 3.



This Discussion