09-08-2007 05:59 AM - edited 03-03-2019 06:40 PM
hi all,
i would like to configure intervlan. i thought for good understanding i would go for router on stick model.
i have few questions:
1. if i configure 4 vlans on different subnet. then is it necessary to configure routing on router as they on different networks.
2. trunk port carrys all vlan information, so then all vlans will be able to communication, then how would i restrict them. (i mean vlan2 will communicate with vlan3 and not with vlan 4,5..)
thanking you,
prashanth.
09-08-2007 06:15 AM
1. Yes, routing has to be enabled as per default on the router.
2. Use access-list (ip access-group) on the corresponding subinterface.
3. if you want to do intervlan routing at wire speed get an 8-port 3560 that is a great device for a very reasonable price.
Hope this helps, please rate post if it does!
09-08-2007 01:01 PM
"2. trunk port carrys all vlan information, so then all vlans will be able to communication, then how would i restrict them. (i mean vlan2 will communicate with vlan3 and not with vlan 4,5..)"
Trunks do carry the VLANs you allow, but each frame has a VLAN tag, so although physically on the same wire, the VLANs can not communicate with each other until they get to the router.
PS:
If you use a router with many ports, you might have some additional options to increase the bandwidth between the switch and the router. You might be able to channel ports, or provide links for specific VLANs.
09-08-2007 01:10 PM
I second Paolo's recommendation.
If you are in a budget, a 3560 - 8Port switch is a great device for this task.
If you are going to have that many Vlans, it means there will be a bottleneck as the inter-vlan routing bandwidth will be limited to the router interface speed.
In other words, if you send a packet from Vlan4 to Vlan5, it goes from the Vlan4 switch-port (100Mbps) ->
to the router interface (100Mbps - but it's shared with all other traffic so the speed will be lower) ->
back down to Vlan5 switch-port.
With a 3560, the connection will be layer3 switched at wire speed.
09-08-2007 01:28 PM
Hi,
Following is the solution for your query
i have few questions:
1. if i configure 4 vlans on different subnet. then is it necessary to configure routing on router as they on different networks.
Ans:
If you use router create subinterfaces on Ethernet Port of router as follows
For VLAN1
(config)#Int f0/0.1
(Config-if)#ip address 1.1.1.1 255.255.255.0
(Config-if)#encapsulation dot1q 2 (For VLAN id 2)
For VLAN2
(config)#Int f0/0.1
(Config-if)#ip address 2.2.2.1 255.255.255.0
(Config-if)#encapsulation dot1q (For VLAN id 3)
and so on
now connect trunk port of L-2 switch to this interface as all these networks are directly connected router will start intervlan routing
2. trunk port carrys all vlan information, so then all vlans will be able to communication, then how would i restrict them. (i mean vlan2 will communicate with vlan3 and not with vlan 4,5..)
Ans: Now for preventing routing between two subnets created ACL and attach it on subinterface and use direction as in.
For Ex:-
ip access-list extended ACC_Ctrl
deny ip 1.1.1.0 0 0.0.0.255 2.2.2.0 0 0.0.0.255
permit ip any any
and attach it on subinerface for incoming traffic as follows:
(config)#Int f0/0.1
(Config-if)#ip access-group ACC_Ctrl in
This will solve your issue.
Thanks and Regards,
Sagiterian.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide