trunking basic question

Unanswered Question
Sep 8th, 2007

hi all,

i would like to configure intervlan. i thought for good understanding i would go for router on stick model.

i have few questions:

1. if i configure 4 vlans on different subnet. then is it necessary to configure routing on router as they on different networks.

2. trunk port carrys all vlan information, so then all vlans will be able to communication, then how would i restrict them. (i mean vlan2 will communicate with vlan3 and not with vlan 4,5..)

thanking you,

prashanth.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Sat, 09/08/2007 - 06:15

1. Yes, routing has to be enabled as per default on the router.

2. Use access-list (ip access-group) on the corresponding subinterface.

3. if you want to do intervlan routing at wire speed get an 8-port 3560 that is a great device for a very reasonable price.

Hope this helps, please rate post if it does!

Joseph W. Doherty Sat, 09/08/2007 - 13:01

"2. trunk port carrys all vlan information, so then all vlans will be able to communication, then how would i restrict them. (i mean vlan2 will communicate with vlan3 and not with vlan 4,5..)"

Trunks do carry the VLANs you allow, but each frame has a VLAN tag, so although physically on the same wire, the VLANs can not communicate with each other until they get to the router.

PS:

If you use a router with many ports, you might have some additional options to increase the bandwidth between the switch and the router. You might be able to channel ports, or provide links for specific VLANs.

Edison Ortiz Sat, 09/08/2007 - 13:10

I second Paolo's recommendation.

If you are in a budget, a 3560 - 8Port switch is a great device for this task.

If you are going to have that many Vlans, it means there will be a bottleneck as the inter-vlan routing bandwidth will be limited to the router interface speed.

In other words, if you send a packet from Vlan4 to Vlan5, it goes from the Vlan4 switch-port (100Mbps) ->

to the router interface (100Mbps - but it's shared with all other traffic so the speed will be lower) ->

back down to Vlan5 switch-port.

With a 3560, the connection will be layer3 switched at wire speed.

sagiterian.archer Sat, 09/08/2007 - 13:28

Hi,

Following is the solution for your query

i have few questions:

1. if i configure 4 vlans on different subnet. then is it necessary to configure routing on router as they on different networks.

Ans:

If you use router create subinterfaces on Ethernet Port of router as follows

For VLAN1

(config)#Int f0/0.1

(Config-if)#ip address 1.1.1.1 255.255.255.0

(Config-if)#encapsulation dot1q 2 (For VLAN id 2)

For VLAN2

(config)#Int f0/0.1

(Config-if)#ip address 2.2.2.1 255.255.255.0

(Config-if)#encapsulation dot1q (For VLAN id 3)

and so on

now connect trunk port of L-2 switch to this interface as all these networks are directly connected router will start intervlan routing

2. trunk port carrys all vlan information, so then all vlans will be able to communication, then how would i restrict them. (i mean vlan2 will communicate with vlan3 and not with vlan 4,5..)

Ans: Now for preventing routing between two subnets created ACL and attach it on subinterface and use direction as in.

For Ex:-

ip access-list extended ACC_Ctrl

deny ip 1.1.1.0 0 0.0.0.255 2.2.2.0 0 0.0.0.255

permit ip any any

and attach it on subinerface for incoming traffic as follows:

(config)#Int f0/0.1

(Config-if)#ip access-group ACC_Ctrl in

This will solve your issue.

Thanks and Regards,

Sagiterian.

Actions

This Discussion