cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1457
Views
20
Helpful
13
Replies

Can you do Vlaning on a Flat Network with No subnets?

jrosetta1
Level 1
Level 1

OK so at work we are trying to do vlaning, but here is the catch the

whole network is flat... no routers (but one faceing outside) and no

subnets. So we are trying to do this without using an IP address for the

vlan interface, will that work?

To my knowledge since you there is no subnets and your network is just one whole flat network, you could have vlans just for that whole network but would it be worth it?

1 Accepted Solution

Accepted Solutions

Joshua

It depends on the switch. If the switch is L3 capable then you can create L3 vlan interfaces and then your clients can communicate. Alternatively if you had a router as well as a switch you could use the router to route between the vlans.

Vlans work at L2. A broadcast from a machine in a vlan will be received by all other machines within that vlan.

Generally speaking in an average network you would have multiple vlans. Each vlan would have it's own IP subnet eg.

vlan 10 -> 192.168.5.0/24

vlan 11 -> 192.168.6.0/24

each device in vlan 10 would have an IP address out of the 192.168.5.1 -> 254 range and each device in vlan 11 would have an IP address out of the 192.168.6.1 -> 254 range.

You would then on a L3 switch or router have a L3 interface for each vlan eg.

int vlan 10

ip address 192.168.5.1 255.255.255.0

int vlan 11

ip address 192.168.6.1 255.255.255.0

each client in vlan 10 would have it's default-gateway set to 192.168.5.1 and each client in vlan 6 192.168.6.1.

Usually client addresses are handed out via DHCP.

Just to reiterate - vlans are L2 concepts. For vlans to communicate they need a L3 device to route between them. This L3 device could be a router or a L3 switch.

Jon

View solution in original post

13 Replies 13

jrosetta1
Level 1
Level 1

By the way, this is not for my "work" or anything like that. I just got asked this question and I gave an appropriate answer to what I know of VLAN's and how you can implement them. I just wanted to know what you all think of the situation.

Joseph W. Doherty
Hall of Fame
Hall of Fame

". . . will that work?"

Probably.

". . . would it be worth it?"

Probably not.

What are you trying to accomplish?

[edit]

Only saw your new post after my post. Don't have time to respond to the new post; maybe later today . . .

My friend asked me this through an email. I asked him the same question what he was trying to accomplish but I did not get a reply.

I think they want to segment their network. However, I told him that since you have no subnets on your network you would first need to create subnets and then create your vlans appropriately you want the VLANS to actually mean something in your network.

Right now on their network everything can see everything else.

VLANs and subnets are different things, and although often used together, neither requires the other.

Your friend should explain what he wants to accomplish or what he things their current network problem might be.

Some of the later Cisco switches support private VLAN for security purposes, but other than that, often little need to implement VLANs unless they're going to be used to "host" different networks.

THank you, I always tie Vlans and subnets together by accident because of I get in that tendency to say "vlan 10 is in this subnet in this building" bad habit.

I will see if I can get any more information.

They are trying to break up broadcast domains in their network thats the goal.

They seem to be using 3com stuff. Here is what I was told;

they are 3Com switches

but we are at this point trying to set up a test environment

we have a 4900 layer 3 switch plugged into 3 laptops representing three

schools

We we put on laptop on a VLAN it looses DHCP and we as of right now only

have one port for trunking put how do you route across a switch with

only one switch with many vlans on it? Do you need another switch to

trunk to it?

Unless you plan to have VLANs on L2 switches beyond the L3 switch, shouldn't need to configure VLANs on those switches or use VLAN trunks.

On the 4900, define one or more VLANs; define one more more ports as access ports for those VLANs. Connect 3Com switches to 4900 ports to place that 3Com switch, and any devices attached to it, within VLAN defined on 4900.

For each VLAN on 4900, define IP address, unique subnet per VLANs. This will be gateway used by hosts on that VLANs.

Enable IP routing on 4900. (Once done, hosts with hard coded IP addressing, should be able to ping each other on different VLANs/subnets.

For DHCP, you'll need to define IP helper (for VLAN interface) to forward host request to DCHP server. Not needed if DHCP server on host subnet.

Joshua

If you split your network up into vlans but then have no way of routing between vlans then these vlans are isolated from one another. And it doesn't matter what IP addressing scheme you use ie. different subnet per vlan or same subnet for all vlans.

A vlan is a logical separation of ports at layer 2. So if you create 10 vlans which will indeed create 10 broadcast domains, if you do not have 10 L3 interfaces, one for each vlan, then these vlans will be isolated from each other.

Any machines in the same vlan will be able to communicate with each other but that's it.

As mentioned a vlan does not have to equate to an IP subnet altho it usually does.

Jon

I appreciate the replies / help. I am getting a better understanding of this (And I hope my friends situation gets resolved).

This is what I got from his latest email

so from what it sounds VLAN's need IP address? and what config's need to

be made on the PCs??

The kid I am working with is trying to do layer 2 VLANing which I

thought was crazy.. so from what it sounds there is no way to get VLANs

to talk to each other with only one switch, like on that one switch we

have 3 VLANs I guess there is no way to get them to talk without

bringing in another switch right??

Joshua

It depends on the switch. If the switch is L3 capable then you can create L3 vlan interfaces and then your clients can communicate. Alternatively if you had a router as well as a switch you could use the router to route between the vlans.

Vlans work at L2. A broadcast from a machine in a vlan will be received by all other machines within that vlan.

Generally speaking in an average network you would have multiple vlans. Each vlan would have it's own IP subnet eg.

vlan 10 -> 192.168.5.0/24

vlan 11 -> 192.168.6.0/24

each device in vlan 10 would have an IP address out of the 192.168.5.1 -> 254 range and each device in vlan 11 would have an IP address out of the 192.168.6.1 -> 254 range.

You would then on a L3 switch or router have a L3 interface for each vlan eg.

int vlan 10

ip address 192.168.5.1 255.255.255.0

int vlan 11

ip address 192.168.6.1 255.255.255.0

each client in vlan 10 would have it's default-gateway set to 192.168.5.1 and each client in vlan 6 192.168.6.1.

Usually client addresses are handed out via DHCP.

Just to reiterate - vlans are L2 concepts. For vlans to communicate they need a L3 device to route between them. This L3 device could be a router or a L3 switch.

Jon

Thank you Jon. I will let him know, I pretty much told him to really take advantage of VLAN's and segment their network he would need to do what you said.

In my experience I never just made a "Vlan" named it and try to route that on the network. Because thats what they are trying to do.

You better get your friend's reply about this. What is the problem and what is he trying to achieve.

An example is what I've seen before;

- big flat network, /16.

- all users, servers, and printers in this network.

- multiple servers spread in this big flat network.

Because of security, I enforced network revamp. However, some servers are too expensive to move. e.g. internal applications tied to IP Address (old way) and will cost a lot of $$$ to recompile them. Planning;

- plan the segments (e.g. per service, per department, per floor, per building).

- identify the servers that are too expensive to move around, use their IP Address as base for the server segment.

- slowly move other servers nearer to the IP Address of expensive servers and use the new subnet mask for the servers (NOT the gateway).

- slowly move the users/services to their new network segment.

Of course its NOT as simple as that. Need coordination from other admin (e.g. system, printers, applications) and lots of impact assessment. In the end, its worth all the trouble - security, performance, manageability is in place.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco