×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Understanding Vlans

Unanswered Question
Nov 7th, 2006
User Badges:

Hi


I have a basic question, that I hope somebody can explain to me. As I understand it vlan's work on the data link layer, either using ports or MAC addresses to define vlans. If this is the case then why do we need a router (i.e layer 3) network device to route between vlans. so simply why use a layer 3 device to help traffic to flow on the layer 2 level?


Thanks in advance

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
ankbhasi Tue, 11/07/2006 - 07:26
User Badges:
  • Cisco Employee,

Hi Dan,


Let me try to put in simple terms and update if it helps you.


VLANS definetely work at layer 2 and helps in breaking broadcast domain at layer 2. Now a broadcast in one vlan cannot tranverse another vlan in normal situation without a special configuration.


Now look at the broader level where vlans are logical division of subnets. So each vlan means different subnet. Now how will these 2 subnets talk to each other. And that is the reason you need to have layer 3 device to make different vlan talk to each other.


Hope I am able to explain.


Regards,


Ankur

dan_track Tue, 11/07/2006 - 07:58
User Badges:

Hi Ankur


Thanks for your explanation. Unfortunately I still don't fully understand. I can't see how a vlans can be defined as a different subnets, my understanding is that subnets are created via layer 3 not layer 2.


I do understand that vlans segment broadcasts when looking at layer 2, but still can't see why a router should jump in to allow two layer 2 vlans to talk to each other.


Hope it can be explained in another way.


Kind Regards

Dan

ankbhasi Tue, 11/07/2006 - 08:10
User Badges:
  • Cisco Employee,

Hi Dan,


Let take a small example. Assume you do not have layer 3 device and just have a pure layer 2 switch.


You have 2 machines one in vlan 2 and one in vlan 3.


You can for sure assign 2 machines with same subnet ip address and without using a layer 3 device they can talk to each other if you use a cross cable and connect to 2 other ports configured for vlan 2 and vlan 3.


But thats not the right implementation of vlans. VLANS also divide your layer 3 subnets logically and is the reason you need different vlans so that you can logically divide your network. And when you have different subnets no matter they are in same vlan on other you need to have layer 3 device.


You can also have mchines in same vlan with different subnets and on your router can define secondary ip address to route them.


So what I m trying to put here is you can have 2 vlans with same subnet address at layer 2 and also you can have one vlan with different subnets but for routing between 2 different subnets you need layer 3 device.


Hope I am able to explain.


Regards,


Ankur


*Pls rate all helpfull post

dan_track Wed, 11/08/2006 - 02:31
User Badges:

Hi


Thanks for the msesage. ITs helps in understanding. So basically the bootom line is that you don't need a layer three device to create vlans if the netwrok range is the same when used on all vlans. If however we use different subnets on each vlan then yes we do need a layer 3 device to route between subnets.


So what benefit do you get if vlans are created and they all use the same subnet ( so no layer 3 device needed). Is it just that they stop broadcasts across vlans, or is there something else?


Thanks

Dan

ankbhasi Wed, 11/08/2006 - 02:44
User Badges:
  • Cisco Employee,

Hi Dan,


You got it. But thats a bad design to have multiple vlans but with same subnet and in that case even if you get layer 3 device you will not be able to route between them because on layer 3 device when you crate 2 different layer 3 interfaces for respective vlans and try to assign same subnet ip address it will throw a overlapping address error message.


And yes in this design there can be VLAN leakage also where 2 vlans can talk to each other without a layer 3 devive by just using a cross cable which you can say is a security breach.


HTH


Ankur

jarvar832004 Wed, 11/08/2006 - 01:30
User Badges:

If you ask a simple question probably u will understand ....... will you switch between two different LANs or route between them ?

Any traffic destined within its own LAN gets switched while if you want to get it to another LAN u will essentially have to route it. VLAN is simply an extension of the LAN concept.

Actions

This Discussion