Solved: noob question about swicthing port on a router

t80243280 · ‎01-19-2014

I am trying to understanding vlan on switch and router with packet tracer 6.

I thought switching port on a router will act as it does on a switch (mine are 2960).

I use a router with 1 WAN port and 4 switching port to emulate my cisco 881 (without wireless). Everything was working good with my 5 switches and 4-5 VLAN..then doing a ping test between VLAN.. I discovered that PC belonging to differents vlan can ping each other on a router - switching port...then i remake a basic scenario and post it here. i probably missed a basis of vlan.

FA 0/0 (the WAN port) is not connected.

FA 0/0/0 are port switching on the rooter.

According to my image...why pc0 is able to ping pc1 as there is not a specific route between them on the rooter...May be it is the C on the left side meanig connected..thought we need a static route to make one network communicate with another if they are not on the same network.

cadet alain · ‎01-19-2014

Hi,

The 881 router is acting exactly the same way as a L3 switch for intervlan communication.

It uses the SVIs configured as the default gateways to route between VLANs, a connected route is a route and so when one pc in vlan x wants to communicate with a pc in vlan y:

-the pc first finds out that the destination IP is in a different subnet so it will arp for its default gateway(corresponding SVI on the router)

-when the router receives a packet on this L3 interface it looks after a route for destination and it finds that it has a directly connected network entry for this and so it recurses to outgoing interface which is the other SVI.

If you want to limit intervlan connectivity then you'll have to use ACL or VRF to isolate each network.

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

Jon Marshall · ‎01-19-2014

The actual ports you connect the PCs to are L2 ports only ie they are not L3 so they cannot route. But you have also configured L3 SVIs (Switched Virtual Interfaces) on your router and it those that are doing the routing.

An SVI is a virtual L3 interface. So from your configuration where you do a "sh ip int" you can see at the bottom

vlan 10 192.168.0.1/24

vlan 99 192.168.99.1/24

those are your SVIs. If you also look at your routing table it shows entries for both your subnets as directly connected routes with those SVIs as well.

If you do a "sh run" you should see in your configuration something like this -

int vlan 10

ip address 192.168.0.1 255.255.255.0

int vlan 99

ip address 192.168.99.1 255.255.255.0

SVIs are generally seen on L3 switches and as as i say there are not configured on the actual port. The idea is a switch could have say 24 ports in vlan 10 and 24 ports in vlan 11 and then you simply configure SVIs for both vlans and now clients in each vlan can communicate with each other.

So to be precise SVIs are virtual L3 interfaces for a L2 vlan. They act much like physical L3 ports eg fa0/0 from your example ie. you can apply acls etc. to them but they do have differences.

Hope that makes sense.

Edit - to confirm all of the above you can simply remove or shut down one of the SVIs and the PCs should no longer be able to communicate.

Jon

t80243280 · ‎01-19-2014

I have manually enter those SVI command line
( (see my screenshot ...bottom right).. (thinking i was working on Layer 2 switch port on a router) ).watch out bracket ^^.
to get a gateway for my clients (192.168.0.1... it s my actual gateway..in the real life)..but i probably missed something again..

In my real network there is a cisco router 881 (all pc and stuff are in VLAN 1)...1 WAN interface and 4 switching port (only 1 port FE 0/1 is connected to the master switch)...As i did not have access to the router 881 (ISP policy....no comment..:)..). I was figuring out (as we have 3 (4-1..we use 1 ) fixed public ip available..)

How they have configured this cisco 881 ?..thought it was with SVI (making 192.168.0.1 VLAN 1) but this cisco 881 is not layer 3 (did not know that assigning ip to vlan 1 meant Layer 3).

1) So how did they configure this cisco 881 without Layer 3 ? ( at first..I just say to them: i want the router to be 192.168.0.1 and, to use NAT from 1 public ip -> 192.168.0.1/24 as default gateway..then i handle connection using dhcp dns proxy on a server in my LAN ->200 computers ).

To conclude, i used a stuff i did not have in my real life (L3), thinking i was simulating it (my cisco 881)..

2) What shoud l use to simulate my cisco 881 (1 WAN port and 4 swtching port)?

thanks for help.

Jon Marshall · ‎01-19-2014

How they have configured this cisco 881 ?..thought it was with SVI (making 192.168.0.1 VLAN 1) but this cisco 881 is not layer 3 (did know that assigning ip to vlan 1 means Layer 3).

I don't understand, what do you mean it is not L3 ?

What are youy trying to do ie. if the ISP configures the 881 then you need to talk to them as whatever we say here you will not be able to configure it. So if internet access is not working then you need to talk to them if the 881 needs reconfiguring.

Can you explain exactly what it is you are trying to achieve ?

Jon

cadet alain · ‎01-19-2014

Hi,