cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
825
Views
0
Helpful
8
Replies

Question about vlan setup

aaron.cowell.au
Level 1
Level 1

Ok I have been undertaking a tutorial about setting up a switch but I am a little confused. Mainly it has to do with the vlan syntax

1     int vlan1

2     ip address 192.168.1.1 255.255.255.0

3     int f0/1

4     switchport mode access

5     switchport access vlan 1

** Is the vlan in line 5 the same vlan as in line 1 as one has a space and the other dose not.*

Can you have a space in line 1 example

int vlan 1

also if I want to have two separate vlans aka break a switch into two smaller switches and connect them to a router do I have to setup another vlan example

6     int vlan2

7     ip address 10.1.1.1 255.0.0.0

8     int f0/10

9     switchport mode access

5     switchport access vlan 2

Do I actually need line 6 and 7?

Thank you.

8 Replies 8

darren.g
Level 5
Level 5

Aaron-James Nichol Cowell wrote:

Ok I have been undertaking a tutorial about setting up a switch but I am a little confused. Mainly it has to do with the vlan syntax

1     int vlan1

2     ip address 192.168.1.1 255.255.255.0

3     int f0/1

4     switchport mode access

5     switchport access vlan 1

** Is the vlan in line 5 the same vlan as in line 1 as one has a space and the other dose not.*

Can you have a space in line 1 example

int vlan 1

also if I want to have two separate vlans aka break a switch into two smaller switches and connect them to a router do I have to setup another vlan example

6     int vlan2

7     ip address 10.1.1.1 255.0.0.0

8     int f0/10

9     switchport mode access

5     switchport access vlan 2

Do I actually need line 6 and 7?

Thank you.

Aaron.

You're getting confused because you're mixing two different concepts.

The VLAN is a layer 2 instance. It refers only to layer 2 connectivity (broadcast domain), and doesn't care about what protocol is running on top of it.

The INTERFACE type VLAN is what is known as a SVI, or switched virtual interface. It is associated with a layer 2 VLAN, but it works at layer 3 - the IP (and others) protocol layer.

So, in your example above, vlan1 and interface vlan1 are not the same because they're at different layers, but they *are* associated - any switchport which is in vlan1 will "see' the IP address of interface vlan1, and exist on the same IP subnet - in your case, 192.168.1.0/24.

You're not *required* to create an SVI for every VLAN - but if you don't, devices which are in that vlan will only be able to communicate with each toher (and every other device in the same vlan) because there is no associated "routing" interface to push traffic through. You can plug in an external router and assign an IP address to it, and then your devices could communicate to other hosts - but not to other hosts in a different vlan in the same switch UNLESS they were also plugged into the external router.

The advantage of this is that you don't need high end routers for simple jobs - the layer 3 aspects of the switch will do it for you, and allow you to separate subnets to reduce broadcast domains, or allow isolated islands of connectivity without external access.

And yes, you do need lines 6 & 7 in your example above, but only if you want the devices in VLAN2 to be able to communicate with devices in VLAN1.

And yes also, you can have a space between the vlan and the number in the line "interface vlan 1" - it'll work regardless.

Hope this helps.

Cheers

So if I setup the router as below.

int f0/1

switchport mode access

switchport access vlan 1

no shut

int f0/2

switchport mode access

switchport access vlan 1

no shut

int f0/3

switchport mode trunk

switchport access vlan1

no shut

int f0/6

switchport mode access

switchport access vlan 2

no shut

int f0/7

switchport mode access

switchport access vlan 2

no shut

int f0/8

switchport mode trunk

switchport access vlan 2

no shut

Without setting up a vlan interface with an ip address. I would need to run a cable between f0/8 and f0/3 on the same switch. For ip address in the same subnet to communicate eg 192.,168.1.0/24. Because one is in vlan1 and the other in vlan 2.

I know this may seen stupid but I just want to get it into my head before I play around with the switches.

Aaron-James Nichol Cowell wrote:

So if I setup the router as below.

int f0/1

switchport mode access

switchport access vlan 1

no shut

int f0/2

switchport mode access

switchport access vlan 1

no shut

int f0/3

switchport mode trunk

switchport access vlan1

no shut

int f0/6

switchport mode access

switchport access vlan 2

no shut

int f0/7

switchport mode access

switchport access vlan 2

no shut

int f0/8

switchport mode trunk

switchport access vlan 2

no shut

Without setting up a vlan interface with an ip address. I would need to run a cable between f0/8 and f0/3 on the same switch. For ip address in the same subnet to communicate eg 192.,168.1.0/24. Because one is in vlan1 and the other in vlan 2.

I know this may seen stupid but I just want to get it into my head before I play around with the switches.

Not quite.

You've made f0/3 an access port, and f0/8 a trunk - the two are not compatible, and the link wouldn't come up.

If you creates f0/3 as a trunk and f0/3 as a trunk it might work - but it might also go into blocking mode, because you're trunking VLAN's which already exist on the switch - and I don't know how spanning tree would work since the VLAN's are available to the backbone - I've never tried this one. If it was two different switches then a trunk between them would work - but you'd still have two distinct VLAN's, they wouldn't interact with each other.

A VLAN provides *logical* isolation (compared to the physical isolation of having a completely different switch) or two broadcast domains. Packets in VLAN2 will not interact in *any* way with packets in VLAN1 at layer 2 - and only at layer 3 if you have defined SVI's for each VLAN and enabled routing between them.

And if you *did* set up an SVI for VLAN1 and VLAN2, you'd need to put them in different subnets (192.168.1.0/24 & 192.168.2.0/24, for example) because the operating system wouldn't let you overlap - you'd get an error about the IP address overlapping with the other SVI.

So, you get machines connected to VLAN1 to talk with VLAN2, you'd need to configure two SVI's and assign them IP addresses - then the switch would automatically route between the two segments.

A simpler way of getting comunication between the two sets of ports is to put them all into VLAN1, but I suspect that's not what you're trying to achieve. :-)

Cheers

I thought that both f0/3 and f/08 were in trunk mode.

> If you creates f0/3 as a trunk and f0/3 as a trunk it might work

do you mean f0/3 and f0/8 or was that not a typo.

If you connect a switch to a router do you use trunk or access mode.

other than that I think I have gotten it.

Aaron-James Nichol Cowell wrote:

I thought that both f0/3 and f/08 were in trunk mode.

> If you creates f0/3 as a trunk and f0/3 as a trunk it might work

do you mean f0/3 and f0/8 or was that not a typo.

If you connect a switch to a router do you use trunk or access mode.

other than that I think I have gotten it.

Sorry - I mis-read your config - yeah, you had f0/3 & f0/8 in trunk mode.

Connecting a switch to a router you'd normally use access mode *unless* you wanted the router to run multiple subnets on each interface - in which case, you'd run one port on your switch in trunk mode, and configure your router interface as a trunk with sub-interfaces in each VLAN and allow dot1q to deal with the separation.

If you have multiple interfaces on your router and want to maintain separation on the switch, then you'd run two switch ports in access mode, one connected to each router port, and assign the IP address for the subnet to each individual router port.

Cheers. And sorry for the tired eyes syndrome - I mis-read your post above and read your second port as an access port, not a trunk.

in which case, you'd run one port on your switch in trunk mode, and configure your router interface as a trunk with sub-interfaces in each VLAN and allow dot1q to deal with the separation.

ok what commands do I run on the router to achive this?

Aaron-James Nichol Cowell wrote:

in which case, you'd run one port on your switch in trunk mode, and configure your router interface as a trunk with sub-interfaces in each VLAN and allow dot1q to deal with the separation.

ok what commands do I run on the router to achive this?

Exactly. Run one trunk port on the switch, and configure sub-interfaces on the one physical router port.

You'd do something like this on the switch

int f0/8

switchport mode trunk

switchport trunk allowed vlans 2-3

switchport trunk encapsulation dot1q

no shut

And on the router

int f1/0

no shut

int f0/1.2

encapsulation dot1q 2

description trunk link to switch - VLAN 2

ip address 192.168.1.254 255.255.255.0

no shut

int f1/0.3

encapsulation dot1q 3

description Trunk link to switch - VLAN 3

ip address 192.168.2.254 255.255.255.0

no shut

Then connect interface f1/0 on the router to f0/8 on the switch (you may need a crossover cable, as fast ethernet doesn't auto MDI/MDI-X), and you should be good to go routing between the two segments.

Cheers

I think that Darren must have mis-read something in the config because at least in the version of your post that I see both f0/3 and f0/8 do specify switchport most trunk. So they both will operate as trunk ports. (and if they are trunk ports then there is no point in having the switchport access vlan x command).

And if they are both trunk ports there would be no usefulness in having a cable connecting them. It certainly would NOT help vlan 1 communicate with vlan 2 as you seem to suggest. A trunk port of a switch is intended to connect to some other device (to another switch or to a router) and to carry traffic for multiple vlans over the trunk).

You have not told us whether this switch is operating as a layer 2 switch or as a layer 3 switch. And that makes a difference in what the switch can do. A layer 2 switch can configure more than one vlan (operating at layer 2 as Darren has pointed out) but it can have only a single active VLAN interface (operating at layer 3). And on a layer 2 switch a device connected in vlan 1 can not communicate with a device in vlan 2 (the traffic must go through a layer 3 device to get between vlans). If the switch is a layer 3 switch then it does support multiple vlan interfaces (operating at layer 3) and can route between vlan 1 and vlan 2 without needing any other network device to get between vlans.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: