Solved: Re: VLANs and subnet broadcasts.

jlajuarez · ‎11-25-2010

Correct me if my concept is wrong in this scenario.

Scenario:

1 Router

1 Switch

6 VLANS

VLAN 10 = 10.0.10.0/24

VLAN 20 = 10.0.20.0/24

VLAN 30 = 10.0.30.0/24

VLAN 40 = 10.0.40.0/24

VLAN 50 = 10.0.50.0/24

VLAN 60 = 10.0.60.0/24

1. Broadcasts are not contained in each VLAN because they are on the same subnet. Am I right or wrong?

2. If I am wrong, changing the subnetting scheme to VLSM will contain the broadcasts in each VLAN? Am I right or wrong?

Question

A. How will I contain broadcasts in a VLAN using the IP scheme above? Is there some sort of access-list configuration for each vlan? If there is, can you give me the configuration commands for it? The only command I know is allowing ALL VLANs to connect to the trunk.

glen.grant · ‎11-25-2010

Thats incorrect , each vlan is its own broadcast domain. The broadcast boundary stops at the router interface . So if you have 6 vlans on the switch going to a router you run a trunk from the switch to the router each encapsulated with its own vlan id . So say a broadcast in vlan 10 will not be seen in say vlan 20 . Subnetting has nothing to do whether its broadcast is contained in its own subnet. What you are showing is router on a stick and each vlan you show would be in its own broadcast domain.

View solution in original post

Jon Marshall · ‎11-25-2010

jlajuarez wrote:

Ooooh. Ok. So having VLANs is already a good basic way to contain broadcasts and that i do not need any configuration to contain broadcasts on vlans. However I would still like to know the configuration commands to prevent a vlan from communicating another vlan.

If you didn't want a vlan to communicate with anything else then simply don't create a L3 vlan interface for that vlan then it can't be routed.

If however you wanted the vlan to communicate with some but not all vlans then use acls eg. from your example -

vlan 10 can talks to vlan 20 & 50 but not vlans 30,40 & 60

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.30.0 0.0.0.255

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.40.0 0.0.0.255

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.60.0 0.0.0.255

access-list 101 permit ip 10.0.10.0 0.0.0.255 any

int vlan 10

ip access-group 101 in

Jon

View solution in original post

glen.grant · ‎11-25-2010

Thats incorrect , each vlan is its own broadcast domain. The broadcast boundary stops at the router interface . So if you have 6 vlans on the switch going to a router you run a trunk from the switch to the router each encapsulated with its own vlan id . So say a broadcast in vlan 10 will not be seen in say vlan 20 . Subnetting has nothing to do whether its broadcast is contained in its own subnet. What you are showing is router on a stick and each vlan you show would be in its own broadcast domain.

jlajuarez · ‎11-25-2010

Ooooh. Ok. So having VLANs is already a good basic way to contain broadcasts and that i do not need any configuration to contain broadcasts on vlans. However I would still like to know the configuration commands to prevent a vlan from communicating another vlan.

Jon Marshall · ‎11-25-2010

jlajuarez wrote:

Ooooh. Ok. So having VLANs is already a good basic way to contain broadcasts and that i do not need any configuration to contain broadcasts on vlans. However I would still like to know the configuration commands to prevent a vlan from communicating another vlan.

If you didn't want a vlan to communicate with anything else then simply don't create a L3 vlan interface for that vlan then it can't be routed.

If however you wanted the vlan to communicate with some but not all vlans then use acls eg. from your example -

vlan 10 can talks to vlan 20 & 50 but not vlans 30,40 & 60

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.30.0 0.0.0.255

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.40.0 0.0.0.255

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.60.0 0.0.0.255

access-list 101 permit ip 10.0.10.0 0.0.0.255 any

int vlan 10

ip access-group 101 in

Jon

jlajuarez · ‎11-25-2010

Jon,

Thank you so much for that input. Do you happen to have a complete list of those configuration commands? I've been scouring the web but i don't find the ones i am looking for. I mean, i did find vlan configuration commands, but i do not think i have come across the access list command that you showed. Do you have a copy of those commands or do you know where i could find them?

Jon Marshall · ‎11-25-2010

There are configuration guide and command references for all types of switches and also standard IOS configuration guides and command references on the Cisco web site.

Which switch are you using, and i will point you to the config and command references for this device ?

Jon

jlajuarez · ‎11-26-2010

Oh I'm sorry. I was just practicing in packet tracer. Wait so you mean to say some switch have different configuration commands? I am not very keen on the technology of switches and routers. I mean, i just finished ccna 2 and will be proceeding with ccna 3. I do not have much knowledge when it comes to the products that cisco manufactures let alone the features of the ios. But i am reading a lot in order to learn more. Thank you so much for that input.

Jon Marshall · ‎11-26-2010

jlajuarez wrote:
Oh I'm sorry. I was just practicing in packet tracer. Wait so you mean to say some switch have different configuration commands? I am not very keen on the technology of switches and routers. I mean, i just finished ccna 2 and will be proceeding with ccna 3. I do not have much knowledge when it comes to the products that cisco manufactures let alone the features of the ios. But i am reading a lot in order to learn more. Thank you so much for that input.

Well some switches can run an OS called CatOS (eg the 6500 can run this) and that is a whole different set of commands.

However most switches run IOS (and the 6500 can run pure IOS too) and so the commands are often the same. However you are often configuring different things on a router than a switch eg. on a switch it is far more common ot configure vlans, switchports, spanning-tree etc. whereas on routers this is a lot less common (unless the router has an inbuilt switch).

But there are significant differences sometimes between the same thing on a switch or a router. QOS is a very good example. Routers use a standard QOS command set because routers generally do all things in software. Switches however do a lot of things in hardware and have dedicated ASICs to do this. This can have a significant effect on how things are implemented. QOS on switches is to be perfectly honest, a pain to configure as not only does QOS vary between switches and routers, it also varies from switch model to switch model as each switch has different capabilities.

Having said that, most of the commands between switches are the same ie. if you know how to setup vlans and inter-vlan routing on a 3560 then you can set it up on a 6500.

Jon

jlajuarez · ‎11-26-2010

Ok. thank you so much for your time, Jon.