cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
612
Views
8
Helpful
7
Replies

Creating vlans for different networks on one switch

bipot
Level 1
Level 1

Is it possible to create vlans on one switch for different networks, eg. 172.16.0.0, 192.168.0.0, 160.8.0.o etc

7 Replies 7

pkhatri
Level 11
Level 11

Absolutely, that is one of the primary reasons for using VLANs...

VLANs demarcate ethernet broadcast boundaries and are generally used for demarcation of IP subnets as well.

You must be mindful that you can only create non-management VLAN interfaces on L3 switches, not L2 switches.

Pls do remember to rate posts.

Paresh

Please quote me a reference for further reading.

Why do we create non-management VLAN interfaces on L3 switches only and not L2?

Well, L2 switches don't support IP routing as such. However, they do allow a management IP address to be configured so that you can telnet to the box etc.

L3 switches, on the other hand, allow you to create VLAN interfaces that allow you to route between VLANs.

YOu might want to look at the config guide for a L3 switch like the 3550. Here's a guide to it:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00802cb816.html#wp1034984

Pls do remember to rate posts.

Paresh

different networks. Eg 172.16.0.0 belongs to another organization. 192.168.0.0 belongs to another organizaton. How is it possible for these different networks to work on a same switch. Please give me examples on how it is configured on the L3 switches.

It's really quite simple...

Firstly, come up with a VLAN scheme e.g.

172.16.0.0/16 - VLAN 10

192.168.0.0/16 - VLAN 20

You work out which ports on the switch connect to which networks. Then, you assign that port to the appropriate VLAN so for example, a port that is connected to a device in the 192.168.0.0/16 network is placed into VLAN 20.

Then, configure L3 interfaces for each VLAN:

interface VLAN10

ip address 172.16.1.1 255.255.0.0

!

interface VLAN20

ip address 192.168.1.1 255.255.0.0

!

Configure all devices in the 172.16.0.0/16 network with a default gateway of 172.16.1.1 and all devices in the 192.168.0.0/16 network with a default gateway of 192.168.1.1

That way, all devices in the two VLANs will be able to communicate with each other...

Pls do remember to rate posts...

Paresh

We dont want devices in these networks to have access to each other. Devices on the 172.16.0.0 network shouldn't have access to devices on the 192.168.0.0 network. These are totally different networks with different functions and interests. Is this possible?

That is certainly possible.

You would add the following to the config example I gave earlier.

access-list 101 deny ip any 192.168.0.0 0.0.0.255

access-list 101 permit ip any any

!

access-list 102 deny ip any 172.16.0.0 0.0.0.255

access-list 102 permit ip any any

!

interface vlan10

ip access-group 101 in

!

interface vlan20

ip access-group 102 in

The other option is not to create the VLAN interfaces at all (if your hosts don't need any external access at all). In that case, there would not be any routing between the VLANs at all.

Pls do remember to rate posts.

Paresh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: