04-10-2006 08:13 PM - edited 03-03-2019 02:45 AM
Is it possible to create vlans on one switch for different networks, eg. 172.16.0.0, 192.168.0.0, 160.8.0.o etc
04-10-2006 08:19 PM
Absolutely, that is one of the primary reasons for using VLANs...
VLANs demarcate ethernet broadcast boundaries and are generally used for demarcation of IP subnets as well.
You must be mindful that you can only create non-management VLAN interfaces on L3 switches, not L2 switches.
Pls do remember to rate posts.
Paresh
04-10-2006 08:38 PM
Please quote me a reference for further reading.
Why do we create non-management VLAN interfaces on L3 switches only and not L2?
04-10-2006 08:44 PM
Well, L2 switches don't support IP routing as such. However, they do allow a management IP address to be configured so that you can telnet to the box etc.
L3 switches, on the other hand, allow you to create VLAN interfaces that allow you to route between VLANs.
YOu might want to look at the config guide for a L3 switch like the 3550. Here's a guide to it:
Pls do remember to rate posts.
Paresh
04-10-2006 09:38 PM
different networks. Eg 172.16.0.0 belongs to another organization. 192.168.0.0 belongs to another organizaton. How is it possible for these different networks to work on a same switch. Please give me examples on how it is configured on the L3 switches.
04-10-2006 09:46 PM
It's really quite simple...
Firstly, come up with a VLAN scheme e.g.
172.16.0.0/16 - VLAN 10
192.168.0.0/16 - VLAN 20
You work out which ports on the switch connect to which networks. Then, you assign that port to the appropriate VLAN so for example, a port that is connected to a device in the 192.168.0.0/16 network is placed into VLAN 20.
Then, configure L3 interfaces for each VLAN:
interface VLAN10
ip address 172.16.1.1 255.255.0.0
!
interface VLAN20
ip address 192.168.1.1 255.255.0.0
!
Configure all devices in the 172.16.0.0/16 network with a default gateway of 172.16.1.1 and all devices in the 192.168.0.0/16 network with a default gateway of 192.168.1.1
That way, all devices in the two VLANs will be able to communicate with each other...
Pls do remember to rate posts...
Paresh
04-10-2006 11:41 PM
We dont want devices in these networks to have access to each other. Devices on the 172.16.0.0 network shouldn't have access to devices on the 192.168.0.0 network. These are totally different networks with different functions and interests. Is this possible?
04-10-2006 11:53 PM
That is certainly possible.
You would add the following to the config example I gave earlier.
access-list 101 deny ip any 192.168.0.0 0.0.0.255
access-list 101 permit ip any any
!
access-list 102 deny ip any 172.16.0.0 0.0.0.255
access-list 102 permit ip any any
!
interface vlan10
ip access-group 101 in
!
interface vlan20
ip access-group 102 in
The other option is not to create the VLAN interfaces at all (if your hosts don't need any external access at all). In that case, there would not be any routing between the VLANs at all.
Pls do remember to rate posts.
Paresh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: