Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Creating vlans for different networks on one switch

Is it possible to create vlans on one switch for different networks, eg. 172.16.0.0, 192.168.0.0, 160.8.0.o etc

7 REPLIES
Purple

Re: Creating vlans for different networks on one switch

Absolutely, that is one of the primary reasons for using VLANs...

VLANs demarcate ethernet broadcast boundaries and are generally used for demarcation of IP subnets as well.

You must be mindful that you can only create non-management VLAN interfaces on L3 switches, not L2 switches.

Pls do remember to rate posts.

Paresh

New Member

Re: Creating vlans for different networks on one switch

Please quote me a reference for further reading.

Why do we create non-management VLAN interfaces on L3 switches only and not L2?

Purple

Re: Creating vlans for different networks on one switch

Well, L2 switches don't support IP routing as such. However, they do allow a management IP address to be configured so that you can telnet to the box etc.

L3 switches, on the other hand, allow you to create VLAN interfaces that allow you to route between VLANs.

YOu might want to look at the config guide for a L3 switch like the 3550. Here's a guide to it:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00802cb816.html#wp1034984

Pls do remember to rate posts.

Paresh

New Member

Re: Creating vlans for different networks on one switch

different networks. Eg 172.16.0.0 belongs to another organization. 192.168.0.0 belongs to another organizaton. How is it possible for these different networks to work on a same switch. Please give me examples on how it is configured on the L3 switches.

Purple

Re: Creating vlans for different networks on one switch

It's really quite simple...

Firstly, come up with a VLAN scheme e.g.

172.16.0.0/16 - VLAN 10

192.168.0.0/16 - VLAN 20

You work out which ports on the switch connect to which networks. Then, you assign that port to the appropriate VLAN so for example, a port that is connected to a device in the 192.168.0.0/16 network is placed into VLAN 20.

Then, configure L3 interfaces for each VLAN:

interface VLAN10

ip address 172.16.1.1 255.255.0.0

!

interface VLAN20

ip address 192.168.1.1 255.255.0.0

!

Configure all devices in the 172.16.0.0/16 network with a default gateway of 172.16.1.1 and all devices in the 192.168.0.0/16 network with a default gateway of 192.168.1.1

That way, all devices in the two VLANs will be able to communicate with each other...

Pls do remember to rate posts...

Paresh

New Member

Re: Creating vlans for different networks on one switch

We dont want devices in these networks to have access to each other. Devices on the 172.16.0.0 network shouldn't have access to devices on the 192.168.0.0 network. These are totally different networks with different functions and interests. Is this possible?

Purple

Re: Creating vlans for different networks on one switch

That is certainly possible.

You would add the following to the config example I gave earlier.

access-list 101 deny ip any 192.168.0.0 0.0.0.255

access-list 101 permit ip any any

!

access-list 102 deny ip any 172.16.0.0 0.0.0.255

access-list 102 permit ip any any

!

interface vlan10

ip access-group 101 in

!

interface vlan20

ip access-group 102 in

The other option is not to create the VLAN interfaces at all (if your hosts don't need any external access at all). In that case, there would not be any routing between the VLANs at all.

Pls do remember to rate posts.

Paresh

356
Views
8
Helpful
7
Replies
CreatePlease login to create content