• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Help me understand VLANs (please)

C

clanderson

Junior Member
I need to setup a switch that will communicate with two subnets; 10.x.x.x and 204.x.x.x. If I create a VLAN for each of the two subnets, how does an end-point device communicate to/past the switch?

Please help - my brain is a bit tangled at the moment...
 
If it's a simple layer 2 switch, then it's effectively the same as having two completely separate "dumb" switches that happen to live in the same box, and end devices on one subnet/VLAN can't communicate with devices on the other subnet/VLAN.

Unless there's a router (layer 3) routing between the two subnets/VLANs. (The router would have to have a way to communicate with both VLANs - either a separate network connection to each, or a single "Trunk" line to the switch.)

A layer 3 ("smart") switch basically throws a simple (or sometimes not so simple) router into the same box so devices on separate VLANs/subnets can communicate. (Depending on how you have the router configured.)
 
Dave has explained it. You need a layer 3 device to do the routing or the two VLANs won't be able to talk.
 
Yep need a managed switch, but you also need a router that can handle vlans, for inter vlan routing.

My setup at home is pfsense with two Dell 24 port managed switches and several vlans. Pfsense has various rules for what can/can't access what from/on each vlan. It's quite configurable so you can isolate risk from different parts of the network. Ex: Wifi is on it's own vlan and can only access the servers that I need from my phone. So if my wifi gets hacked access to the rest of stuff is limited. I also have a vlan for internet facing stuff like my game server, so if that gets hacked, they don't get access to the rest of my network etc...

You can think of vlans as being a "sub switch" and at the router level each vlan is a virtual interface to connect those switches.

There are some specific details and terminology to know such as vlan tagging but I will leave that as an exercise to the reader as this sounds very homeworkish. 😛
 
MtnMan said:
The title of this area of the forum is "Networking", not "please do my homework for me"
Click to expand...

It's also not called "Making intolerant assumptions". I work at a small WISP and I'm just trying to learn. Unfortunately I have to do so by being thrown into things I'm not familiar with.

Thanks for all of the help guys! That's exactly what I was thinking. Unfortunately I've got a boss that insists it should "work without a router". I'm not sure he knows as much as he thinks.
 
Whenever traffic from one LAN must reach a different LAN, there is at least one router (aka gateway) involved. Only isolated, non-routed subnets have no router attached. VLAN is no different from LAN on logical level.

clanderson said:
I've got a boss that insists it should "work without a router". I'm not sure he knows as much as he thinks.
Click to expand...
Perhaps his concept of "router" differs from yours. Similarly, on this Forum there are plenty of threads about "routers", but in reality they are about cheap consumer devices that admittedly route too and the questions are not about routing.

Could it be that a L3 switch fulfils his "without router" demand, because there will be no separate, additional physical "router" box next to the switch.
 
Maybe install free GNS3 on your PC and start learning network routing, VLANs, etc.

There are many tutorials on youtube.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top