Help me understand VLANs (please)

[clanderson]

I need to setup a switch that will communicate with two subnets; 10.x.x.x and 204.x.x.x. If I create a VLAN for each of the two subnets, how does an end-point device communicate to/past the switch?

Please help - my brain is a bit tangled at the moment...

 

[dave_the_nerd]

If it's a simple layer 2 switch, then it's effectively the same as having two completely separate "dumb" switches that happen to live in the same box, and end devices on one subnet/VLAN can't communicate with devices on the other subnet/VLAN.

Unless there's a router (layer 3) routing between the two subnets/VLANs. (The router would have to have a way to communicate with both VLANs - either a separate network connection to each, or a single "Trunk" line to the switch.)

A layer 3 ("smart") switch basically throws a simple (or sometimes not so simple) router into the same box so devices on separate VLANs/subnets can communicate. (Depending on how you have the router configured.)

 

[iamwiz82]

Dave has explained it. You need a layer 3 device to do the routing or the two VLANs won't be able to talk.

 

[MtnMan]

The title of this area of the forum is "Networking", not "please do my homework for me"

 

[Red Squirrel]

Yep need a managed switch, but you also need a router that can handle vlans, for inter vlan routing.

My setup at home is pfsense with two Dell 24 port managed switches and several vlans. Pfsense has various rules for what can/can't access what from/on each vlan. It's quite configurable so you can isolate risk from different parts of the network. Ex: Wifi is on it's own vlan and can only access the servers that I need from my phone. So if my wifi gets hacked access to the rest of stuff is limited. I also have a vlan for internet facing stuff like my game server, so if that gets hacked, they don't get access to the rest of my network etc...

You can think of vlans as being a "sub switch" and at the router level each vlan is a virtual interface to connect those switches.

There are some specific details and terminology to know such as vlan tagging but I will leave that as an exercise to the reader as this sounds very homeworkish.

 

[clanderson]

The title of this area of the forum is "Networking", not "please do my homework for me"

It's also not called "Making intolerant assumptions". I work at a small WISP and I'm just trying to learn. Unfortunately I have to do so by being thrown into things I'm not familiar with.

Thanks for all of the help guys! That's exactly what I was thinking. Unfortunately I've got a boss that insists it should "work without a router". I'm not sure he knows as much as he thinks.

 

[mv2devnull]

Whenever traffic from one LAN must reach a different LAN, there is at least one router (aka gateway) involved. Only isolated, non-routed subnets have no router attached. VLAN is no different from LAN on logical level.

I've got a boss that insists it should "work without a router". I'm not sure he knows as much as he thinks.

Perhaps his concept of "router" differs from yours. Similarly, on this Forum there are plenty of threads about "routers", but in reality they are about cheap consumer devices that admittedly route too and the questions are not about routing.

Could it be that a L3 switch fulfils his "without router" demand, because there will be no separate, additional physical "router" box next to the switch.

 

[mxnerd]

Maybe install free GNS3 on your PC and start learning network routing, VLANs, etc.

There are many tutorials on youtube.