Introduction to VLANs

Hello Maksym

If you have one host on the 192.168.10.128/25 subnet, and another host on the 192.168.10.192/26 subnet, then there may be a problem in communication. For example, if you had Host1 and Host2 connected to a switch with the following addresses:

  • Host1 192.168.10.200/25
  • Host2 192.168.10.201/26

then these two hosts would communicate directly.

If you had the following addresses:

  • Host1 192.168.10.150/25
  • Host2 192.168.10.201/26

Then they wouldn’t communicate directly. This is because, from Host2’s point of view, Host1 is in a different subnet. (192.168.10.150 is outside of the 192.168.10.192/26 network). But from Host1’s point of view, Host2 is in the same subnet. (192.168.10.201 is inside of the 192.168.10.128/25 network). So a ping from Host1 to Host2 would reach Host2, but the reply would not.

Now in your explanation, you are also referring to VLANs 10 and 20, and hosts being trunked to both VLANs. I’m not sure what you mean there, as hosts are typically connected to an access port that has a single VLAN. Can you elaborate on this?

I hope I have addressed your questions sufficiently. If not, please clarify with a network diagram so that we can further understand your question.

I hope this has been helpful!

Laz

Hi Rene, can you please tell why the inter VLAN routing is not included in your new CCNP course, if I’m wrong please refer me to the right link within the course, i know you do have that course in the website but it is separate from the CCNP course.

Thanks

Hello!

Take a look at this post:

I hope this has been helpful!

Laz

I got a question about vlans, wifi and a guestnetwork. I give the guest their own vlan, but uow can prohibit people in that guest vlan access to critical server/printers? Because, when having one router, somewhere i need to add that guest vlan into the vlans trunk list.

Hello Joh

Regardless of whether you are applying this to a wireless or wired network, when you create a VLAN, users in that VLAN will have direct access to all other hosts within that VLAN. They will not have any access to other VLANs, unless you explicitly configure routing between VLANs.

By separating a network into VLANs, you can then decide which VLANs will have access to each other, and which will not. You can also apply access lists to block traffic to particular IP addresses within VLANs, thus providing you with more granular control of what communication to allow and what communication to deny.

In your particular case, if you ensure that you have no servers, printers, or other critical hosts on the same VLAN as your Wi-Fi guest hosts, then you can simply deny any routing between the guest VLAN and other VLANs that you don’t want guests to have access to. Simply route them out to the Internet.

For more information on how to achieve many of these features, take a look at the following lesson:

I hope this has been helpful!

Laz

many thanks for the reply, so acl’s to deny access to the regular network should do the trick?