If you have one host on the 192.168.10.128/25 subnet, and another host on the 192.168.10.192/26 subnet, then there may be a problem in communication. For example, if you had Host1 and Host2 connected to a switch with the following addresses:
then these two hosts would communicate directly.
If you had the following addresses:
Then they wouldn’t communicate directly. This is because, from Host2’s point of view, Host1 is in a different subnet. (192.168.10.150 is outside of the 192.168.10.192/26 network). But from Host1’s point of view, Host2 is in the same subnet. (192.168.10.201 is inside of the 192.168.10.128/25 network). So a ping from Host1 to Host2 would reach Host2, but the reply would not.
Now in your explanation, you are also referring to VLANs 10 and 20, and hosts being trunked to both VLANs. I’m not sure what you mean there, as hosts are typically connected to an access port that has a single VLAN. Can you elaborate on this?
I hope I have addressed your questions sufficiently. If not, please clarify with a network diagram so that we can further understand your question.
Hi Rene, can you please tell why the inter VLAN routing is not included in your new CCNP course, if I’m wrong please refer me to the right link within the course, i know you do have that course in the website but it is separate from the CCNP course.
I got a question about vlans, wifi and a guestnetwork. I give the guest their own vlan, but uow can prohibit people in that guest vlan access to critical server/printers? Because, when having one router, somewhere i need to add that guest vlan into the vlans trunk list.
Regardless of whether you are applying this to a wireless or wired network, when you create a VLAN, users in that VLAN will have direct access to all other hosts within that VLAN. They will not have any access to other VLANs, unless you explicitly configure routing between VLANs.
By separating a network into VLANs, you can then decide which VLANs will have access to each other, and which will not. You can also apply access lists to block traffic to particular IP addresses within VLANs, thus providing you with more granular control of what communication to allow and what communication to deny.
In your particular case, if you ensure that you have no servers, printers, or other critical hosts on the same VLAN as your Wi-Fi guest hosts, then you can simply deny any routing between the guest VLAN and other VLANs that you don’t want guests to have access to. Simply route them out to the Internet.
For more information on how to achieve many of these features, take a look at the following lesson: