Multiple VLAN In Same Subnet

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Create Date: Oct 7 2013 3:42PM

Hello Folks,

I wanted to know if its possible and make sense,to have 2 VLANs with in the same subnet ? i.ee id like 2 VLANs say 20 and 21 and add 1 port to both the VLANs and another to just 21.
Please note that the hosts connected to these ports are in the same subnet (192.168.28.0/24) & the default gateways for both the VLANs is the same.

VLAN 20 - Tagged port 35,Untag 29
VLAN 21 - Tagged port 29,Untag 35

I cant seem to reach the host from one VLAN to another VLAN.Am i doing anything wrong ?

Thanks !!
 


(from routelessrouter)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Oct 7 2013 4:37PM

Doesn't make much sense, if you want the hosts to have the same subnet IP address and communicate with each other, why don't you put them in the same VLAN?

If somehow you need 2 vlans, you should add vlan translation to them (21 as a member of 20, or vice-versa). That way you wouldn't need to add the vlan as tagged to the ports, only untagged. Probably your host does not know which vlan he is and will not tag anything in the packets, so only the untagged ports make sense.

If that does not answer your question, please explain what you're trying to do with 2 vlans.

(from Luis_Coelho)
Photo of bhaskar

bhaskar

  • 60 Points
Good question! but then there is another way one can see. if we have to use different subnet, they why use vlan at all? probably answer to this will clear my confusion :(
Photo of Drew C.

Drew C., Community Manager

  • 37,336 Points 20k badge 2x thumb
VLANs are used to separate broadcast domains (subnets).  You can tag multiple VLANs on a single port.  You can only have one untagged VLAN per port as well.
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Oct 7 2013 6:29PM

Thanks for replying.

Id like to a ftp host in a VLAN say VLAN 21 and have just 1-2 hosts access it.These hosts are in VLAN20 (untagged).Does that mean that the ports which connect to these hosts in VLAN20 should be tagged with VLAN 21? I know there are other ways how this can be accomplished,(i dont want to use DMZ or acls at the moment),but i am trying to see this can be done just with VLAN.

What i am wanting to do is more or less a Private VLAN sort of a setup.Check out the second diagram.

http://packetlife.net/blog/2010/aug/3...

Thanks.

(from routelessrouter)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Oct 8 2013 12:47PM

Well, to acomplish that with only VLANs, you would have to add a second (virtual) interface to each of the hosts that will access the ftp, and that interface MUST be configured to use vlan tags. Also, those virtual interfaces plus the ftp server interface must have IP address from another subnet.

I have no idea if it is possible to add a tagged interface in Windows, but it is with linux.

I think you still didn't get the concept of a tagged vlan, try to visualize it as a second ethernet cable, with a different color (tag). That cable must be connected on another interface (usually virtual) so it is commonly used between 2 switches to prevent using a lot of cables between them. Hosts usually don't tag their packets, so you put them in untagged ports (thus belonging to only one vlan).

(from Luis_Coelho)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Oct 11 2013 7:11AM

thanks mate.

For now what i have done is,i have added the Ftphost to a new VLAN called VLAN10 and all my desktops are in VLAN28 default (untagged).The inter vlan routing between vlan28 and vlan 10 is disabled on my extreme switch.But,if i have to have one odd host in VLAN28 access the ftphost in VLAN10,i may have to enable the routing for the entire VLAN?Or may be enable Intervlan routing and use ACLS on the switch to block access to VLAN28 to VLAN10,except that one host ?

(from routelessrouter)

This conversation is no longer open for comments or replies.