Dabbling with Vlans - ports Vs. subnet
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Dabbling with Vlans - ports Vs. subnet

  1. #1
    Member
    Join Date
    Feb 2003
    Posts
    47

    Dabbling with Vlans - ports Vs. subnet

    hello folks,

    My question is about .. obviously.. vlans.

    I have a 3Com 3300 Switch with Vlan support. I added the first 6 ports to one vlan [ID:190], the other 6 to another vlan[ID:191]. Didn't attach a Layer 3 device and just wanted to check if the switch segregates machines on different vlans. I attached a machine to port 1 and another to port 7. However, both of these are within the same subnet range - 192.168.100.0/22 [MachineA:192.168.100.10; MachineB: 192.168.100.15]

    Both machines can ping each other inspite of being connected to ports which are in different vlans.

    Q SHouldn't the switch prevent any communication between machines on different vlans, even if both are in the same subnet?

    The switch is after all a Layer 2 device. It wouldn't be even able to process IP addresses. All it would know is which mac is in which Vlan's address table. Rite?

    Thanks for reading this far..

    - Scim -
    _scimitar_

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Uhhh....I've never used 3com switches but would be willing to bet that if your vlans aren't tagged all ports are a member of the default vlan as well.

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Im not proficient on that 3COm device, but generically you should avoid avoid bridging between vlans to maintain them isolate from each other.
    on Layer 2, switch doesnt care about the protocol. It acts at ETHERNET level. So protocol doesnt matter.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Member
    Join Date
    Feb 2003
    Posts
    47
    hiya Thread/cacosapo

    I think you might be right about that Thread_killer. Anyways, so I telnetted to the switch, and removed all ports.. yes, all ports from VLAN 1. *Poof*, connection gone. Can't ping to the switch, can't view its web management interface, nothing. Connected to the console, readded the ports to vlan 1, still nothing. Reset the switch to Factory defaults, reapplied IP and all.. back to working.

    The 3Com switch allows creation of Vlans and assigning of ports to these vlans as either '802.11q' tagged or no tag. Thread, would you kindly take out 10 minutes to just explain the following please?

    a) Why'd I lose connection by removing all ports from Vlan1
    b) Whats Vlan 1 for?
    c) What are tagged and untagged ports?
    d) whats the logic behind tagging/untagging ports?
    e) If I create a Vlan, and add ports to it, whats the whole point of adding them as 802.11q tagged or untagged?
    e) What switches do you use at ur place? [Working in a university myself, here its all 3Com with Cisco at the backbone places. Thats only cause the college has a license for 3Com Net Supervisor. Would like to know what other switches are used by folks]

    Again, thanx a million for your time

    -Scim-
    _scimitar_

  5. #5
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    Originally posted here by Scimitar

    a) Why'd I lose connection by removing all ports from Vlan1
    b) Whats Vlan 1 for?
    c) What are tagged and untagged ports?
    d) whats the logic behind tagging/untagging ports?
    e) If I create a Vlan, and add ports to it, whats the whole point of adding them as 802.11q tagged or untagged?
    e) What switches do you use at ur place? [Working in a university myself, here its all 3Com with Cisco at the backbone places. Thats only cause the college has a license for 3Com Net Supervisor. Would like to know what other switches are used by folks]

    Again, thanx a million for your time

    -Scim- [/B]
    i've never worked with 3Com switches either.

    you lost the connection because you don't have any ports assigned to a vlan. have you removed the vlans from your earlier config? if not, then there should be no connection as they reside on different virtual LAN's.

    vlan1 is the default. it's there so the switch will work out of the box. switch ports won't work unless they are assigned to a vlan. conversly. a newly defined vlan goes unused unless it has ports assigned to it. it just makes sense to assign all ports to the default instead of assigning three of them...don't you think?

    frame tagging is the process of attaching an id to the frames. this allows you to identify the frames. but this also slows down the switch.

    why would you want to tag frames? tagging frames means that you can keep track of the ports the frames come from. this means that by checking the vlan database the switch is ``aware'' of vlan that the frame came from. this allows you to run things like the Spanning Tree Protocol seperately for each vlan.

    question d is the same as e. 802.1q (dot1q) is the tagging protocol developed by the IEEE. Cisco came up with the ISL. dot1q adds the ID to the frame whereas ISL encapsulates the original frame.

    i mainly work with a catalyst 3550. i've used another switch also. but not that much.
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  6. #6
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Actually tagging is way for you to transport data from multiple VLANs over a single connection, thereby utilizing less ports from each switch. Instead of using one port from each switch for each VLAN, you can use one port from each switch for almost ANY numbers of VLANs. (the limit has to do with which manufacturer of switch you use)

    Hope that made sense.

    Buy CCNA companion 1 if you need to know, or for that matter any other beginner's networking book.


    Peace
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    Originally posted here by KorpDeath
    Actually tagging is way for you to transport data from multiple VLANs over a single connection, thereby utilizing less ports from each switch. Instead of using one port from each switch for each VLAN, you can use one port from each switch for almost ANY numbers of VLANs. (the limit has to do with which manufacturer of switch you use)

    Hope that made sense.

    Buy CCNA companion 1 if you need to know, or for that matter any other beginner's networking book.


    Peace
    tagging is more primative than that. that's trunking.
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  8. #8
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    So sorry I was getting the two mixed up. Tagging was used for QoS in A VOIP LAN. Trunking was a way for transporting multiple VLANs over a single connection, my bad. It's been a while.

    Thanks (V)?|><.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  9. #9
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Originally posted here by (V)/\><

    why would you want to tag frames? tagging frames means that you can keep track of the ports the frames come from. this means that by checking the vlan database the switch is ``aware'' of vlan that the frame came from. this allows you to run things like the Spanning Tree Protocol seperately for each vlan.

    I didn't suggest that he tag, I said if he hadn't then he'd still have his ports in the default vlan. With the equipment I use, tagging the port immediately removes it from vlan 1.

    Now for Scimitar...since it looks like just about everything else has been answered, I'll answer question e) (both of them )

    I use Cisco 29xx 35xx 3550's 4908's 4003's, 4006's, 5509's, and LS1010's. Before I took this job, I made a pretty good living installing CAT based chassis switches for telco's and big businesses.
    From Foundry I use FES 2402's, 4802's, 9604's, 12 GCF's, and Fast Iron 400's and 800's.

    For the last almost year and a half I have steadily been replacing all my Cisco gear with Foundry. This is some IMHO stuff here, but as far as I'm concerned, Cisco makes crappy switches. I still use their routers all over the place where I need , frame-relay, Serial and ISDN links, but if I can get away with routing Ethernet, I'm all about the Foundry stuff these days.

    I wrote the RFP for, managed the installation of, and am the HMFIC of the world's largest (we think) point-to-multipoint wireless WAN. (Seriously, it's like the first thing on my resume.) At each of my cell towers, I am using Foundry FES 4802's with premium layer 3 code for all the connections. Which brings us to the first question e) What's the point of tagging?

    Glad you asked. Being a point to multipoint system, what is actually plugged into the switch at the cell towers is a Base Station Unit (BSU). At each of my remote sites, there is a Subscriber Unit (SU) that talks to a BSU. There are 6 BSU's per cell tower, each covering a 60 degree sector. Well, in that 60 degrees I have much more than one SU. So let's say there are three sites, A,B, and C sharing one BSU. That BSU is plugged into one port. What happens when Site A sends an OSPF update to the rest of the network? Well, the downstream switch floods it, but it doesn't flood it out the port it came in on. Therefore site B and C don't get the OSPF update. After a short period of time, the db's are inconsistent as hell all over the network and things start crashing. Tagging solves that by the switch knowing that there are more SU's attached to the same port, therefore the LSA's go out and the db stays up to date. Also without tagging site A can't talk directly to site B or C, because ARP broadcasts don't go out the same port which they are received on. Now...there are other ways this could have been done besides tagging (creating multiple networks with sub-interfaces and the like) but tagging took care of it.

  10. #10
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    no big deal. it's easy to confuse those 'cause when you set up a trunk you have to specify what type of tagging you want to use.


    actually, Scimitar, your questions d and e are not really the same. or not the same at all. to answer e) properly i'd say the point of it is to specify a trunk! :smiley-face:

    you should only need one of these per switch,

    and you only need one if you are connecting to other switches or a router.
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •