Single domain two IP subnets

[Kurt]

This is an EXCELLENT tutorial on VLANs. Not weighted too heavily toward
Cisco. It really explains how VLANs segregate networks into broadcast
domains and demonstrates how routers are used to forward traffic BETWEEN
Vlans. If you have the time, give it a read.

http://www.2000trainers.com/article.aspx?articleID=65&page=1

....kurt

 

[Herb Martin]

This is an EXCELLENT tutorial on VLANs. Not weighted too heavily toward
Cisco. It really explains how VLANs segregate networks into broadcast
domains and demonstrates how routers are used to forward traffic BETWEEN
Vlans. If you have the time, give it a read.

Do you not even see what you have written above that
than a VLAN Switch ROUTES between the various
VLANs on that switch (and perhaps elsewhere) AND
BRIDGES all segments on the same VLAN?

Think it through real carefully....

(You article even discusses how ROUTING is used between
VLANs; since each VLAN is a broadcast domain unto itself
this is required for IP to function.)

 

[Kurt]

A VLAN SWITCH (Do you see the word SWITCH?) does NOT route between VLANS.
ROUTERS ROUTE between VLANS. SWITCHES create the VLANS the ROUTERS ROUTE
between. Did you read ANY of the tutorials at the links I provided? Have you
even bothered to read ANYTHING about this? Why don't you READ what EVERYBODY
other than you has to say about this. You are arguing with someone who
creates VLANs for Banks, Hospitals, Between Cities - every day! Do you
really think I can do that without knowing how a VLAN works? Sheesh... I bet
you think you know more about hearts than a cardiologist!

Please, please read and learn.

This is an EXCELLENT tutorial on VLANs. Not weighted too heavily toward
Cisco. It really explains how VLANs segregate networks into broadcast
domains and demonstrates how routers are used to forward traffic BETWEEN
Vlans. If you have the time, give it a read.

Do you not even see what you have written above that
than a VLAN Switch ROUTES between the various
VLANs on that switch (and perhaps elsewhere) AND
BRIDGES all segments on the same VLAN?

Think it through real carefully....

(You article even discusses how ROUTING is used between
VLANs; since each VLAN is a broadcast domain unto itself
this is required for IP to function.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

This is an EXCELLENT tutorial on VLANs. Not weighted too heavily toward
Cisco. It really explains how VLANs segregate networks into broadcast
domains and demonstrates how routers are used to forward traffic BETWEEN
Vlans. If you have the time, give it a read.

http://www.2000trainers.com/article.aspx?articleID=65&page=1

...kurt

 

[Herb Martin]

A VLAN SWITCH (Do you see the word SWITCH?) does NOT route between VLANS.
ROUTERS ROUTE between VLANS. SWITCHES create the VLANS the ROUTERS ROUTE
between.

And practically all VLAN switches are also routers internally
which allows them to ROUTE between their VLANs. Were
they not, they would need an external router to do this job and
thus to move traffic from one VLAN to another is a ROUTING
job.

You have apparently taken the word "Switch" (applied to the box
as a whole) and incorrectly assumed that these are not HYBRID
DEVICES which combine configurable bridged segments comprising
multiple PORTS with routing to other such VLAN segments.

Did you read ANY of the tutorials at the links I provided? Have you even
bothered to read ANYTHING about this? Why don't you READ what EVERYBODY
other than you has to say about this.

Yes, and you article agrees with me explicitly.

I am sorry if you ability to read English is so poor but that I
can not fix by mere explanation.

Arguing this further is just making you look foolish and incompetent
as you were trying to avoid. Note that this appearance has NOTHING
to do with me, except that you are choosing to direct your responses
to me.

You are arguing with someone who creates VLANs for Banks, Hospitals,
Between Cities - every day! Do you really think I can do that without
knowing how a VLAN works?

Apparently you still misunderstand bridging and routing and how
this applies to VLANs.

This was you original error which you continue to insist on comitting.

Sheesh... I bet you think you know more about hearts than a cardiologist!

Cardiologists, no, but perhaps some in other fields. It isn't really
that hard if you apply yourself and are willing to learn.

Do you know what they call the guy who finishes last in medical
school?

Answer: Dr.


The point of this old joke can be applied to someone who sites
evidence of employment as evidence of expertise but cannot
give the simple basics or even understand them when they are
explained carefully.

Think it through this time PLEASE, as I have no reason to wish
to embarrass you further due to your insistence on remaining
ignorant.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Please, please read and learn.

This is an EXCELLENT tutorial on VLANs. Not weighted too heavily toward
Cisco. It really explains how VLANs segregate networks into broadcast
domains and demonstrates how routers are used to forward traffic BETWEEN
Vlans. If you have the time, give it a read.

Do you not even see what you have written above that
than a VLAN Switch ROUTES between the various
VLANs on that switch (and perhaps elsewhere) AND
BRIDGES all segments on the same VLAN?

Think it through real carefully....

(You article even discusses how ROUTING is used between
VLANs; since each VLAN is a broadcast domain unto itself
this is required for IP to function.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

This is an EXCELLENT tutorial on VLANs. Not weighted too heavily toward
Cisco. It really explains how VLANs segregate networks into broadcast
domains and demonstrates how routers are used to forward traffic BETWEEN
Vlans. If you have the time, give it a read.

http://www.2000trainers.com/article.aspx?articleID=65&page=1

...kurt

 

[Kurt]

I do believe you are finally starting to get it! Still a couple of
misconceptions.

And practically all VLAN switches are also routers internally
which allows them to ROUTE between their VLANs

Wrong. Only layer-3 switches do both. Expect to pay at least ten times the
cost of a managed layer-2 switch for a layer-3. No one would buy a layer-3
for $4000 if they could do the same job with a layer-2 for $400.

they would need an external router to do this job and
thus to move traffic from one VLAN to another is a ROUTING
job.

YES, YES! You've got it!!

You have apparently taken the word "Switch" (applied to the box
as a whole) and incorrectly assumed that these are not HYBRID
DEVICES which combine configurable bridged segments comprising
multiple PORTS with routing to other such VLAN segments.

As I've stated multiple times, there are switches that do both. They are
called Layer-3 switches. I have 4 of them on my network ($30,000 each,
ugg!). They handle the core layer-2 network functions (VLANS) AND they ALSO
perform the core routing. But even on a layer-3 switch, routing is set up
completely separately from the VLAN setup. The other 150 or so switches that
handle VLAN trunking, distribution and endpoint termination are all managed
layer-2 switches. Layer-3's are very rare by comparison.

Yes, and you article agrees with me explicitly.

NO, it does not. Here's an excerpt from page 3

"For this reason, many companies have decided to implement Layer 3 switches
strategically throughout their network. Regardless of the method chosen, it's
most important for you to recognize that when a host on one VLAN wants to
communicate with a host on another, a router must somehow be involved."

The word strategically says it all. You use them sparingly and strategically
when needed.

I'm very glad you now have a clearer understanding of how VLANs work. Now,
go back and look at my original post on how I would set up that network. A
Layer-2 managed switch on each dependent subnet, one Layer 3 switch
strategically located on Subnet A where it could serve as both router
between segments that need to communicate and gatekeeper between segments
that must be isolated. It still allows the "island" - Subnet C to
communicate with the DC / DNS server on VLAN A, but with the access-list in
place, prevents any contact between Subnet C and workstations in any of the
other subnets.

Works, huh?

....kurt

 

[Herb Martin]

I do believe you are finally starting to get it! Still a couple of
misconceptions.



Wrong. Only layer-3 switches do both. Expect to pay at least ten times the
cost of a managed layer-2 switch for a layer-3. No one would buy a layer-3
for $4000 if they could do the same job with a layer-2 for $400.

No, the point was always about the NEED to ROUTER between
VLANs and NOT which particular machines (same or different)
do the routing.)

You're misconceptions were about the basics of IP routing and
bridging, and not particular hardware.

You seem to have learned this by reference to hardware specifics
rather than a deep -- and very simple -- understanding of IP itself
which is where the discussion began and now ends.

 

[Kurt]

I give up!

I do believe you are finally starting to get it! Still a couple of
misconceptions.



Wrong. Only layer-3 switches do both. Expect to pay at least ten times
the cost of a managed layer-2 switch for a layer-3. No one would buy a
layer-3 for $4000 if they could do the same job with a layer-2 for $400.

No, the point was always about the NEED to ROUTER between
VLANs and NOT which particular machines (same or different)
do the routing.)

You're misconceptions were about the basics of IP routing and
bridging, and not particular hardware.

You seem to have learned this by reference to hardware specifics
rather than a deep -- and very simple -- understanding of IP itself
which is where the discussion began and now ends.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

YES, YES! You've got it!!


As I've stated multiple times, there are switches that do both. They are
called Layer-3 switches. I have 4 of them on my network ($30,000 each,
ugg!). They handle the core layer-2 network functions (VLANS) AND they
ALSO perform the core routing. But even on a layer-3 switch, routing is
set up completely separately from the VLAN setup. The other 150 or so
switches that handle VLAN trunking, distribution and endpoint termination
are all managed layer-2 switches. Layer-3's are very rare by comparison.


NO, it does not. Here's an excerpt from page 3

"For this reason, many companies have decided to implement Layer 3
switches strategically throughout their network. Regardless of the method
chosen, it's most important for you to recognize that when a host on one
VLAN wants to communicate with a host on another, a router must somehow
be involved."

The word strategically says it all. You use them sparingly and
strategically when needed.

I'm very glad you now have a clearer understanding of how VLANs work.
Now, go back and look at my original post on how I would set up that
network. A Layer-2 managed switch on each dependent subnet, one Layer 3
switch strategically located on Subnet A where it could serve as both
router between segments that need to communicate and gatekeeper between
segments that must be isolated. It still allows the "island" - Subnet C
to communicate with the DC / DNS server on VLAN A, but with the
access-list in place, prevents any contact between Subnet C and
workstations in any of the other subnets.

Works, huh?

...kurt