About VLANs - TCP-IP

This is a discussion on About VLANs - TCP-IP ; On May 27, 3:22*pm, vicky wrote: > On May 27, 3:32*am, Albert Manfredi wrote: > > > > > > > On May 25, 9:49*am, News Reader wrote: > > > > Albert Manfredi wrote: > > > > The ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 25 of 25

Thread: About VLANs

  1. Re: About VLANs

    On May 27, 3:22*pm, vicky wrote:
    > On May 27, 3:32*am, Albert Manfredi wrote:
    >
    >
    >
    >
    >
    > > On May 25, 9:49*am, News Reader wrote:

    >
    > > > Albert Manfredi wrote:
    > > > > The designated port is the port of a switch on a LAN that provides the
    > > > > lowest cost path back to the root switch from that LAN. The root port
    > > > > is the port on a switch that is "closest" to the root bridge. However,
    > > > > aside form these active ports of the spanning tree, edge ports also
    > > > > forward frames. Edge ports are ports through which no BPDUs travel,

    >
    > > > With "spanning-tree portfast" enabled on edge ports, no BPDUs are seen..
    > > > Without the command, BPDUs are seen on the edge ports. Confirmed with
    > > > Wireshark.

    >
    > > You're right. I should have been more careful in that definition.

    >
    > > Switch ports can be administratively configured as edge ports, which
    > > allows RSTP to set them immediately to forwarding state and to cease
    > > transmitting any BPDUs. However, RSTP can also auto-detect edge ports,
    > > although 802.1D says this is an optional feature. It's in 14.8.2.1.3.

    >
    > > So in this case, although a switch transmits BPDUs on an edge port, it
    > > will receive no BPDUs at that port. That's how it can automatically
    > > detect the existence of an edge port, and set it to forwarding as soon
    > > as the determination is made.

    >
    > > Bert

    >
    > ---------------------------------------------
    >
    > Hi.
    > * * * One thing i want to ask .....
    > * * * *Is *it possible to support for multiple vlan in a single
    > port.....- Hide quoted text -
    >
    > - Show quoted text -


    ---------------------------------------------------------------


    please tell me

    Is in a port more than one vlan support can be provided ,
    and if , then also tell how????

    Thanks in advance

  2. Re: About VLANs

    On May 27, 8:19*am, vicky wrote:

    > Is in a port more than one vlan support can be provided ,
    > and if , then also tell how????


    The easiest way is to make the port 802.1Q VLAN-aware. That is, use
    the VLAN tag to allow multiple VLANs.

    But VLANs can also be defined by other means, such as by IP subnet, as
    we discussed previously. So you can create a list of IP subnets that
    belong to the same VLAN, at that port. Depends what the switch vendor
    allows you to do.

    Bert

  3. Re: About VLANs

    On May 27, 7:28 pm, Albert Manfredi wrote:
    > On May 27, 8:19 am, vicky wrote:
    >
    > > Is in a port more than one vlan support can be provided ,
    > > and if , then also tell how????

    >
    > The easiest way is to make the port 802.1Q VLAN-aware. That is, use
    > the VLAN tag to allow multiple VLANs.
    >
    > But VLANs can also be defined by other means, such as by IP subnet, as
    > we discussed previously. So you can create a list of IP subnets that
    > belong to the same VLAN, at that port. Depends what the switch vendor
    > allows you to do.
    >
    > Bert


    --------------------------------------------------------------------------------------------------------------------------------------


    Hi,
    I m taking an example .....

    eg:
    - switch 1
    - port 1 : untagged member of vlan 1 (connects to test-server-1)
    - port 2 : untagged member of vlan 2 (connects to mail-server-1)
    - port 3 : tagged member of vlan 1 and vlan 2 (connectes to switch 2,
    port 11)

    -switch 2 :
    - port 1 : untagged member of vlan 1 (connects to computer-1)
    - port 2 : untagged member of vlan 2 (connects to computer-2)
    - port 11 : tagged member of vlan 1 and 2 (connects to switch 1 port
    3)

    In this setup :
    - vlans 1 and 2 span across 2 switches
    - computer-1 can only connect to test-server-1 (not to mail-server-1,
    because of the different vlan id)
    - computer-2 can only connect to mail-server-1 (not to test-server-1,
    because of the different vlan id)

    - ports 3 and 11 are the trunklines (because it connects vlan 1 and
    vlan 2 between 2 switches)
    -lets now say that we create a port 3 on switch 2, and make it an
    untagged member of vlan 1 and untagged member for vlan 2. If we
    connect a computer here, it wil be able to connect to test-server-1
    and mail-server-1. and both servers will be able to connect to the
    computer we added on port 3.

    ------------
    so here in this a port 3 is now a untagged member of vlan 1 and 2 , so
    by this is the statement of vlan theory is getting false .... the
    statement is no two vlans can communicate without the intervention of
    a layer 3 device...... but in the above example ...... this seems to
    be possible......

    wat u say about this.....
    please tell me....................

  4. Re: About VLANs

    In article <580dd0ef-f1c2-4b98-9522-f9095746df9b@g16g2000pri.googlegroups.com>,
    vicky wrote:

    >-lets now say that we create a port 3 on switch 2, and make it an
    >untagged member of vlan 1 and untagged member for vlan 2.


    Commonly, vendors do not permit that for port-based VLANs. I have
    found some switches that allow it, though.

    >If we
    >connect a computer here, it wil be able to connect to test-server-1
    >and mail-server-1. and both servers will be able to connect to the
    >computer we added on port 3.


    >so here in this a port 3 is now a untagged member of vlan 1 and 2 , so
    >by this is the statement of vlan theory is getting false .... the
    >statement is no two vlans can communicate without the intervention of
    >a layer 3 device...... but in the above example ...... this seems to
    >be possible......


    >wat u say about this.....


    Yes, it is a potential violation of VLAN security, which is one
    of the reasons that most switches do not allow ports to belong to
    multiple port-based VLANs.

    Historically, though, it has not been completely correct that
    devices in different VLANs were unable to communicate without
    the intervention of a layer 3 device. Although that was the ideal,
    in practice it was not uncommon in earlier devices for ARP packets
    to be permitted to enter ports of different VLANs. It is still permitted
    in devices that offer VLAN classification based upon packet headers
    (such as by IP subnet, or 802.2 vs 802.3 packet format):
    if a device is not currently in the tables, it is not known what
    packet format or packet headers it uses and so its VLAN is not known.

    Similar effects can, I believe, happen for 802.1x authentication,
    as the VLAN number of the port might not be known until authentication
    is complete, and authentication might not happen to start until an ARP
    for the device has been received.

  5. Re: About VLANs

    Folks:

    Apologies in advance for adding late to this thread, but, wanted to add $0.02 :

    In many practical implementations I've participated in, it is
    absolutely optimal to reduce the presence of STP in any form,
    condensing it to the smallest size and smallest footprint of STP trees.
    Although seemingly inefficient small, "micro" routing domains exhibit
    much more stability in the longer-term.

    It isn't always possible to implement this way, but in all my
    critical-services designs / implementations / troubleshoots, I optimize
    on this where L2-Ethernet & IP are concerned.

    /dmfh

    --
    _ __ _
    __| |_ __ / _| |_ 01100100 01101101
    / _` | ' \| _| ' \ 01100110 01101000
    \__,_|_|_|_|_| |_||_| dmfh(-2)dmfh.cx


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2