Why can't devices on different VLANs, but on the same subnet, communicate? The 2019 Stack...
If my opponent casts Ultimate Price on my Phantasmal Bear, can I save it by casting Snap or Curfew?
What is the most efficient way to store a numeric range?
Can a flute soloist sit?
Can I have a signal generator on while it's not connected?
What is the motivation for a law requiring 2 parties to consent for recording a conversation
Worn-tile Scrabble
Why couldn't they take pictures of a closer black hole?
What do I do when my TA workload is more than expected?
Cooking pasta in a water boiler
What does Linus Torvalds mean when he says that Git "never ever" tracks a file?
Getting crown tickets for Statue of Liberty
Old scifi movie from the 50s or 60s with men in solid red uniforms who interrogate a spy from the past
What do these terms in Caesar's Gallic Wars mean?
What to do when moving next to a bird sanctuary with a loosely-domesticated cat?
What is preventing me from simply constructing a hash that's lower than the current target?
How come people say “Would of”?
writing variables above the numbers in tikz picture
Why are there uneven bright areas in this photo of black hole?
Match Roman Numerals
I am an eight letter word. What am I?
Output the Arecibo Message
Inverse Relationship Between Precision and Recall
Can withdrawing asylum be illegal?
Why doesn't shell automatically fix "useless use of cat"?
Why can't devices on different VLANs, but on the same subnet, communicate?
The 2019 Stack Overflow Developer Survey Results Are InVirtual Local Area NetworkMultiple VLANs with same subnet behind single ASAHow does switch treat ingress tagged packet?How can hosts on two different VLANs communicate?Multiple Subnets in a VLANDifferent but overlapping Variable Length Subnet ranges on the same segmentAbout VLAN using different network, but VLAN ID is sameHow do VLANs differ between connected switches vs a single switch?Routing Between 2 different vlans but same subnetHow to turn off auto-routing between interfaces in same router ? is there any command for that?How can all devices connected to the router be in the same subnet?
I have a question about switching. I have two devices connected to a switch with IP addresses 192.168.5.20 and 192.168.5.10. Both devices have the same prefix, /24. That means they are on the same subnet.
If I split these devices on different VLANs (10 and 20) on the switch, it will not communicate although they are on same subnet. Why does that happen?
switch vlan subnet
edited 14 hours ago
Peter Mortensen
1475
asked 16 hours ago
Jim PapJim Pap
473
New contributor
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I have a question about switching. I have two devices connected to a switch with IP addresses 192.168.5.20 and 192.168.5.10. Both devices have the same prefix, /24. That means they are on the same subnet.
If I split these devices on different VLANs (10 and 20) on the switch, it will not communicate although they are on same subnet. Why does that happen?
switch vlan subnet
edited 14 hours ago
Peter Mortensen
1475
asked 16 hours ago
Jim PapJim Pap
473
New contributor
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2
You need a router to route between different Vlans. Also, when doing that, you cannot have the same IP subnet on those two Vlans.
– Cown
16 hours ago
4
Hello Jim Pap and welcome ... It's like you plugged your two hosts into two different switches, one labelled "LAN 10" and the other labelled "LAN 20". Configuring VLANs on your switch divides your switch into multiple, virtual, switches.
– jonathanjo
16 hours ago
1
This question is somewhat of a tautology. They can't because they can't, by design. The creation of separate VLANs logically segments the switched internetwork. You now need to use some form of inter-VLAN routing for these devices to communicate.
– WakeDemons3
11 hours ago
add a comment |
I have a question about switching. I have two devices connected to a switch with IP addresses 192.168.5.20 and 192.168.5.10. Both devices have the same prefix, /24. That means they are on the same subnet.
If I split these devices on different VLANs (10 and 20) on the switch, it will not communicate although they are on same subnet. Why does that happen?
switch vlan subnet
edited 14 hours ago
Peter Mortensen
1475
asked 16 hours ago
Jim PapJim Pap
473
New contributor
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I have a question about switching. I have two devices connected to a switch with IP addresses 192.168.5.20 and 192.168.5.10. Both devices have the same prefix, /24. That means they are on the same subnet.
If I split these devices on different VLANs (10 and 20) on the switch, it will not communicate although they are on same subnet. Why does that happen?
switch vlan subnet
switch vlan subnet
edited 14 hours ago
Peter Mortensen
1475
asked 16 hours ago
Jim PapJim Pap
473
New contributor
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 14 hours ago
Peter Mortensen
1475
asked 16 hours ago
Jim PapJim Pap
473
New contributor
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 14 hours ago
Peter Mortensen
1475
edited 14 hours ago
Peter Mortensen
1475
edited 14 hours ago
Peter Mortensen
1475
1475
asked 16 hours ago
Jim PapJim Pap
473
New contributor
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 16 hours ago
Jim PapJim Pap
473
asked 16 hours ago
Jim PapJim Pap
473
473
New contributor
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Jim Pap is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2
You need a router to route between different Vlans. Also, when doing that, you cannot have the same IP subnet on those two Vlans.
– Cown
16 hours ago
4
Hello Jim Pap and welcome ... It's like you plugged your two hosts into two different switches, one labelled "LAN 10" and the other labelled "LAN 20". Configuring VLANs on your switch divides your switch into multiple, virtual, switches.
– jonathanjo
16 hours ago
1
This question is somewhat of a tautology. They can't because they can't, by design. The creation of separate VLANs logically segments the switched internetwork. You now need to use some form of inter-VLAN routing for these devices to communicate.
– WakeDemons3
11 hours ago
add a comment |
2
You need a router to route between different Vlans. Also, when doing that, you cannot have the same IP subnet on those two Vlans.
– Cown
16 hours ago
4
Hello Jim Pap and welcome ... It's like you plugged your two hosts into two different switches, one labelled "LAN 10" and the other labelled "LAN 20". Configuring VLANs on your switch divides your switch into multiple, virtual, switches.
– jonathanjo
16 hours ago
1
This question is somewhat of a tautology. They can't because they can't, by design. The creation of separate VLANs logically segments the switched internetwork. You now need to use some form of inter-VLAN routing for these devices to communicate.
– WakeDemons3
11 hours ago
2
2
You need a router to route between different Vlans. Also, when doing that, you cannot have the same IP subnet on those two Vlans.
– Cown
16 hours ago
You need a router to route between different Vlans. Also, when doing that, you cannot have the same IP subnet on those two Vlans.
– Cown
16 hours ago
4
4
Hello Jim Pap and welcome ... It's like you plugged your two hosts into two different switches, one labelled "LAN 10" and the other labelled "LAN 20". Configuring VLANs on your switch divides your switch into multiple, virtual, switches.
– jonathanjo
16 hours ago
Hello Jim Pap and welcome ... It's like you plugged your two hosts into two different switches, one labelled "LAN 10" and the other labelled "LAN 20". Configuring VLANs on your switch divides your switch into multiple, virtual, switches.
– jonathanjo
16 hours ago
1
1
This question is somewhat of a tautology. They can't because they can't, by design. The creation of separate VLANs logically segments the switched internetwork. You now need to use some form of inter-VLAN routing for these devices to communicate.
– WakeDemons3
11 hours ago
This question is somewhat of a tautology. They can't because they can't, by design. The creation of separate VLANs logically segments the switched internetwork. You now need to use some form of inter-VLAN routing for these devices to communicate.
– WakeDemons3
11 hours ago
add a comment |
6 Answers
6
active
oldest
votes
The whole point of Virtual LAN, is to create separate Layer 2 LANs on a single physical device.
It is like building an armored and sonic-proof wall in a room to create 2 rooms. The people in each half of the room can no longer communicate with the people in the other half of the former room.
So you have two hosts on two distinct L2 networks without anything to allow them to communicate.
Note that in most cases it makes no sense to use the same subnet on two different VLANs. The standard case is to associate an IP network with a VLAN.
edited 14 hours ago
Cown
6,97631031
answered 16 hours ago
JFLJFL
12.2k11341
I'm hard-pressed to think of any case where using the same subnet on two different VLANs makes sense. Pretend you're a router, and you get a packet destined for 192.168.5.15. Which VLAN is that?
– Monty Harder
11 hours ago
@MontyHarder Depends. From which network (virtual or not) does it come?
– Deduplicator
8 hours ago
1
@Deduplicator I'm not sure why it matters what the source IP of the packet is. How do you know what VLAN an IP is if you're using the same IP range for two or more VLANs? It just doesn't make sense.
– Monty Harder
8 hours ago
add a comment |
One of the things VLAN's do is take a physical switch and break them up into multiple smaller "virtual" switches.
Meaning this Physical depiction of One switch and Two VLANs:
Is identical in operation to this Logical depiction of the same topology:
Even if the IP addresses in the 2nd image were in the same Subnet, you'll notice there is no "link" between the two virtual switches (i.e., VLANs), and therefore no possible way Hosts A/B can communicate with Hosts C/D.
In order for the hosts in the 2nd image to communicate with one another, you would need some sort of device to facilitate the communication from one "switch" to the other. The device that exists for that purpose is a Router -- hence, a Router is required for traffic to cross a VLAN boundary:
And due to how Router's work, each router interface must have it's own, unique IP Subnet. That is why every VLAN traditionally requires it's own unique IP subnet -- because if any communication is to happen between those VLANs, unique subnets will be required.
The images above are from my blog, you can read more about VLANs as a concept here, and about Routing between VLANs here.
answered 13 hours ago
EddieEddie
9,81022463
1
Trap for the unwary: Do not try to actually split a switch that way, THEN connect VLANs via untagged ports - unless you know exactly how the STP and CAM implementations in that switch are set up.
– rackandboneman
12 hours ago
1
@rackandboneman That is good advice. But, a point of clarity, the images in my post represent only one physical switch. The "two switch image" is the logical representation of one physical switch with two VLANs.
– Eddie
6 hours ago
add a comment |
IP subnets logically group hosts - hosts within the same subnet use their layer-2 connection to directly talk to each other. Talking to hosts on another subnet requires the use of a gateway/router.
VLANs physically group hosts - hosts within the same VLAN/broadcast domain/L2 segment can talk to each other directly. Hosts in different VLANs can't. (Don't beat me up - physically group isn't really correct but it marks my point.)
So, when two hosts are in the same IP subnet but on different VLANs/broadcast domains/L2 networks they can't communicate: the source host assumes the destination in within its local L2 network and therefore it tries to ARP the destination address (or NDP resolve for IPv6).
ARP works by sending a request as broadcast to the local L2 network and the host with the requested IP address answers with its MAC address. Since the destination host is outside the local network it never hears the ARP request and ARP fails.
Even if the source would somehow know the destination's MAC address and build a frame addressed to that MAC it would never reach the destination since it's outside the L2 network still. MACs from outside the local L2 network are meaningless and useless.
answered 7 hours ago
Zac67Zac67
32.8k22163
add a comment |
I expect you to have good understanding about Subnet masking. When you have separate VLANs you have to have unique ip address range with subnets.It is not essential.
VLANs is a separate LAN but it is a virtual.Additionally Virtual LAN for separating Networks in Same Switch.It will create separate broadcast domain in your switch. But when you create virtual LANs with Same ip it is useless.
In addition to that you need to configure Intervlan Routing on your switch.
answered 16 hours ago
serverAdmin123serverAdmin123
3407
2
No it's not impossible to have multiple VLANs with same subnet . It's unusual and somewhat discouraged but it's totally possible.
– JFL
16 hours ago
I will edit my answer thanks
– serverAdmin123
16 hours ago
@JFL True, it is possible, using either VRF's or some other form of separator, but i've yet to see any use case for this. Please enlighten me.
– Cown
15 hours ago
@JFL same issue for me as well. I just now tried in cisco packet tracer, with intervlan routing. I don't know whether issue with Cisco packet tracer. It is not work. I agree with cown. it is possible in VRF.
– serverAdmin123
15 hours ago
1
@Cown I didn't say it was a good idea nor it was possible to made them communicate togtether (but still it's possible with NAT). But I have some use cases. For example I have interconnection with providers that pass through some overlapping RFC1918 networks. Those are connected to the same switches in different VLANs and don't communicate with each others.
– JFL
15 hours ago
|
show 1 more comment
The point of the VLANs is to have network segmentation. You could also achieve the same (some caveats aside) using subnets. Since your subnet is split into 2 different VLANs, your devices can not communicate on L2 network. You can setup IRB interface on the switch to allow communication between the VLANs. Alternatively, you can route the traffic via a firewall and allow selective communication between the VLANs. Ideally, you should design your network to have different subnets for each of the VLANs and then Firewall the traffic between VLANs. Hope this helps.
answered 11 hours ago
RickyRicky
1
New contributor
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Nonononono don’t use IRB in this situation... the problem is that the switch should never have been configured with two vlans across the same subnet. The best answer is put all hosts in one subnet in the same vlan.
– Mike Pennington
5 hours ago
add a comment |
Complementary to the existing answers, which cover the question from a design and theory point of view ...
Instead of asking "why don't they communicate?", let's ask "what happens when they try to communicate?"
First, what does it mean to configure a VLAN on a switch? In our example there are some sockets configured as VLAN 10, and some configured VLAN 20. The definition of a VLAN is that only sockets on the same VLAN are connected. What that means is that a frame received on a port in a given VLAN is only ever sent to ports of the same VLAN.
10 10 20 20 10 20 VLAN of port
1 2 3 4 5 6 Port number
===+===+===+===+===+===+===
| | | | | |
A B C D E F Hosts
In this diagram we have six hosts, ports 1, 2, 5 are on VLAN 10, ports 3, 4, 6 are on VLAN 20.
Suppose host A is statically configured as 192.168.5.10/24 and F is statically configured as 192.168.5.20/24, from the question. Suppose B to E have other static configuration addresses (doesn't matter what they are).
If A pings 192.168.5.20, it determines it's in the same /24, so the first thing that happens is an ARP request: WHO HAS 192.168.5.20, sent as an ethernet broadcast.
The switch receives the broadcast on port 1. This is VLAN 10, so it sends the broadcast out of ports 2 and 5, the other ports in VLAN 10. Hosts B and E receive the ARP request and ignore it as it's not their address.
That's it.
There will be no ARP reply; the next thing that happens will be a timeout on A, followed by subsequent repeat ARP requests, until the application gives up.
A host plugged into anything other than a VLAN 10 port will see nothing at all, whatever its IP address. This obviously includes F, which is 192.168.5.20.
answered 6 hours ago
jonathanjojonathanjo
12.2k1937
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Jim Pap is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f58364%2fwhy-cant-devices-on-different-vlans-but-on-the-same-subnet-communicate%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
The whole point of Virtual LAN, is to create separate Layer 2 LANs on a single physical device.
It is like building an armored and sonic-proof wall in a room to create 2 rooms. The people in each half of the room can no longer communicate with the people in the other half of the former room.
So you have two hosts on two distinct L2 networks without anything to allow them to communicate.
Note that in most cases it makes no sense to use the same subnet on two different VLANs. The standard case is to associate an IP network with a VLAN.
edited 14 hours ago
Cown
6,97631031
answered 16 hours ago
JFLJFL
12.2k11341
I'm hard-pressed to think of any case where using the same subnet on two different VLANs makes sense. Pretend you're a router, and you get a packet destined for 192.168.5.15. Which VLAN is that?
– Monty Harder
11 hours ago
@MontyHarder Depends. From which network (virtual or not) does it come?
– Deduplicator
8 hours ago
1
@Deduplicator I'm not sure why it matters what the source IP of the packet is. How do you know what VLAN an IP is if you're using the same IP range for two or more VLANs? It just doesn't make sense.
– Monty Harder
8 hours ago
add a comment |
The whole point of Virtual LAN, is to create separate Layer 2 LANs on a single physical device.
It is like building an armored and sonic-proof wall in a room to create 2 rooms. The people in each half of the room can no longer communicate with the people in the other half of the former room.
So you have two hosts on two distinct L2 networks without anything to allow them to communicate.
Note that in most cases it makes no sense to use the same subnet on two different VLANs. The standard case is to associate an IP network with a VLAN.
edited 14 hours ago
Cown
6,97631031
answered 16 hours ago
JFLJFL
12.2k11341
I'm hard-pressed to think of any case where using the same subnet on two different VLANs makes sense. Pretend you're a router, and you get a packet destined for 192.168.5.15. Which VLAN is that?
– Monty Harder
11 hours ago
@MontyHarder Depends. From which network (virtual or not) does it come?
– Deduplicator
8 hours ago
1
@Deduplicator I'm not sure why it matters what the source IP of the packet is. How do you know what VLAN an IP is if you're using the same IP range for two or more VLANs? It just doesn't make sense.
– Monty Harder
8 hours ago
add a comment |
The whole point of Virtual LAN, is to create separate Layer 2 LANs on a single physical device.
It is like building an armored and sonic-proof wall in a room to create 2 rooms. The people in each half of the room can no longer communicate with the people in the other half of the former room.
So you have two hosts on two distinct L2 networks without anything to allow them to communicate.
Note that in most cases it makes no sense to use the same subnet on two different VLANs. The standard case is to associate an IP network with a VLAN.
edited 14 hours ago
Cown
6,97631031
answered 16 hours ago
JFLJFL
12.2k11341
The whole point of Virtual LAN, is to create separate Layer 2 LANs on a single physical device.
It is like building an armored and sonic-proof wall in a room to create 2 rooms. The people in each half of the room can no longer communicate with the people in the other half of the former room.
So you have two hosts on two distinct L2 networks without anything to allow them to communicate.
Note that in most cases it makes no sense to use the same subnet on two different VLANs. The standard case is to associate an IP network with a VLAN.
edited 14 hours ago
Cown
6,97631031
answered 16 hours ago
JFLJFL
12.2k11341
edited 14 hours ago
Cown
6,97631031
edited 14 hours ago
Cown
6,97631031
edited 14 hours ago
Cown
6,97631031
6,97631031
answered 16 hours ago
JFLJFL
12.2k11341
answered 16 hours ago
JFLJFL
12.2k11341
answered 16 hours ago
JFLJFL
12.2k11341
12.2k11341
I'm hard-pressed to think of any case where using the same subnet on two different VLANs makes sense. Pretend you're a router, and you get a packet destined for 192.168.5.15. Which VLAN is that?
– Monty Harder
11 hours ago
@MontyHarder Depends. From which network (virtual or not) does it come?
– Deduplicator
8 hours ago
1
@Deduplicator I'm not sure why it matters what the source IP of the packet is. How do you know what VLAN an IP is if you're using the same IP range for two or more VLANs? It just doesn't make sense.
– Monty Harder
8 hours ago
add a comment |
I'm hard-pressed to think of any case where using the same subnet on two different VLANs makes sense. Pretend you're a router, and you get a packet destined for 192.168.5.15. Which VLAN is that?
– Monty Harder
11 hours ago
@MontyHarder Depends. From which network (virtual or not) does it come?
– Deduplicator
8 hours ago
1
@Deduplicator I'm not sure why it matters what the source IP of the packet is. How do you know what VLAN an IP is if you're using the same IP range for two or more VLANs? It just doesn't make sense.
– Monty Harder
8 hours ago
I'm hard-pressed to think of any case where using the same subnet on two different VLANs makes sense. Pretend you're a router, and you get a packet destined for 192.168.5.15. Which VLAN is that?
– Monty Harder
11 hours ago
I'm hard-pressed to think of any case where using the same subnet on two different VLANs makes sense. Pretend you're a router, and you get a packet destined for 192.168.5.15. Which VLAN is that?
– Monty Harder
11 hours ago
@MontyHarder Depends. From which network (virtual or not) does it come?
– Deduplicator
8 hours ago
@MontyHarder Depends. From which network (virtual or not) does it come?
– Deduplicator
8 hours ago
1
1
@Deduplicator I'm not sure why it matters what the source IP of the packet is. How do you know what VLAN an IP is if you're using the same IP range for two or more VLANs? It just doesn't make sense.
– Monty Harder
8 hours ago
@Deduplicator I'm not sure why it matters what the source IP of the packet is. How do you know what VLAN an IP is if you're using the same IP range for two or more VLANs? It just doesn't make sense.
– Monty Harder
8 hours ago
add a comment |
One of the things VLAN's do is take a physical switch and break them up into multiple smaller "virtual" switches.
Meaning this Physical depiction of One switch and Two VLANs:
Is identical in operation to this Logical depiction of the same topology:
Even if the IP addresses in the 2nd image were in the same Subnet, you'll notice there is no "link" between the two virtual switches (i.e., VLANs), and therefore no possible way Hosts A/B can communicate with Hosts C/D.
In order for the hosts in the 2nd image to communicate with one another, you would need some sort of device to facilitate the communication from one "switch" to the other. The device that exists for that purpose is a Router -- hence, a Router is required for traffic to cross a VLAN boundary:
And due to how Router's work, each router interface must have it's own, unique IP Subnet. That is why every VLAN traditionally requires it's own unique IP subnet -- because if any communication is to happen between those VLANs, unique subnets will be required.
The images above are from my blog, you can read more about VLANs as a concept here, and about Routing between VLANs here.
answered 13 hours ago
EddieEddie
9,81022463
1
Trap for the unwary: Do not try to actually split a switch that way, THEN connect VLANs via untagged ports - unless you know exactly how the STP and CAM implementations in that switch are set up.
– rackandboneman
12 hours ago
1
@rackandboneman That is good advice. But, a point of clarity, the images in my post represent only one physical switch. The "two switch image" is the logical representation of one physical switch with two VLANs.
– Eddie
6 hours ago
add a comment |
One of the things VLAN's do is take a physical switch and break them up into multiple smaller "virtual" switches.
Meaning this Physical depiction of One switch and Two VLANs:
Is identical in operation to this Logical depiction of the same topology:
Even if the IP addresses in the 2nd image were in the same Subnet, you'll notice there is no "link" between the two virtual switches (i.e., VLANs), and therefore no possible way Hosts A/B can communicate with Hosts C/D.
In order for the hosts in the 2nd image to communicate with one another, you would need some sort of device to facilitate the communication from one "switch" to the other. The device that exists for that purpose is a Router -- hence, a Router is required for traffic to cross a VLAN boundary:
And due to how Router's work, each router interface must have it's own, unique IP Subnet. That is why every VLAN traditionally requires it's own unique IP subnet -- because if any communication is to happen between those VLANs, unique subnets will be required.
The images above are from my blog, you can read more about VLANs as a concept here, and about Routing between VLANs here.
answered 13 hours ago
EddieEddie
9,81022463
1
Trap for the unwary: Do not try to actually split a switch that way, THEN connect VLANs via untagged ports - unless you know exactly how the STP and CAM implementations in that switch are set up.
– rackandboneman
12 hours ago
1
@rackandboneman That is good advice. But, a point of clarity, the images in my post represent only one physical switch. The "two switch image" is the logical representation of one physical switch with two VLANs.
– Eddie
6 hours ago
add a comment |
One of the things VLAN's do is take a physical switch and break them up into multiple smaller "virtual" switches.
Meaning this Physical depiction of One switch and Two VLANs:
Is identical in operation to this Logical depiction of the same topology:
Even if the IP addresses in the 2nd image were in the same Subnet, you'll notice there is no "link" between the two virtual switches (i.e., VLANs), and therefore no possible way Hosts A/B can communicate with Hosts C/D.
In order for the hosts in the 2nd image to communicate with one another, you would need some sort of device to facilitate the communication from one "switch" to the other. The device that exists for that purpose is a Router -- hence, a Router is required for traffic to cross a VLAN boundary:
And due to how Router's work, each router interface must have it's own, unique IP Subnet. That is why every VLAN traditionally requires it's own unique IP subnet -- because if any communication is to happen between those VLANs, unique subnets will be required.
The images above are from my blog, you can read more about VLANs as a concept here, and about Routing between VLANs here.
answered 13 hours ago
EddieEddie
9,81022463
One of the things VLAN's do is take a physical switch and break them up into multiple smaller "virtual" switches.
Meaning this Physical depiction of One switch and Two VLANs:
Is identical in operation to this Logical depiction of the same topology:
Even if the IP addresses in the 2nd image were in the same Subnet, you'll notice there is no "link" between the two virtual switches (i.e., VLANs), and therefore no possible way Hosts A/B can communicate with Hosts C/D.
In order for the hosts in the 2nd image to communicate with one another, you would need some sort of device to facilitate the communication from one "switch" to the other. The device that exists for that purpose is a Router -- hence, a Router is required for traffic to cross a VLAN boundary:
And due to how Router's work, each router interface must have it's own, unique IP Subnet. That is why every VLAN traditionally requires it's own unique IP subnet -- because if any communication is to happen between those VLANs, unique subnets will be required.
The images above are from my blog, you can read more about VLANs as a concept here, and about Routing between VLANs here.
answered 13 hours ago
EddieEddie
9,81022463
answered 13 hours ago
EddieEddie
9,81022463
answered 13 hours ago
EddieEddie
9,81022463
answered 13 hours ago
EddieEddie
9,81022463
9,81022463
1
Trap for the unwary: Do not try to actually split a switch that way, THEN connect VLANs via untagged ports - unless you know exactly how the STP and CAM implementations in that switch are set up.
– rackandboneman
12 hours ago
1
@rackandboneman That is good advice. But, a point of clarity, the images in my post represent only one physical switch. The "two switch image" is the logical representation of one physical switch with two VLANs.
– Eddie
6 hours ago
add a comment |
1
Trap for the unwary: Do not try to actually split a switch that way, THEN connect VLANs via untagged ports - unless you know exactly how the STP and CAM implementations in that switch are set up.
– rackandboneman
12 hours ago
1
@rackandboneman That is good advice. But, a point of clarity, the images in my post represent only one physical switch. The "two switch image" is the logical representation of one physical switch with two VLANs.
– Eddie
6 hours ago
1
1
Trap for the unwary: Do not try to actually split a switch that way, THEN connect VLANs via untagged ports - unless you know exactly how the STP and CAM implementations in that switch are set up.
– rackandboneman
12 hours ago
Trap for the unwary: Do not try to actually split a switch that way, THEN connect VLANs via untagged ports - unless you know exactly how the STP and CAM implementations in that switch are set up.
– rackandboneman
12 hours ago
1
1
@rackandboneman That is good advice. But, a point of clarity, the images in my post represent only one physical switch. The "two switch image" is the logical representation of one physical switch with two VLANs.
– Eddie
6 hours ago
@rackandboneman That is good advice. But, a point of clarity, the images in my post represent only one physical switch. The "two switch image" is the logical representation of one physical switch with two VLANs.
– Eddie
6 hours ago
add a comment |
IP subnets logically group hosts - hosts within the same subnet use their layer-2 connection to directly talk to each other. Talking to hosts on another subnet requires the use of a gateway/router.
VLANs physically group hosts - hosts within the same VLAN/broadcast domain/L2 segment can talk to each other directly. Hosts in different VLANs can't. (Don't beat me up - physically group isn't really correct but it marks my point.)
So, when two hosts are in the same IP subnet but on different VLANs/broadcast domains/L2 networks they can't communicate: the source host assumes the destination in within its local L2 network and therefore it tries to ARP the destination address (or NDP resolve for IPv6).
ARP works by sending a request as broadcast to the local L2 network and the host with the requested IP address answers with its MAC address. Since the destination host is outside the local network it never hears the ARP request and ARP fails.
Even if the source would somehow know the destination's MAC address and build a frame addressed to that MAC it would never reach the destination since it's outside the L2 network still. MACs from outside the local L2 network are meaningless and useless.
answered 7 hours ago
Zac67Zac67
32.8k22163
add a comment |
IP subnets logically group hosts - hosts within the same subnet use their layer-2 connection to directly talk to each other. Talking to hosts on another subnet requires the use of a gateway/router.
VLANs physically group hosts - hosts within the same VLAN/broadcast domain/L2 segment can talk to each other directly. Hosts in different VLANs can't. (Don't beat me up - physically group isn't really correct but it marks my point.)
So, when two hosts are in the same IP subnet but on different VLANs/broadcast domains/L2 networks they can't communicate: the source host assumes the destination in within its local L2 network and therefore it tries to ARP the destination address (or NDP resolve for IPv6).
ARP works by sending a request as broadcast to the local L2 network and the host with the requested IP address answers with its MAC address. Since the destination host is outside the local network it never hears the ARP request and ARP fails.
Even if the source would somehow know the destination's MAC address and build a frame addressed to that MAC it would never reach the destination since it's outside the L2 network still. MACs from outside the local L2 network are meaningless and useless.
answered 7 hours ago
Zac67Zac67
32.8k22163
add a comment |
IP subnets logically group hosts - hosts within the same subnet use their layer-2 connection to directly talk to each other. Talking to hosts on another subnet requires the use of a gateway/router.
VLANs physically group hosts - hosts within the same VLAN/broadcast domain/L2 segment can talk to each other directly. Hosts in different VLANs can't. (Don't beat me up - physically group isn't really correct but it marks my point.)
So, when two hosts are in the same IP subnet but on different VLANs/broadcast domains/L2 networks they can't communicate: the source host assumes the destination in within its local L2 network and therefore it tries to ARP the destination address (or NDP resolve for IPv6).
ARP works by sending a request as broadcast to the local L2 network and the host with the requested IP address answers with its MAC address. Since the destination host is outside the local network it never hears the ARP request and ARP fails.
Even if the source would somehow know the destination's MAC address and build a frame addressed to that MAC it would never reach the destination since it's outside the L2 network still. MACs from outside the local L2 network are meaningless and useless.
answered 7 hours ago
Zac67Zac67
32.8k22163
IP subnets logically group hosts - hosts within the same subnet use their layer-2 connection to directly talk to each other. Talking to hosts on another subnet requires the use of a gateway/router.
VLANs physically group hosts - hosts within the same VLAN/broadcast domain/L2 segment can talk to each other directly. Hosts in different VLANs can't. (Don't beat me up - physically group isn't really correct but it marks my point.)
So, when two hosts are in the same IP subnet but on different VLANs/broadcast domains/L2 networks they can't communicate: the source host assumes the destination in within its local L2 network and therefore it tries to ARP the destination address (or NDP resolve for IPv6).
ARP works by sending a request as broadcast to the local L2 network and the host with the requested IP address answers with its MAC address. Since the destination host is outside the local network it never hears the ARP request and ARP fails.
Even if the source would somehow know the destination's MAC address and build a frame addressed to that MAC it would never reach the destination since it's outside the L2 network still. MACs from outside the local L2 network are meaningless and useless.
answered 7 hours ago
Zac67Zac67
32.8k22163
answered 7 hours ago
Zac67Zac67
32.8k22163
answered 7 hours ago
Zac67Zac67
32.8k22163
answered 7 hours ago
Zac67Zac67
32.8k22163
32.8k22163
add a comment |
add a comment |
I expect you to have good understanding about Subnet masking. When you have separate VLANs you have to have unique ip address range with subnets.It is not essential.
VLANs is a separate LAN but it is a virtual.Additionally Virtual LAN for separating Networks in Same Switch.It will create separate broadcast domain in your switch. But when you create virtual LANs with Same ip it is useless.
In addition to that you need to configure Intervlan Routing on your switch.
answered 16 hours ago
serverAdmin123serverAdmin123
3407
2
No it's not impossible to have multiple VLANs with same subnet . It's unusual and somewhat discouraged but it's totally possible.
– JFL
16 hours ago
I will edit my answer thanks
– serverAdmin123
16 hours ago
@JFL True, it is possible, using either VRF's or some other form of separator, but i've yet to see any use case for this. Please enlighten me.
– Cown
15 hours ago
@JFL same issue for me as well. I just now tried in cisco packet tracer, with intervlan routing. I don't know whether issue with Cisco packet tracer. It is not work. I agree with cown. it is possible in VRF.
– serverAdmin123
15 hours ago
1
@Cown I didn't say it was a good idea nor it was possible to made them communicate togtether (but still it's possible with NAT). But I have some use cases. For example I have interconnection with providers that pass through some overlapping RFC1918 networks. Those are connected to the same switches in different VLANs and don't communicate with each others.
– JFL
15 hours ago
|
show 1 more comment
I expect you to have good understanding about Subnet masking. When you have separate VLANs you have to have unique ip address range with subnets.It is not essential.
VLANs is a separate LAN but it is a virtual.Additionally Virtual LAN for separating Networks in Same Switch.It will create separate broadcast domain in your switch. But when you create virtual LANs with Same ip it is useless.
In addition to that you need to configure Intervlan Routing on your switch.
answered 16 hours ago
serverAdmin123serverAdmin123
3407
2
No it's not impossible to have multiple VLANs with same subnet . It's unusual and somewhat discouraged but it's totally possible.
– JFL
16 hours ago
I will edit my answer thanks
– serverAdmin123
16 hours ago
@JFL True, it is possible, using either VRF's or some other form of separator, but i've yet to see any use case for this. Please enlighten me.
– Cown
15 hours ago
@JFL same issue for me as well. I just now tried in cisco packet tracer, with intervlan routing. I don't know whether issue with Cisco packet tracer. It is not work. I agree with cown. it is possible in VRF.
– serverAdmin123
15 hours ago
1
@Cown I didn't say it was a good idea nor it was possible to made them communicate togtether (but still it's possible with NAT). But I have some use cases. For example I have interconnection with providers that pass through some overlapping RFC1918 networks. Those are connected to the same switches in different VLANs and don't communicate with each others.
– JFL
15 hours ago
|
show 1 more comment
I expect you to have good understanding about Subnet masking. When you have separate VLANs you have to have unique ip address range with subnets.It is not essential.
VLANs is a separate LAN but it is a virtual.Additionally Virtual LAN for separating Networks in Same Switch.It will create separate broadcast domain in your switch. But when you create virtual LANs with Same ip it is useless.
In addition to that you need to configure Intervlan Routing on your switch.
answered 16 hours ago
serverAdmin123serverAdmin123
3407
I expect you to have good understanding about Subnet masking. When you have separate VLANs you have to have unique ip address range with subnets.It is not essential.
VLANs is a separate LAN but it is a virtual.Additionally Virtual LAN for separating Networks in Same Switch.It will create separate broadcast domain in your switch. But when you create virtual LANs with Same ip it is useless.
In addition to that you need to configure Intervlan Routing on your switch.
answered 16 hours ago
serverAdmin123serverAdmin123
3407
edited 16 hours ago
answered 16 hours ago
serverAdmin123serverAdmin123
3407
answered 16 hours ago
serverAdmin123serverAdmin123
3407
answered 16 hours ago
serverAdmin123serverAdmin123
3407
3407
2
No it's not impossible to have multiple VLANs with same subnet . It's unusual and somewhat discouraged but it's totally possible.
– JFL
16 hours ago
I will edit my answer thanks
– serverAdmin123
16 hours ago
@JFL True, it is possible, using either VRF's or some other form of separator, but i've yet to see any use case for this. Please enlighten me.
– Cown
15 hours ago
@JFL same issue for me as well. I just now tried in cisco packet tracer, with intervlan routing. I don't know whether issue with Cisco packet tracer. It is not work. I agree with cown. it is possible in VRF.
– serverAdmin123
15 hours ago
1
@Cown I didn't say it was a good idea nor it was possible to made them communicate togtether (but still it's possible with NAT). But I have some use cases. For example I have interconnection with providers that pass through some overlapping RFC1918 networks. Those are connected to the same switches in different VLANs and don't communicate with each others.
– JFL
15 hours ago
|
show 1 more comment
2
No it's not impossible to have multiple VLANs with same subnet . It's unusual and somewhat discouraged but it's totally possible.
– JFL
16 hours ago
I will edit my answer thanks
– serverAdmin123
16 hours ago
@JFL True, it is possible, using either VRF's or some other form of separator, but i've yet to see any use case for this. Please enlighten me.
– Cown
15 hours ago
@JFL same issue for me as well. I just now tried in cisco packet tracer, with intervlan routing. I don't know whether issue with Cisco packet tracer. It is not work. I agree with cown. it is possible in VRF.
– serverAdmin123
15 hours ago
1
@Cown I didn't say it was a good idea nor it was possible to made them communicate togtether (but still it's possible with NAT). But I have some use cases. For example I have interconnection with providers that pass through some overlapping RFC1918 networks. Those are connected to the same switches in different VLANs and don't communicate with each others.
– JFL
15 hours ago
2
2
No it's not impossible to have multiple VLANs with same subnet . It's unusual and somewhat discouraged but it's totally possible.
– JFL
16 hours ago
No it's not impossible to have multiple VLANs with same subnet . It's unusual and somewhat discouraged but it's totally possible.
– JFL
16 hours ago
I will edit my answer thanks
– serverAdmin123
16 hours ago
I will edit my answer thanks
– serverAdmin123
16 hours ago
@JFL True, it is possible, using either VRF's or some other form of separator, but i've yet to see any use case for this. Please enlighten me.
– Cown
15 hours ago
@JFL True, it is possible, using either VRF's or some other form of separator, but i've yet to see any use case for this. Please enlighten me.
– Cown
15 hours ago
@JFL same issue for me as well. I just now tried in cisco packet tracer, with intervlan routing. I don't know whether issue with Cisco packet tracer. It is not work. I agree with cown. it is possible in VRF.
– serverAdmin123
15 hours ago
@JFL same issue for me as well. I just now tried in cisco packet tracer, with intervlan routing. I don't know whether issue with Cisco packet tracer. It is not work. I agree with cown. it is possible in VRF.
– serverAdmin123
15 hours ago
1
1
@Cown I didn't say it was a good idea nor it was possible to made them communicate togtether (but still it's possible with NAT). But I have some use cases. For example I have interconnection with providers that pass through some overlapping RFC1918 networks. Those are connected to the same switches in different VLANs and don't communicate with each others.
– JFL
15 hours ago
@Cown I didn't say it was a good idea nor it was possible to made them communicate togtether (but still it's possible with NAT). But I have some use cases. For example I have interconnection with providers that pass through some overlapping RFC1918 networks. Those are connected to the same switches in different VLANs and don't communicate with each others.
– JFL
15 hours ago
|
show 1 more comment
The point of the VLANs is to have network segmentation. You could also achieve the same (some caveats aside) using subnets. Since your subnet is split into 2 different VLANs, your devices can not communicate on L2 network. You can setup IRB interface on the switch to allow communication between the VLANs. Alternatively, you can route the traffic via a firewall and allow selective communication between the VLANs. Ideally, you should design your network to have different subnets for each of the VLANs and then Firewall the traffic between VLANs. Hope this helps.
answered 11 hours ago
RickyRicky
1
New contributor
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Nonononono don’t use IRB in this situation... the problem is that the switch should never have been configured with two vlans across the same subnet. The best answer is put all hosts in one subnet in the same vlan.
– Mike Pennington
5 hours ago
add a comment |
The point of the VLANs is to have network segmentation. You could also achieve the same (some caveats aside) using subnets. Since your subnet is split into 2 different VLANs, your devices can not communicate on L2 network. You can setup IRB interface on the switch to allow communication between the VLANs. Alternatively, you can route the traffic via a firewall and allow selective communication between the VLANs. Ideally, you should design your network to have different subnets for each of the VLANs and then Firewall the traffic between VLANs. Hope this helps.
answered 11 hours ago
RickyRicky
1
New contributor
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Nonononono don’t use IRB in this situation... the problem is that the switch should never have been configured with two vlans across the same subnet. The best answer is put all hosts in one subnet in the same vlan.
– Mike Pennington
5 hours ago
add a comment |
The point of the VLANs is to have network segmentation. You could also achieve the same (some caveats aside) using subnets. Since your subnet is split into 2 different VLANs, your devices can not communicate on L2 network. You can setup IRB interface on the switch to allow communication between the VLANs. Alternatively, you can route the traffic via a firewall and allow selective communication between the VLANs. Ideally, you should design your network to have different subnets for each of the VLANs and then Firewall the traffic between VLANs. Hope this helps.
answered 11 hours ago
RickyRicky
1
New contributor
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
The point of the VLANs is to have network segmentation. You could also achieve the same (some caveats aside) using subnets. Since your subnet is split into 2 different VLANs, your devices can not communicate on L2 network. You can setup IRB interface on the switch to allow communication between the VLANs. Alternatively, you can route the traffic via a firewall and allow selective communication between the VLANs. Ideally, you should design your network to have different subnets for each of the VLANs and then Firewall the traffic between VLANs. Hope this helps.
answered 11 hours ago
RickyRicky
1
New contributor
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 11 hours ago
RickyRicky
1
New contributor
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 11 hours ago
RickyRicky
1
answered 11 hours ago
RickyRicky
1
1
New contributor
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Ricky is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Nonononono don’t use IRB in this situation... the problem is that the switch should never have been configured with two vlans across the same subnet. The best answer is put all hosts in one subnet in the same vlan.
– Mike Pennington
5 hours ago
add a comment |
1
Nonononono don’t use IRB in this situation... the problem is that the switch should never have been configured with two vlans across the same subnet. The best answer is put all hosts in one subnet in the same vlan.
– Mike Pennington
5 hours ago
1
1
Nonononono don’t use IRB in this situation... the problem is that the switch should never have been configured with two vlans across the same subnet. The best answer is put all hosts in one subnet in the same vlan.
– Mike Pennington
5 hours ago
Nonononono don’t use IRB in this situation... the problem is that the switch should never have been configured with two vlans across the same subnet. The best answer is put all hosts in one subnet in the same vlan.
– Mike Pennington
5 hours ago
add a comment |
Complementary to the existing answers, which cover the question from a design and theory point of view ...
Instead of asking "why don't they communicate?", let's ask "what happens when they try to communicate?"
First, what does it mean to configure a VLAN on a switch? In our example there are some sockets configured as VLAN 10, and some configured VLAN 20. The definition of a VLAN is that only sockets on the same VLAN are connected. What that means is that a frame received on a port in a given VLAN is only ever sent to ports of the same VLAN.
10 10 20 20 10 20 VLAN of port
1 2 3 4 5 6 Port number
===+===+===+===+===+===+===
| | | | | |
A B C D E F Hosts
In this diagram we have six hosts, ports 1, 2, 5 are on VLAN 10, ports 3, 4, 6 are on VLAN 20.
Suppose host A is statically configured as 192.168.5.10/24 and F is statically configured as 192.168.5.20/24, from the question. Suppose B to E have other static configuration addresses (doesn't matter what they are).
If A pings 192.168.5.20, it determines it's in the same /24, so the first thing that happens is an ARP request: WHO HAS 192.168.5.20, sent as an ethernet broadcast.
The switch receives the broadcast on port 1. This is VLAN 10, so it sends the broadcast out of ports 2 and 5, the other ports in VLAN 10. Hosts B and E receive the ARP request and ignore it as it's not their address.
That's it.
There will be no ARP reply; the next thing that happens will be a timeout on A, followed by subsequent repeat ARP requests, until the application gives up.
A host plugged into anything other than a VLAN 10 port will see nothing at all, whatever its IP address. This obviously includes F, which is 192.168.5.20.
answered 6 hours ago
jonathanjojonathanjo
12.2k1937
add a comment |
Complementary to the existing answers, which cover the question from a design and theory point of view ...
Instead of asking "why don't they communicate?", let's ask "what happens when they try to communicate?"
First, what does it mean to configure a VLAN on a switch? In our example there are some sockets configured as VLAN 10, and some configured VLAN 20. The definition of a VLAN is that only sockets on the same VLAN are connected. What that means is that a frame received on a port in a given VLAN is only ever sent to ports of the same VLAN.
10 10 20 20 10 20 VLAN of port
1 2 3 4 5 6 Port number
===+===+===+===+===+===+===
| | | | | |
A B C D E F Hosts
In this diagram we have six hosts, ports 1, 2, 5 are on VLAN 10, ports 3, 4, 6 are on VLAN 20.
Suppose host A is statically configured as 192.168.5.10/24 and F is statically configured as 192.168.5.20/24, from the question. Suppose B to E have other static configuration addresses (doesn't matter what they are).
If A pings 192.168.5.20, it determines it's in the same /24, so the first thing that happens is an ARP request: WHO HAS 192.168.5.20, sent as an ethernet broadcast.
The switch receives the broadcast on port 1. This is VLAN 10, so it sends the broadcast out of ports 2 and 5, the other ports in VLAN 10. Hosts B and E receive the ARP request and ignore it as it's not their address.
That's it.
There will be no ARP reply; the next thing that happens will be a timeout on A, followed by subsequent repeat ARP requests, until the application gives up.
A host plugged into anything other than a VLAN 10 port will see nothing at all, whatever its IP address. This obviously includes F, which is 192.168.5.20.
answered 6 hours ago
jonathanjojonathanjo
12.2k1937
add a comment |
Complementary to the existing answers, which cover the question from a design and theory point of view ...
Instead of asking "why don't they communicate?", let's ask "what happens when they try to communicate?"
First, what does it mean to configure a VLAN on a switch? In our example there are some sockets configured as VLAN 10, and some configured VLAN 20. The definition of a VLAN is that only sockets on the same VLAN are connected. What that means is that a frame received on a port in a given VLAN is only ever sent to ports of the same VLAN.
10 10 20 20 10 20 VLAN of port
1 2 3 4 5 6 Port number
===+===+===+===+===+===+===
| | | | | |
A B C D E F Hosts
In this diagram we have six hosts, ports 1, 2, 5 are on VLAN 10, ports 3, 4, 6 are on VLAN 20.
Suppose host A is statically configured as 192.168.5.10/24 and F is statically configured as 192.168.5.20/24, from the question. Suppose B to E have other static configuration addresses (doesn't matter what they are).
If A pings 192.168.5.20, it determines it's in the same /24, so the first thing that happens is an ARP request: WHO HAS 192.168.5.20, sent as an ethernet broadcast.
The switch receives the broadcast on port 1. This is VLAN 10, so it sends the broadcast out of ports 2 and 5, the other ports in VLAN 10. Hosts B and E receive the ARP request and ignore it as it's not their address.
That's it.
There will be no ARP reply; the next thing that happens will be a timeout on A, followed by subsequent repeat ARP requests, until the application gives up.
A host plugged into anything other than a VLAN 10 port will see nothing at all, whatever its IP address. This obviously includes F, which is 192.168.5.20.
answered 6 hours ago
jonathanjojonathanjo
12.2k1937
Complementary to the existing answers, which cover the question from a design and theory point of view ...
Instead of asking "why don't they communicate?", let's ask "what happens when they try to communicate?"
First, what does it mean to configure a VLAN on a switch? In our example there are some sockets configured as VLAN 10, and some configured VLAN 20. The definition of a VLAN is that only sockets on the same VLAN are connected. What that means is that a frame received on a port in a given VLAN is only ever sent to ports of the same VLAN.
10 10 20 20 10 20 VLAN of port
1 2 3 4 5 6 Port number
===+===+===+===+===+===+===
| | | | | |
A B C D E F Hosts
In this diagram we have six hosts, ports 1, 2, 5 are on VLAN 10, ports 3, 4, 6 are on VLAN 20.
Suppose host A is statically configured as 192.168.5.10/24 and F is statically configured as 192.168.5.20/24, from the question. Suppose B to E have other static configuration addresses (doesn't matter what they are).
If A pings 192.168.5.20, it determines it's in the same /24, so the first thing that happens is an ARP request: WHO HAS 192.168.5.20, sent as an ethernet broadcast.
The switch receives the broadcast on port 1. This is VLAN 10, so it sends the broadcast out of ports 2 and 5, the other ports in VLAN 10. Hosts B and E receive the ARP request and ignore it as it's not their address.
That's it.
There will be no ARP reply; the next thing that happens will be a timeout on A, followed by subsequent repeat ARP requests, until the application gives up.
A host plugged into anything other than a VLAN 10 port will see nothing at all, whatever its IP address. This obviously includes F, which is 192.168.5.20.
answered 6 hours ago
jonathanjojonathanjo
12.2k1937
edited 6 hours ago
answered 6 hours ago
jonathanjojonathanjo
12.2k1937
answered 6 hours ago
jonathanjojonathanjo
12.2k1937
answered 6 hours ago
jonathanjojonathanjo
12.2k1937
12.2k1937
add a comment |
add a comment |
Jim Pap is a new contributor. Be nice, and check out our Code of Conduct.
Jim Pap is a new contributor. Be nice, and check out our Code of Conduct.
Jim Pap is a new contributor. Be nice, and check out our Code of Conduct.
Jim Pap is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f58364%2fwhy-cant-devices-on-different-vlans-but-on-the-same-subnet-communicate%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
You need a router to route between different Vlans. Also, when doing that, you cannot have the same IP subnet on those two Vlans.
– Cown
16 hours ago
4
Hello Jim Pap and welcome ... It's like you plugged your two hosts into two different switches, one labelled "LAN 10" and the other labelled "LAN 20". Configuring VLANs on your switch divides your switch into multiple, virtual, switches.
– jonathanjo
16 hours ago
1
This question is somewhat of a tautology. They can't because they can't, by design. The creation of separate VLANs logically segments the switched internetwork. You now need to use some form of inter-VLAN routing for these devices to communicate.
– WakeDemons3
11 hours ago