Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VLAN, separate broadcast domain ?
- Thread starter iriscisco
- Start date
Think about how a VLAN operates. It's at layer 3 so anything that wants to get from one VLAN to another must be router. And hwo does one define a broadcast domain? By the router boundries. Broadcasts will not pass the through the router (normally) hence the router is the endpoint of a broadcaset domain. So each VLAN is it's own broadcast domain.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
- Thread starter
- #3
By using VLANs you can divide a broadcast domain into smaller ones. As wybnormal said, each VLAN is its own broadcast domain. So both routers and layer 2 switches using VLANs can separate broadcast domains.
Now, what about collision domains and VLANs? Well, collision domains remain at each switch's port, whether it's part of a VLAN or not.
Now, what about collision domains and VLANs? Well, collision domains remain at each switch's port, whether it's part of a VLAN or not.
We can split hairs here if you wish. The IEEE does specify that a VLAN is a group of devices that operate in the same layer 2 domain. However.. in order to do anything with the VLAN other then isolate traffic, you need layer 3. The original question was does a VLAN separate broadcast traffic and at layer 3 it does. Anything within the layer 2 domain will recieve the broadcast traffic just like any other network segment would. But, it stops at the boundries of the IP subnet range.
You can read about vlans and broadcasts in Cisco LAN Switching on page 125. There is a "tip" box there at the bottom of the page.
Actually, the preceding pages are pretty good to read about VLANs and switching.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
You can read about vlans and broadcasts in Cisco LAN Switching on page 125. There is a "tip" box there at the bottom of the page.
Actually, the preceding pages are pretty good to read about VLANs and switching.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
Another question there. webnetwiz, you said that a VLAN can have more than one IP subnet (layer 3, then). Anyway, the devices belonging to one IP subnet in that VLAN, will need a router to communicate with the devices belonging to the other IP subnet in the same VLAN, won't them? I don't see the point. Could anybody please help me? Thanks in advance
mgllobet,
let's say
subnet a
c1 - 10.1.1.1/24 and pc2 - 10.1.1.2/24
subnet bc3 - 10.1.2.1/24 and pc4 - 10.1.2.2/24
it is still valid to add pc1, pc2 and pc3 into same VLAN.
VLAN 2: pc1, pc2, pc3
VLAN 3: pc4
but once, this is done, pc3 is no longer in same broadcast domain with pc4 even though they are in the same subnet.
only way for them to communicate is pc3 through a router then send back onto pc4.
this configuration is done whenever a pc (person) from one department (i.e. adminstrative: 1st floor) wants to be part of the other department (i.e. executive: 7th floor) without physically transfering the pc. next time around, all of his confidential broadcast messages to executive offices does not fall in front of the eye of the guy in the next cube over in charge of billing.
if he does want to communicate with pc at next cube over, then the frame must go through a router where the vlan header is changed then back to the pc next cube over.
i hope i didn't confuse you. because sometimes i confuse myself.
Microbyte
let's say
subnet a
c1 - 10.1.1.1/24 and pc2 - 10.1.1.2/24subnet b
c3 - 10.1.2.1/24 and pc4 - 10.1.2.2/24it is still valid to add pc1, pc2 and pc3 into same VLAN.
VLAN 2: pc1, pc2, pc3
VLAN 3: pc4
but once, this is done, pc3 is no longer in same broadcast domain with pc4 even though they are in the same subnet.
only way for them to communicate is pc3 through a router then send back onto pc4.
this configuration is done whenever a pc (person) from one department (i.e. adminstrative: 1st floor) wants to be part of the other department (i.e. executive: 7th floor) without physically transfering the pc. next time around, all of his confidential broadcast messages to executive offices does not fall in front of the eye of the guy in the next cube over in charge of billing.
if he does want to communicate with pc at next cube over, then the frame must go through a router where the vlan header is changed then back to the pc next cube over.
i hope i didn't confuse you. because sometimes i confuse myself.
Microbyte
Thanks a lot for your reply, it has given me another point of view of the situation. Anyway, there are some points I still don't understand.
If pc3 wants to send a packet to pc4, and they belong to the same subnet, how will pc3 know that pc4 is not in the same broadcast domain? Pc3 will believe that, since both pc3 and pc4 network is 10.1.2.0/24, pc3 will not look for a default gateway to send the packet to. It will send an ARP broadcast to get the MAC address of pc4, and it will get no reply. Isn't it?
And another question (please don't hate me!), why pc3 should be placed in the same VLAN that pc1 and pc2? For pc3 to communicate with pc1 and pc2, it will look for a default gateway, because they are not in the same subnet, and although they are in the same broadcast domain (VLAN), they will need the router to get to each other (similar to secondary addressing...)
Well, my mind is a mess now, so I don't know if all what I said is a nonsense. Thanks anyway for your previous answer.
If pc3 wants to send a packet to pc4, and they belong to the same subnet, how will pc3 know that pc4 is not in the same broadcast domain? Pc3 will believe that, since both pc3 and pc4 network is 10.1.2.0/24, pc3 will not look for a default gateway to send the packet to. It will send an ARP broadcast to get the MAC address of pc4, and it will get no reply. Isn't it?
And another question (please don't hate me!), why pc3 should be placed in the same VLAN that pc1 and pc2? For pc3 to communicate with pc1 and pc2, it will look for a default gateway, because they are not in the same subnet, and although they are in the same broadcast domain (VLAN), they will need the router to get to each other (similar to secondary addressing...)
Well, my mind is a mess now, so I don't know if all what I said is a nonsense. Thanks anyway for your previous answer.
pc is just an workstation, it doesn't have any configuration to know anything about its network.
when pc3 tries to connect to pc4...hmm that doesn't happen exactly.
what it really happens is,
1. pc3 goes into the switch with vlan tag 2 header with destination pc4 in it.
2. although the switch sees they belong to the same subnet, vlan causes pc3 and pc4 to exist in different network.
3. so switch cannot find the destination address, therefore it fowards that frame to its gateway (router).
4. the router detects the pc4's address, where it swaps vlan2 header to vlan3. then, it enters back to pc4.
the concept of VLAN is like poor man's switch. If you can't affort 2 switches then, just buy one then create VLANs.
so, you can safely say, VLAN is like a separate Switch.
VLAN2 = Switch2
VLAN3 = Switch3
So logically, pc1,pc2,and pc3 is connected to switch2 which connected to a router, and pc4 is connected to switch3 which connect to a same router.
To answer your second question:
First time around, when newly connected pc3 wants to connect to pc1 or pc2, the "switch2" sends it to its default gateway because of different subnet like you said but it sends back to the "switch2" where then switch stores pc3's MAC address which next time around it could just foward within the "switch2" without send it to the router.
when pc3 tries to connect to pc4...hmm that doesn't happen exactly.
what it really happens is,
1. pc3 goes into the switch with vlan tag 2 header with destination pc4 in it.
2. although the switch sees they belong to the same subnet, vlan causes pc3 and pc4 to exist in different network.
3. so switch cannot find the destination address, therefore it fowards that frame to its gateway (router).
4. the router detects the pc4's address, where it swaps vlan2 header to vlan3. then, it enters back to pc4.
the concept of VLAN is like poor man's switch. If you can't affort 2 switches then, just buy one then create VLANs.
so, you can safely say, VLAN is like a separate Switch.
VLAN2 = Switch2
VLAN3 = Switch3
So logically, pc1,pc2,and pc3 is connected to switch2 which connected to a router, and pc4 is connected to switch3 which connect to a same router.
To answer your second question:
First time around, when newly connected pc3 wants to connect to pc1 or pc2, the "switch2" sends it to its default gateway because of different subnet like you said but it sends back to the "switch2" where then switch stores pc3's MAC address which next time around it could just foward within the "switch2" without send it to the router.
And so a PC sends what?
Virtually every book, class, tutorial I have ever sat through refers to the PC sending a "packet" since it takes it's own mac address, adds the destination mac address, adds a payload and then wraps the whole mess into a layer3 packet which just refers to the fact the PC is using a logical address scheme of some kind. Could be IP, could be Token Ring, could be IPX but it's logical and not physical.
I do agree that the word "packet" is missused alot.. a switch deals with frames and a router deals in packets. Subtle but important item to remember. All we are really saying is the switch could care less about the logical addressing in front of the hardware addressing.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
Virtually every book, class, tutorial I have ever sat through refers to the PC sending a "packet" since it takes it's own mac address, adds the destination mac address, adds a payload and then wraps the whole mess into a layer3 packet which just refers to the fact the PC is using a logical address scheme of some kind. Could be IP, could be Token Ring, could be IPX but it's logical and not physical.
I do agree that the word "packet" is missused alot.. a switch deals with frames and a router deals in packets. Subtle but important item to remember. All we are really saying is the switch could care less about the logical addressing in front of the hardware addressing.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
Ok, currently studing switching and confused about the post from Microbyte. Why would you place PC3 in the same broadcast domain as PC1 and PC2. Wouldn't PC3 receive every broadcast packet (ICMP, ARP) that travels through VLAN2? Even though they would be discarded, isn't that a waste of bandwidth? I guess the point blank question would be, why would you put multiple subnets in a single VLAN? Doesn't the defeat the purpose of VLAN's? Why wouldn't you just place PC3 into the same VLAN as PC4. Doesn't require a physical move, just a patch change.
SpudNuts(ITC), USN(Ret), CCNA, BSCI, BCRAN, CST
SpudNuts(ITC), USN(Ret), CCNA, BSCI, BCRAN, CST
wybnormal,
yes, i've heard pc sending "packets" many times too. but maybe i'm being very technical here but doesn't pc just send "bits" of information?
back in the days when many people used novell ipx, pc can be configured as a router (and many did). maybe the term pc sending "packets" spawned from there.
i could be wrong, and please do correct me if i am. but this is what i know.
Microbyte
yes, i've heard pc sending "packets" many times too. but maybe i'm being very technical here but doesn't pc just send "bits" of information?
back in the days when many people used novell ipx, pc can be configured as a router (and many did). maybe the term pc sending "packets" spawned from there.
i could be wrong, and please do correct me if i am. but this is what i know.
Microbyte
spudnuts,
To think of it as most efficient way, putting multiple subnets in a single VLAN would be downright dumb. But what I¡¯m pointing out is environment may change after network is first implemented and if it does, how one should work around it. I¡¯ve posted it above - the problem and its solution. You may have missed it.
Also, like you said,
¡°Doesn't the defeat the purpose of VLAN's? Why wouldn't you just place PC3 into the same VLAN as PC4. Doesn't require a physical move, just a patch change¡±
that¡¯s what I suggested before as a solution.
To think of it as most efficient way, putting multiple subnets in a single VLAN would be downright dumb. But what I¡¯m pointing out is environment may change after network is first implemented and if it does, how one should work around it. I¡¯ve posted it above - the problem and its solution. You may have missed it.
Also, like you said,
¡°Doesn't the defeat the purpose of VLAN's? Why wouldn't you just place PC3 into the same VLAN as PC4. Doesn't require a physical move, just a patch change¡±
that¡¯s what I suggested before as a solution.
Microbyte,
In reference to your PC send packets argument, I think you need to clarify what you define as a PC. A PC is more than just a network card. For example, if you wanted to telnet to a device from your PC, then it would use all the layers of the OSI model. At some stage the "PC" would have to create an IP "packet" which contains the destination of the host along with the TCP segment info, etc. The packet would then be place into an ethernet frame which gets converted to bits to be put on the physical wire. When the router recieves the bits it does the reverse (bits to frame, frame to packet)
So you may be correct in saying that the bits are what are being sent from the PC physical layer, but I don't think you can pull up someone for saying a PC sends another PC a packet.
JimmyZ
In reference to your PC send packets argument, I think you need to clarify what you define as a PC. A PC is more than just a network card. For example, if you wanted to telnet to a device from your PC, then it would use all the layers of the OSI model. At some stage the "PC" would have to create an IP "packet" which contains the destination of the host along with the TCP segment info, etc. The packet would then be place into an ethernet frame which gets converted to bits to be put on the physical wire. When the router recieves the bits it does the reverse (bits to frame, frame to packet)
So you may be correct in saying that the bits are what are being sent from the PC physical layer, but I don't think you can pull up someone for saying a PC sends another PC a packet.
JimmyZ
jimmyz,
i meant pc by a workstation, where one can telnet from. i know i was being very technical and nosy. forgive me if i acted bit arrogant but like wybnormal said, i too, have seen many people misuse the word "packet". i just wanted to clarify that's all.
i meant pc by a workstation, where one can telnet from. i know i was being very technical and nosy. forgive me if i acted bit arrogant but like wybnormal said, i too, have seen many people misuse the word "packet". i just wanted to clarify that's all.
Microbyte,
No need to apologies, you were merely posting your opionion for debate. Thats what the forum is here for. However I still do not understand the "misuse of the word packet" argument. A PC/workstation is more than just a layer 1 device which generates bits. Usually it will have applications/utils installed (layers 7-5), a transport and network protocol such as a TCP/IP stack (layers 4-3), a network card (layer2) and network cable attached (layer1). At some stage the PC is still creating a packet for communication with another device. Therefore I think it is fine for people to say that a PC is trying to send a packet to another host.
JimmyZ
No need to apologies, you were merely posting your opionion for debate. Thats what the forum is here for. However I still do not understand the "misuse of the word packet" argument. A PC/workstation is more than just a layer 1 device which generates bits. Usually it will have applications/utils installed (layers 7-5), a transport and network protocol such as a TCP/IP stack (layers 4-3), a network card (layer2) and network cable attached (layer1). At some stage the PC is still creating a packet for communication with another device. Therefore I think it is fine for people to say that a PC is trying to send a packet to another host.
JimmyZ
- Status
Similar threads
- Locked
- Question