VLANS

[NYR]

Hello,
I need to implement a few VLANS on a 3com 4400 switch. The switches are VLAN capable, but there is a Cisco 2501 router routing that is not VLAN capable. I will not be routing between any of these VLANS, just out to the internet. Will The router still route out these VLANs to the internet with the proper config..right?
Thanks

 

[hexn]

Yes, the router will route just fine since VLAN information is stripped before it leaves the switch, so by the time the traffic gets to the router, it is a normal IP packet that the router will route.

 

[wybnormal]

The real answer is yes and no..

Will the 2501 route *2* vlans? no.. it wont as it only has one ethernet port and it's not trunkable..i.e.. not a 10/100 port that can handle ISL or 802.1q protocols.

But- with some trickery, one can "fake it" if you can live with a few shortcomings.

The whole point of vlans is to isolate traffic yes? but you are asking to route both vlans out to the internet so you need to somehow combine the two IP ranges that make up the 2 vlans yes? Normally this is done by trunking..everything flows over a common link either with ISL encapsulation or by the additional bytes of 802.1q.. Another word you might hear is *color tagging*. But, we can not do this as the 2501 is a single Ethernet port which is only a 10 half and you need(mostly) 100 for trunking.

Here is the trick..

Config the two vlans on the switch

Get a cheapo switch..

Config the E0 port on the 2501 with the IP address on the more important vlan and then use a SECONDARY IP on the same interface with the IP of the lesser vlan.

Plug the two VLAN ports into the hub and plug in the router to the same hub.

THe router interface will answer to both the primary IP range.. AND the secondary range and route them both.

Make sure the clients point to either the primary or secondary IP as their default gateway..

The downside? well.. on the at the cheap switch you are now mixing the two VLANs.. you need to filter at the VLAN switch port, an access list to block broadcasts etc.. packets can now traverse the vlan boundry so there is not the isolation you would expect with a VLAN.

Also.. certain routing protocols will not work well with secondary interfaces.. for reasons much too detailed to explain here.

The preferred way to do this is to get a dual ethernet port router.. 1605, 2514, 2611 or even better is a 2620/21 which does support trunking over 802.1q which is what the 3com wants to see. But keep in mind that trunking on a 3com is not the same as trunking on a Cisco product. Same word, different meanings.


vlan1-------|
hub--------router------internet
vlan2-------|

Preferred method

3com-vlan1--------E0-1605-|
|----internet---
3com-vlan2--------E1-1605-|

MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[NYR]

Mike,
Thanks for the info. I have a previous post regarding this issue. I have 3 switches, each switch may have 10 port based VLANs and I may have 30 or more total VLANs. My concerns are with that Cisco router(supplied by ISP). I was looking at the Cisco 2621, and I know it can handle/support VLANs. With what you mentioned before, would it be possible to "fake" routing 30 VLANs with the 2501? Just out to the internet?
Thanks

 

[jgercken]

Geez I never even thought of using a 2501 to route vlan traffic. Looks like a workable solution, very novel.

You would only be able to use 4 VLANS since the router can only have 2 IP's on each of its 2 interfaces.

If traffic isolation is a legal issue (different companies) I would purchase a 2600 that can trunk dot1q vlans.

Jeff