Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Private Vlan, Community Vlan and Isolated VLAN Questions
New Posts  All Forums:Forum Nav:

Private Vlan, Community Vlan and Isolated VLAN Questions

post #1 of 26
Thread Starter 
Hi,

It's been a long while I came on this site, other stuff needed my utmost attentions.

Now I have a interrogation about Vlan's.

This example is purely theoretical, please keep it in mind.

I have a L2 switch and a "home grade" router.

If my understanding of Private, Community and Isolated Vlan is good those Vlan are handled by the switch.

Therefore would a Isolated or Community Vlan be able to communicate with a other Switch port that is NOT supposed to if it pass on the Home grade router ports?

NB: Only 1 subnet and only 1 router/switch (home grade).

I hope I've been clear enough.

Looking forward for your enlightening answers.
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
post #2 of 26
Hello there,

My knowledge of routing and switching is pretty basic (Just swatting up for my ICND1).
I'm struggling to understand your question slightly, depending upon the switch and IOS that is on it, you should be able to pretty easily assign any port you like to any Vlan you would like to irrespective of the type of Vlan.


Hope this helps?

-Jeci-
Edited by Jeci - 2/18/11 at 9:21am
post #3 of 26
Thread Starter 
Quote:
Hello there,

My knowledge of routing and switching is pretty basic (Just swatting up for my ICND1).
I'm struggling to understand your question slightly, depending upon the switch and IOS that is on it, you should be able to pretty easily assign any port you like to any Vlan you would like to irrespective of the type of Vlan.


Hope this helps?

-Jeci-
Thank to have took the time to reply to me.

The question was not really about how to assign but more how would it work in the given situation. One of the key factor is that there's a home grade router (not supporting, normally, the VLAN options) in the network.

For clarity purpose I'll rephrase the question,

Does the fact that I pass thru a Home grade router (doesn't support the VLAN options) will affect the "isolation" created by Community / Isolation VLAN?

I'll try to give a example:

Switch ports 8 ports switch:

1 and 2 -> Isolated
3-6 -> community (together)
7 -> Primary (link to one of the home grade router/switch)
8 Not used

Can port 1 access / ping port #2 to 6 or will it be block by the switch?

(I suppose that the router will send it back to port #7 since his routing table will tell him so).

Same Ideas for any ports 3 to 6 have access to port 1 and/or 2?

I hope it's clearer.
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
post #4 of 26
Quote:
Originally Posted by Nivis Tigridis View Post
Hi,

It's been a long while I came on this site, other stuff needed my utmost attentions.

Now I have a interrogation about Vlan's.

This example is purely theoretical, please keep it in mind.

I have a L2 switch and a "home grade" router.

If my understanding of Private, Community and Isolated Vlan is good those Vlan are handled by the switch.

Therefore would a Isolated or Community Vlan be able to communicate with a other Switch port that is NOT supposed to if it pass on the Home grade router ports?

NB: Only 1 subnet and only 1 router/switch (home grade).

I hope I've been clear enough.

Looking forward for your enlightening answers.

Short answer is no. Based on what you have described and given the fact that 99% of home routers do not have the functionality. In order for 1 VLAN to communicate to the other VLAN Layer 3 routing is required. Most home routers while having the capability to create a separate VLAN usually limit to 2 VLANs.

Note a router is not the only device that can allow VLAN to VLAN communication. In the professional environment it is either done by a Layer 3 switch a Cisco 3750 for example, or can be done at the firewall level, Cisco ASA 5510 or Juniper SSG for those examples.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #5 of 26
Thread Starter 
Quote:
Originally Posted by bratas View Post
Short answer is no. Based on what you have described and given the fact that 99% of home routers do not have the functionality. In order for 1 VLAN to communicate to the other VLAN Layer 3 routing is required. Most home routers while having the capability to create a separate VLAN usually limit to 2 VLANs.

Note a router is not the only device that can allow VLAN to VLAN communication. In the professional environment it is either done by a Layer 3 switch a Cisco 3750 for example, or can be done at the firewall level, Cisco ASA 5510 or Juniper SSG for those examples.
Good, that's I wanted to be certain of.

I'm aware that inter Vlan routing required a L3 device (switch, router(s)) to reroute. What I wasn't sure is "who" really handle the Private Vlan stuff.

From the answer I've received it's really the L2 device, it's exactly what I wanted

One last question that pop up in my mind, if I use the Home router as a DHCP server, the Private Vlan would be able to receive Dynamics IP?

Thank you.
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
post #6 of 26
Quote:
Originally Posted by Nivis Tigridis View Post
Good, that's I wanted to be certain of.

I'm aware that inter Vlan routing required a L3 device (switch, router(s)) to reroute. What I wasn't sure is "who" really handle the Private Vlan stuff.

From the answer I've received it's really the L2 device, it's exactly what I wanted

One last question that pop up in my mind, if I use the Home router as a DHCP server, the Private Vlan would be able to receive Dynamics IP?

Thank you.
Answer to last question, Yes the systems in the Priv VLAN should receive support from the DHCP.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #7 of 26
Thread Starter 
Thank you that cleared up my current questions about private Vlan and this kind of setup.
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
post #8 of 26
If your router doesn't support VLAN tagging, then you're only able to provide routing/WAN to one of the VLANs you had in mind. You would have to set the switch uplink port's native VLAN for the VLAN you want to have connectivity.

Keep in mind that the other networks will not be able to talk to each other or the WAN unless you, as previously stated, have either a router capable of 802.1q or a layer3 switch.
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #9 of 26
Doesn't the link between the Switch and the Router have to be a Trunk line? Pretty much what Beers said, you need a router that can understand tagged frames and/or trunking. Look for dot1Q support. I think your best bet would be installing something like the tomato/dd-wrt firmwares on the router.
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
post #10 of 26
Thread Starter 
I'm not using intervlan routing, I'm using PRIVATE VLAN (Layer2 VLAN).

So I just want some ports to be able to talk to each others ONLY (community vlan) and to get out of the internet nothing else.

Basically I want to prevent some ports of the switch to have access to the rest of the network but still have access to the internet.

All the ports will use the same subnet / ip range.

What the 2 last post say is correct if 1 VLAN = 1 IP range or subnet; in my case ALL the VLAN will have the SAME IP range and subnets.
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
I7-2600K GA-P67A-UD5-B3 MSI GeForce GTX 760 OC Twin Frozr IV 1085/1150M... 2 * [ RipjawsX ] F3-17600CL7D-4GBXHD 
Hard DriveOptical DriveCoolingOS
2 * Seagate Barracuda 7200.12 500GB in Raid 0 SAMSUNG Black SATA DVD Burner Corsair H90 Win 7 Home Prenuim 64 bits 
PowerCaseMouse
Antec TPQ 800 W Lian Li TYR PC-X2000 G5 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Private Vlan, Community Vlan and Isolated VLAN Questions