[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Can switches on different vlans pass broadcast packets from one vlan to another?

Posted on 2010-04-09
10
Medium Priority
?
1,088 Views
Last Modified: 2012-05-09
We have several vlans in our network all of which have their own switch.
I was told that the switch can pass broadcast packets within it's own vlan but not across and to another vlan. The reason I'm asking is that I have an application on a windows 2008 r2 server that needs to use the computer browser service to look for other machines on the network. It can find other machines but only on it's own vlan. I can go to windows explorer and type in \\machine name\  and get to the specific machine but this application does not work that way.
If I put in all of the vlan ip ranges in the application it still will only find those workstations in the same vlan as the server.
I'm thinking this is because of the way the network switches are configured.
Can anyone shed some light for me on how switches on vlans works?
0
Comment
Question by:sweetwater4
10 Comments
 
LVL 1

Expert Comment

by:DarrinZuroff
ID: 30231309
I couldn't tell you exactly how to configure it but I might be able to point you in the right direction.  You need to configure IP Helper which routes packets between different VLans.  You will need a router or switch capable of Layer 3 routing in order for this to work.  Perhaps someone else can elaborate, but if you search for IP Helper you will find a lot of information on the topic.
0
 
LVL 12

Expert Comment

by:Faruk Onder Yerli
ID: 30231782
Hi;

you can think VLAN like ip sub-net application which is located in layer2. If switch micro segmentation system doesn't have any bugs, switch never announce any type of frame another VLANs. Some special case, you can copy one VLAN frames to another VLAN. For example if you have voip system and you want to record all conversations, you may migrate all voip vlan data to data recorder port and you may record all voice in server. In cisco switches it is called "SPAN". If you don't have such conf in your switches it is impossible to hear to VLAN each other without router.

If you want to communicate 2 vlans each other, they can just talk in layer3. (if router is allowing to talk). \\machinename\ works as below.
- Broadcast machine name (layer2)
- get ip address (layer2)
- connect over ip
if your DNS server is allowing to use NETBIOS name for each domain server and computer, in that time it is working as below.
- ask DNS netbios name
- get IPaddress
- Connect over ip




 
0
 
LVL 12

Expert Comment

by:Faruk Onder Yerli
ID: 30231978
ip helper command can transfer L2 broadcast frame to specific host. not another VLAN. also ip helper can  usable in router not on switch. IP helper generally using for DHCP requests from servers.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 

Author Comment

by:sweetwater4
ID: 30232083
so equalizer basically are you saying that it can be done on the swith side but in layer 3?
0
 
LVL 12

Expert Comment

by:Faruk Onder Yerli
ID: 30232326
i am telling that layer2 broadcast message can trasferable to spesific host over ip helper command on router.
you never can send layer2 broadcast from one vlan the another vlan without  L3 encapsulation on L2 frame.
0
 
LVL 23

Accepted Solution

by:
that1guy15 earned 2000 total points
ID: 30232957
yeah broadcast will only traverse a layer two broadcast domain (aka VLAN). once it needs to pass from vlan to vlan then it must use routing (layer 3) which means that the broadcast must jump from one broadcast domain to another. For this to be done a router need to know were to send the broadcast. This is were the ip helper or directed broadcast command comes into play.

"ip helper-address" can be used to direct all broadcast from a VLAN to a specific IP address on another vlan or network. Is is commonly used for DHCP assignment across multiple vlans.

"ip directed-broadcast" is used for host on a vlan to broadcast out (usually discovery) to every device across multiple VLANS (aka broadcast domains). So it would allow a single host to broadcast out to find a device. This broadcast would then be forwarded by your router to the allowed vlans in your network.

Im guessing you will want to use directed broadcasts.

here is a link that explains both commands and how to configure them on your router or multi-layer switch.

http://www.cisco.com/en/US/docs/ios/12_3t/ip_addr/command/reference/ip1_i1gt.html#wp1168114
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 30311495
In normal VLAN switching, by design, broadcasts are contained to the VLAN they originated in.

If your application can use an ip directed broadcast for each of the other VLAN IP ranges then your router,
or L3 function on your switch, will route those ip directed broadcasts normally to the subnet where they need to be delivered. With directed broadcast enabled on the router's interface where that destination subnet lives it would be sent as a normal broadcast to all stations on that VLAN.

With an ACL you can restrict the ability to pass IP directed broadcasts from only the server in question and drop all others that might be generated for denial of service purposes etc.

The IP helper works in the reverse in that it takes a broadcast received on one VLAN and converts it into a unicast packet to be routed to a single server on another VLAN.

Neither one affects the behavior of the local broadcasts sent and received on the VLAN.

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 30321627
Good information above, I'd just like to add something..
You need to understand how to your application broadcasts for other hosts. Does it use a simple subnet broadcast where it uses it's local IP address broadcast? For example, if the server's IP address is 192.168.1.100, it may use the subnet broadcast of 192.168.1.255. If this is the case, then the broadcast will never get anywhere else no matter what you do on the switch, because this is not only a L2 broadcast boundary, but also a layer3 boundary. If the server broadcasts all 1's - 255.255.255.255, then this is also difficult to propagate across subnets because there is no layer 3 boundary. The ideal situation is that you have a class B network address, subnetted into class C subnets, each vlan a class C, and the application does a classfull broadcast, ie.  172.16.1.100 host sends broadcast to 172.16.255.255
Now we have something that we can classify at Layer 3 as "directed broadcast" and we can do something with it, but only at layer 3. We can re-broadcast it to all vlans/subnets within the summary mask of 172.16.0.0/16
On a layer 3 device, like a router or L3 switch, we simply enable ip directed broadcasts on the interfaces, then add specific port commands as below, but you need to know the port number it broadcasts on:
 ip forward-protocol udp netbios-ns
 ip forward-protocol udp <port#>
0
 

Expert Comment

by:kingmanson
ID: 33344708
Do you have a Windows domain or workgroup? For WIndows network browsing across subnets you need a domain controller. Each subnet will elect a master browser, which can be a client or server machine. That machine will maintain the master browse list for that subnet. If there is a server on that subnet the master browser will be a server but it could be a client and will be the client with the most recent OS. The subnet Master Browsers share their browse lists with domain controllers and one of the domain controllers is the Domain Master Browser.
0
 

Expert Comment

by:kingmanson
ID: 33344713
BTW: Here is a link to network browser info at Microsoft:

http://technet.microsoft.com/en-us/library/bb726989.aspx

0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question