Corp_Jones
asked on
VLAN's - same range, same gateway, can clients communicate with each other?
Hi Guys
We have 2x Netgear FSM7352S Layer 3 switches, my plan was to create 10 VLAN's in the same range, e.g. 192.168.1.x, all pointing to the same gateway, 192.168.1.1, the intention for creating VLAN's was for security, so each VLAN is isolated and cannot see eachothers shares etc.
My question is, since they are using the same gateway does that mean all clients will be able to see eachother as the router will route between the VLAN's automatically?
Thanks
We have 2x Netgear FSM7352S Layer 3 switches, my plan was to create 10 VLAN's in the same range, e.g. 192.168.1.x, all pointing to the same gateway, 192.168.1.1, the intention for creating VLAN's was for security, so each VLAN is isolated and cannot see eachothers shares etc.
My question is, since they are using the same gateway does that mean all clients will be able to see eachother as the router will route between the VLAN's automatically?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sorry, most likely I was writing in a haste.
so once again. you can't do what you are trying to do, because you can't assigned the same IP address on the switch for all 10 vlans.
feature you are trying to implement is called in Cisco terms: private vlans
(http://www.ciscopress.com/articles/article.asp?p=29803&seqNum=6)
for netgear you can use only single subnet per vlan.
so once again. you can't do what you are trying to do, because you can't assigned the same IP address on the switch for all 10 vlans.
feature you are trying to implement is called in Cisco terms: private vlans
(http://www.ciscopress.com/articles/article.asp?p=29803&seqNum=6)
for netgear you can use only single subnet per vlan.
My Friend Corp_Jones :
I will give you brief about VLANs and if you need more help don’t hesitate to tell me:
Scenario:
If you want to create 10 VLAN, you should Create 10 VLAN with different subnet like this
VLAN 1: Network ID 192.168.1.X /24
VLAN 2: Network ID 192.168.2.X /24
VLAN 3: Network ID 192.168.3.X /24 and so on
Then configure which Ports belong to which VLAN for example:
Port 1 on switch belong to VLAN 2 and Port 2 on the same switch belong to VLAN 3
Then make Routing between ALL VLANs (using Router / L3 Switch) this issue gives full routing between VLANs
Then Apply RACL (Routing Access List) to make some restriction between VLANs for Example:
VLAN 1 Can reaches only VLAN 2 and VLAN 3
VLAN 3 can reach all VLANS
Note: all PCs / Host on the same VLAN can communicate with each other
If u wants to give some restriction in the same VLAN you should Apply VACL (VLAN ACL)
For example:
Pc1 on VLAN 2 cannot ping Pc2 in VLAN2.
Good Luck
Dear Corp_Jones :
check this file too its explanation about PVLAN ( Private VLAN)
Good Luck
PVLAN.pdf
ASKER
Hmm, I'll have a play and write back
ASKER