Avatar of philb19
philb19 asked on

can a device on vlan1 communicate at layer3 - ie ping other devices on different vlans

trying to understands the significance of vlan1 - is it different than other layer2 vlans? thanks

cisco 2960 switches
Switches / HubsRoutersNetworking

Avatar of undefined
Last Comment
philb19

8/22/2022 - Mon
andrew1812

The concept of VLAN's are the same on Layer 2 and Layer 3 switches. Wheras on a layer 2 switch, intervlan configuration cannot be performed and an additional device like a router is required for the same. On a layer 3 switch, you can enable intervlan communication on the switch itself and an additional device like a router is not required. So devices on vlan 1 can communicate on devices on different vlan's provide the necessary configuration /devices are available on a layer 2 and layer 3 switch.
ASKER
philb19

Thanks - I understand concepts - I just have this odd situation where a PC - with secondary IP (on same subnet as phone vlan ) - CAN ping the phone ip670

the phone on vlan101
the PC on data vlan202

we are trying to get head around HOW this is possible? someone mentioned something about phone being on vlan1 by default.


there is no route between the 2 vlans - when you do a tracert on PC to the phone IP - it goes straight there - any ideas?
andrew1812

Just trying to confirm the scenario

1. The PC is on vlan 202. The PC has the primary IP address which is on a different network than the secondary IP address.

2. The phone is on vlan 101.

3. The secondary IP address and the IP address of the phone belongs to the same network

4. Both the phone and the PC is connected to a single switch Cisco 2960

Questions

1. What is the default gateway configured on the PC for the primary IP address

2. If a default gateway is configured, what device is that , Is it a router or any other device and is the device connected to the switch ?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
philb19

great thanks for help

1 - you are correct
2 correct
3 correct
4 correct

q's
1 gateway is a 3750 - i just did a sh ip route - and there is no route to the PHONE VOICE VALN

2 is the device connected to the same switch as the PC and phone connected switch - no not physically - the switch is in a floor rack - the 3750 is in server room - their may be an uplink to the 3750 - im not at work - so cant physically check
Frank Mayer

Hi,
Ok just an idea: could it be that not the phone is answering when you do your tracert?
Could it be another device? Check for the mac address to make sure. Perhaps one ip adress is set to fixed ip on a device where dhcp should be used, so it comes to an adress conflict.
ASKER
philb19

Perhaps one ip adress is set to fixed ip on a device where dhcp should be used, so it comes to an adress conflict. - hi - not sure what you mean here? - in any case I have pinged several phones on the phone vlan and can ping them all - does that rule out what you are suggesting? - thanks
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
andrew1812

I am assuming the following

The 2760 switch should be connected to the 3750 using a trunk link. The PC is on a port on 2760 which belongs to vlan 202. The phone is also on 2760 and is on a port which belongs to vlan 101. 3750 would be configured with IP addresses for respective vlans 202 and 101.

Assuming that the IP address of VLAN 101 is 192.168.1.1/24 and that of vlan 202 is 192.168.2.1/24

Perform the following test

1.

ping the IP address of vlan 101 (192.168.1.1) from the PC.  If you are able to get a response, this implies that routing is happening on the 3750 due to which you are getting a response.
Could be because " ip routing" command is provided on the 3750 switch.

2.

Also when you type the command "show ip route" do you see the VLAN IP addresses displayed as directly connected networks ? ( 192.168.1.0/24 and 192.168.2.0/24).
ASKER
philb19

Thanks Andrew  - I really appreciate your response - Ill need to test this at work tomorrow. Please re-check my answers tomorrow
Frank Mayer

Hi,
When you ping or do a tracert on the given ip-address it could be that another machine answers for that ip. Perhaps someone set it to a fixed ip on some machine which is exactly the ip of your phone. To rule this out look up the mac-address of your ipphone and find the mac of the machine you are looking at in the other vlan. You could use nmap for that
Www.nmap.org
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
philb19

ok - but as i stated i can ping more than 1 phone - i pinged 2 phones?
Frank Mayer

Ok,
To See wether there is Second device answering
You could Switch Off the phone and see wether
It still answers.
Nevertheless if all phones are answering
There is for sure some routing involved.
ASKER
philb19

Actually turning off my phone is a very good step to troubleshoot - Can I turn off my phone and still ping another "on" phone from my pc? The cisco engineer thought that maybe my phone was routing somehow. Thanks that gives me something to work on tomorrow.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
philb19

+ you say there is routing "for sure"

Thing is when i do a tracert - It goes straight to the phone IP - no hop
Frank Mayer

Well even if there is no hop shown there is some kind of a bridge between both networks.
If you turn one phone off and you cant ping that ip no more it means there is some bridging for sure. If you still get a reply then another device answers for this ip... Then still make a nmap scan of your whole network to see all assigned ips and the corresponding mac-addresses.
giltjr

--> I just have this odd situation where a PC - with secondary IP (on same subnet as phone vlan ) - CAN ping the phone ip670.

Does this mean the PC has two IP addresses?  And the second one is on the same subnet as the phone?

Is the switch port that the PC connected to trunked?  Is the PC setup to tag the frames?
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER
philb19

PC has 2 address's  - yes 2nd one is on the same subnet as phone

Is the switch port that the PC connected to trunked? = YES

 Is the PC setup to tag the frames? - ???? This part I dont know HOW do i find out please? - something on the PC?
giltjr

What type of NIC?  What OS?

If the PC has a 2nd address on the same subnet as the phone and the switch port is trunked,then when you ping the phone, the OS will use the source IP address for the one that is on the same IP subnet.

If you do  ipconfig /print then you should see a route for the "phone subnet" that uses the PC's IP address on that subnet.
ASKER
philb19

thanks route print says

on-link?

 177.20.109.255  255.255.255.255         On-link      177.20.109.4

177.20.109.4 - this is 2nderrory on PC interface
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
philb19

os is windows 7

Intel(R) 82567LM-3 Gigabit Network Connection - is the nic
giltjr

Bring up the Local Area Connection Properties for the LCN connection.

Then click the Configure box on the top.

Select the Advanced Tab.

Selelect QoS Packet Tagging.  Is it enabled?

I'm still running XP, not sure what on-link means.  Need to research this.
ASKER CERTIFIED SOLUTION
giltjr

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
philb19

damn :( - there is no QoS Packet Tagging in advanced - best i can see is priority VLAN enabled - what is the significance? - it is enabled
so tagging is significant?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
giltjr

Yes,  that is it.  I have XP, under 7 they may have renamed it.

Yes, tagging is significant.

Tagging is how you can have multiple VLAN's on the same single interface.  

When you have a trunked interface you typically have at least 2 different VLAN's.  

You can have 2 tag'ed, or 1 tag'ed and 1 untag'ed.  If you have a untag'ed VLAN, that is the default VLAN and all frames that are untag'ed are assumed to be on that VLAN.
ASKER
philb19

Brilliant - thanks everyone for answers. glitjr nailed it. - some further explanation below:

Beyond its intended purpose of configuring trunk links between switches, ISL is often used in other ways. For example, it is possible to purchase network interface cards that support ISL. If a server were configured with an ISL-capable network card, it could be connected to an ISL port on a switch. This would allow a server to be made part of multiple VLANs simultaneously, the benefit being that hosts from different broadcast domains could then access the server without the need for their packets to be routed. While this may seem like a perfect solution, you need to remember than the server would now see all traffic from these VLANs, which could negatively impact performance.

A more common alternative use for ISL is to connect a Cisco router to a switch in order to facilitate the routing of traffic between VLANs. For example, if you wanted to route traffic between VLANs 1 and 99 in a non-ISL environment with one switch, you would need to connect the router to both a port on VLAN 1 and a port on VLAN 99, as shown below.
giltjr

Today you will see more and more switch port's configured as trunks for the sole purpose of VIOP.  Instead of running two LAN stations to each cube, there is one LAN station that the computer and VOIP traffic share.   However, you need to isolate the traffic so you use VLAN's.

Typically the VOIP traffic  will have tagged traffic and the computer will have untag'ed.  

Notice I said VOIP traffic and not phone.  This is because the VOIP traffic can either be a phone or software running on the computer.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
philb19

Typically the VOIP traffic  will have tagged traffic and the computer will have untag'ed.

so in my case the computer traffic is tagged as well - yes?
giltjr

It's hard to tell without looking at the switch config.

It sounds like you have access to the switch config, so see if the switch config for that port has:

   switchport trunk native vlan ###

Where ### is either 201 or 202.   If it has this, then the VLAN number specified is un'tagged.  If it does NOT have this, then the native VLAN is defaulting to VLAN 1 and both 201 and 202 would be tagged VLANs.
ASKER
philb19

thanks is this - switchport trunk native vlan ### - run from the port interface?

eg interface gi/0/24

or just from config t?

this command tells me the native vlan?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
giltjr

You can do:

     show run int gi0/24

Replacing gi0/24 with whatever the interface name is.  If it has:

switchport trunk native vlan ###

then the native vlan is ###, if it does not have that line, then the native vlan is 1.
ASKER
philb19

the native is vlan 1 - so thAt means tAGGED?
giltjr

That means that VLAN 1 is untagged and VLAN 201 and 202 are tagged.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
philb19

Sorry - yep clear now thanks again - the data vlan is tagged