Solved

can a device on vlan1 communicate at layer3 - ie ping other devices on different vlans

Posted on 2012-03-17
32
440 Views
Last Modified: 2012-03-19
trying to understands the significance of vlan1 - is it different than other layer2 vlans? thanks

cisco 2960 switches
0
Comment
Question by:philb19
  • 16
  • 9
  • 4
  • +1
32 Comments
 
LVL 5

Expert Comment

by:andrew1812
ID: 37733922
The concept of VLAN's are the same on Layer 2 and Layer 3 switches. Wheras on a layer 2 switch, intervlan configuration cannot be performed and an additional device like a router is required for the same. On a layer 3 switch, you can enable intervlan communication on the switch itself and an additional device like a router is not required. So devices on vlan 1 can communicate on devices on different vlan's provide the necessary configuration /devices are available on a layer 2 and layer 3 switch.
0
 

Author Comment

by:philb19
ID: 37733950
Thanks - I understand concepts - I just have this odd situation where a PC - with secondary IP (on same subnet as phone vlan ) - CAN ping the phone ip670

the phone on vlan101
the PC on data vlan202

we are trying to get head around HOW this is possible? someone mentioned something about phone being on vlan1 by default.


there is no route between the 2 vlans - when you do a tracert on PC to the phone IP - it goes straight there - any ideas?
0
 
LVL 5

Expert Comment

by:andrew1812
ID: 37733986
Just trying to confirm the scenario

1. The PC is on vlan 202. The PC has the primary IP address which is on a different network than the secondary IP address.

2. The phone is on vlan 101.

3. The secondary IP address and the IP address of the phone belongs to the same network

4. Both the phone and the PC is connected to a single switch Cisco 2960

Questions

1. What is the default gateway configured on the PC for the primary IP address

2. If a default gateway is configured, what device is that , Is it a router or any other device and is the device connected to the switch ?
0
 

Author Comment

by:philb19
ID: 37734019
great thanks for help

1 - you are correct
2 correct
3 correct
4 correct

q's
1 gateway is a 3750 - i just did a sh ip route - and there is no route to the PHONE VOICE VALN

2 is the device connected to the same switch as the PC and phone connected switch - no not physically - the switch is in a floor rack - the 3750 is in server room - their may be an uplink to the 3750 - im not at work - so cant physically check
0
 
LVL 5

Expert Comment

by:Yohei0815
ID: 37734484
Hi,
Ok just an idea: could it be that not the phone is answering when you do your tracert?
Could it be another device? Check for the mac address to make sure. Perhaps one ip adress is set to fixed ip on a device where dhcp should be used, so it comes to an adress conflict.
0
 

Author Comment

by:philb19
ID: 37734502
Perhaps one ip adress is set to fixed ip on a device where dhcp should be used, so it comes to an adress conflict. - hi - not sure what you mean here? - in any case I have pinged several phones on the phone vlan and can ping them all - does that rule out what you are suggesting? - thanks
0
 
LVL 5

Expert Comment

by:andrew1812
ID: 37734535
I am assuming the following

The 2760 switch should be connected to the 3750 using a trunk link. The PC is on a port on 2760 which belongs to vlan 202. The phone is also on 2760 and is on a port which belongs to vlan 101. 3750 would be configured with IP addresses for respective vlans 202 and 101.

Assuming that the IP address of VLAN 101 is 192.168.1.1/24 and that of vlan 202 is 192.168.2.1/24

Perform the following test

1.

ping the IP address of vlan 101 (192.168.1.1) from the PC.  If you are able to get a response, this implies that routing is happening on the 3750 due to which you are getting a response.
Could be because " ip routing" command is provided on the 3750 switch.

2.

Also when you type the command "show ip route" do you see the VLAN IP addresses displayed as directly connected networks ? ( 192.168.1.0/24 and 192.168.2.0/24).
0
 

Author Comment

by:philb19
ID: 37734580
Thanks Andrew  - I really appreciate your response - Ill need to test this at work tomorrow. Please re-check my answers tomorrow
0
 
LVL 5

Expert Comment

by:Yohei0815
ID: 37734639
Hi,
When you ping or do a tracert on the given ip-address it could be that another machine answers for that ip. Perhaps someone set it to a fixed ip on some machine which is exactly the ip of your phone. To rule this out look up the mac-address of your ipphone and find the mac of the machine you are looking at in the other vlan. You could use nmap for that
Www.nmap.org
0
 

Author Comment

by:philb19
ID: 37734681
ok - but as i stated i can ping more than 1 phone - i pinged 2 phones?
0
 
LVL 5

Expert Comment

by:Yohei0815
ID: 37734698
Ok,
To See wether there is Second device answering
You could Switch Off the phone and see wether
It still answers.
Nevertheless if all phones are answering
There is for sure some routing involved.
0
 

Author Comment

by:philb19
ID: 37734734
Actually turning off my phone is a very good step to troubleshoot - Can I turn off my phone and still ping another "on" phone from my pc? The cisco engineer thought that maybe my phone was routing somehow. Thanks that gives me something to work on tomorrow.
0
 

Author Comment

by:philb19
ID: 37734739
+ you say there is routing "for sure"

Thing is when i do a tracert - It goes straight to the phone IP - no hop
0
 
LVL 5

Expert Comment

by:Yohei0815
ID: 37734857
Well even if there is no hop shown there is some kind of a bridge between both networks.
If you turn one phone off and you cant ping that ip no more it means there is some bridging for sure. If you still get a reply then another device answers for this ip... Then still make a nmap scan of your whole network to see all assigned ips and the corresponding mac-addresses.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37735790
--> I just have this odd situation where a PC - with secondary IP (on same subnet as phone vlan ) - CAN ping the phone ip670.

Does this mean the PC has two IP addresses?  And the second one is on the same subnet as the phone?

Is the switch port that the PC connected to trunked?  Is the PC setup to tag the frames?
0
 

Author Comment

by:philb19
ID: 37736014
PC has 2 address's  - yes 2nd one is on the same subnet as phone

Is the switch port that the PC connected to trunked? = YES

 Is the PC setup to tag the frames? - ???? This part I dont know HOW do i find out please? - something on the PC?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 57

Expert Comment

by:giltjr
ID: 37736064
What type of NIC?  What OS?

If the PC has a 2nd address on the same subnet as the phone and the switch port is trunked,then when you ping the phone, the OS will use the source IP address for the one that is on the same IP subnet.

If you do  ipconfig /print then you should see a route for the "phone subnet" that uses the PC's IP address on that subnet.
0
 

Author Comment

by:philb19
ID: 37736084
thanks route print says

on-link?

 177.20.109.255  255.255.255.255         On-link      177.20.109.4

177.20.109.4 - this is 2nderrory on PC interface
0
 

Author Comment

by:philb19
ID: 37736087
os is windows 7

Intel(R) 82567LM-3 Gigabit Network Connection - is the nic
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37736103
Bring up the Local Area Connection Properties for the LCN connection.

Then click the Configure box on the top.

Select the Advanced Tab.

Selelect QoS Packet Tagging.  Is it enabled?

I'm still running XP, not sure what on-link means.  Need to research this.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 37736113
On-link means that the IP addresses within that subnet are on the same subnet as this computer.  So it does not need to go through a router.

This indicates to me that VLAN tag'ing is enabled.  The computer has an IP address on both VLAN's so it can talk to the phones without going through a router.
0
 

Author Comment

by:philb19
ID: 37736116
damn :( - there is no QoS Packet Tagging in advanced - best i can see is priority VLAN enabled - what is the significance? - it is enabled
so tagging is significant?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37736135
Yes,  that is it.  I have XP, under 7 they may have renamed it.

Yes, tagging is significant.

Tagging is how you can have multiple VLAN's on the same single interface.  

When you have a trunked interface you typically have at least 2 different VLAN's.  

You can have 2 tag'ed, or 1 tag'ed and 1 untag'ed.  If you have a untag'ed VLAN, that is the default VLAN and all frames that are untag'ed are assumed to be on that VLAN.
0
 

Author Closing Comment

by:philb19
ID: 37737119
Brilliant - thanks everyone for answers. glitjr nailed it. - some further explanation below:

Beyond its intended purpose of configuring trunk links between switches, ISL is often used in other ways. For example, it is possible to purchase network interface cards that support ISL. If a server were configured with an ISL-capable network card, it could be connected to an ISL port on a switch. This would allow a server to be made part of multiple VLANs simultaneously, the benefit being that hosts from different broadcast domains could then access the server without the need for their packets to be routed. While this may seem like a perfect solution, you need to remember than the server would now see all traffic from these VLANs, which could negatively impact performance.

A more common alternative use for ISL is to connect a Cisco router to a switch in order to facilitate the routing of traffic between VLANs. For example, if you wanted to route traffic between VLANs 1 and 99 in a non-ISL environment with one switch, you would need to connect the router to both a port on VLAN 1 and a port on VLAN 99, as shown below.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37737161
Today you will see more and more switch port's configured as trunks for the sole purpose of VIOP.  Instead of running two LAN stations to each cube, there is one LAN station that the computer and VOIP traffic share.   However, you need to isolate the traffic so you use VLAN's.

Typically the VOIP traffic  will have tagged traffic and the computer will have untag'ed.  

Notice I said VOIP traffic and not phone.  This is because the VOIP traffic can either be a phone or software running on the computer.
0
 

Author Comment

by:philb19
ID: 37737220
Typically the VOIP traffic  will have tagged traffic and the computer will have untag'ed.

so in my case the computer traffic is tagged as well - yes?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37737398
It's hard to tell without looking at the switch config.

It sounds like you have access to the switch config, so see if the switch config for that port has:

   switchport trunk native vlan ###

Where ### is either 201 or 202.   If it has this, then the VLAN number specified is un'tagged.  If it does NOT have this, then the native VLAN is defaulting to VLAN 1 and both 201 and 202 would be tagged VLANs.
0
 

Author Comment

by:philb19
ID: 37737617
thanks is this - switchport trunk native vlan ### - run from the port interface?

eg interface gi/0/24

or just from config t?

this command tells me the native vlan?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37737717
You can do:

     show run int gi0/24

Replacing gi0/24 with whatever the interface name is.  If it has:

switchport trunk native vlan ###

then the native vlan is ###, if it does not have that line, then the native vlan is 1.
0
 

Author Comment

by:philb19
ID: 37737784
the native is vlan 1 - so thAt means tAGGED?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37737815
That means that VLAN 1 is untagged and VLAN 201 and 202 are tagged.
0
 

Author Comment

by:philb19
ID: 37737919
Sorry - yep clear now thanks again - the data vlan is tagged
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now