can a device on vlan1 communicate at layer3 - ie ping other devices on different vlans

trying to understands the significance of vlan1 - is it different than other layer2 vlans? thanks

cisco 2960 switches
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The concept of VLAN's are the same on Layer 2 and Layer 3 switches. Wheras on a layer 2 switch, intervlan configuration cannot be performed and an additional device like a router is required for the same. On a layer 3 switch, you can enable intervlan communication on the switch itself and an additional device like a router is not required. So devices on vlan 1 can communicate on devices on different vlan's provide the necessary configuration /devices are available on a layer 2 and layer 3 switch.
philb19Author Commented:
Thanks - I understand concepts - I just have this odd situation where a PC - with secondary IP (on same subnet as phone vlan ) - CAN ping the phone ip670

the phone on vlan101
the PC on data vlan202

we are trying to get head around HOW this is possible? someone mentioned something about phone being on vlan1 by default.

there is no route between the 2 vlans - when you do a tracert on PC to the phone IP - it goes straight there - any ideas?
Just trying to confirm the scenario

1. The PC is on vlan 202. The PC has the primary IP address which is on a different network than the secondary IP address.

2. The phone is on vlan 101.

3. The secondary IP address and the IP address of the phone belongs to the same network

4. Both the phone and the PC is connected to a single switch Cisco 2960


1. What is the default gateway configured on the PC for the primary IP address

2. If a default gateway is configured, what device is that , Is it a router or any other device and is the device connected to the switch ?
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

philb19Author Commented:
great thanks for help

1 - you are correct
2 correct
3 correct
4 correct

1 gateway is a 3750 - i just did a sh ip route - and there is no route to the PHONE VOICE VALN

2 is the device connected to the same switch as the PC and phone connected switch - no not physically - the switch is in a floor rack - the 3750 is in server room - their may be an uplink to the 3750 - im not at work - so cant physically check
Frank MayerTechnical Voip SupportCommented:
Ok just an idea: could it be that not the phone is answering when you do your tracert?
Could it be another device? Check for the mac address to make sure. Perhaps one ip adress is set to fixed ip on a device where dhcp should be used, so it comes to an adress conflict.
philb19Author Commented:
Perhaps one ip adress is set to fixed ip on a device where dhcp should be used, so it comes to an adress conflict. - hi - not sure what you mean here? - in any case I have pinged several phones on the phone vlan and can ping them all - does that rule out what you are suggesting? - thanks
I am assuming the following

The 2760 switch should be connected to the 3750 using a trunk link. The PC is on a port on 2760 which belongs to vlan 202. The phone is also on 2760 and is on a port which belongs to vlan 101. 3750 would be configured with IP addresses for respective vlans 202 and 101.

Assuming that the IP address of VLAN 101 is and that of vlan 202 is

Perform the following test


ping the IP address of vlan 101 ( from the PC.  If you are able to get a response, this implies that routing is happening on the 3750 due to which you are getting a response.
Could be because " ip routing" command is provided on the 3750 switch.


Also when you type the command "show ip route" do you see the VLAN IP addresses displayed as directly connected networks ? ( and
philb19Author Commented:
Thanks Andrew  - I really appreciate your response - Ill need to test this at work tomorrow. Please re-check my answers tomorrow
Frank MayerTechnical Voip SupportCommented:
When you ping or do a tracert on the given ip-address it could be that another machine answers for that ip. Perhaps someone set it to a fixed ip on some machine which is exactly the ip of your phone. To rule this out look up the mac-address of your ipphone and find the mac of the machine you are looking at in the other vlan. You could use nmap for that
philb19Author Commented:
ok - but as i stated i can ping more than 1 phone - i pinged 2 phones?
Frank MayerTechnical Voip SupportCommented:
To See wether there is Second device answering
You could Switch Off the phone and see wether
It still answers.
Nevertheless if all phones are answering
There is for sure some routing involved.
philb19Author Commented:
Actually turning off my phone is a very good step to troubleshoot - Can I turn off my phone and still ping another "on" phone from my pc? The cisco engineer thought that maybe my phone was routing somehow. Thanks that gives me something to work on tomorrow.
philb19Author Commented:
+ you say there is routing "for sure"

Thing is when i do a tracert - It goes straight to the phone IP - no hop
Frank MayerTechnical Voip SupportCommented:
Well even if there is no hop shown there is some kind of a bridge between both networks.
If you turn one phone off and you cant ping that ip no more it means there is some bridging for sure. If you still get a reply then another device answers for this ip... Then still make a nmap scan of your whole network to see all assigned ips and the corresponding mac-addresses.
--> I just have this odd situation where a PC - with secondary IP (on same subnet as phone vlan ) - CAN ping the phone ip670.

Does this mean the PC has two IP addresses?  And the second one is on the same subnet as the phone?

Is the switch port that the PC connected to trunked?  Is the PC setup to tag the frames?
philb19Author Commented:
PC has 2 address's  - yes 2nd one is on the same subnet as phone

Is the switch port that the PC connected to trunked? = YES

 Is the PC setup to tag the frames? - ???? This part I dont know HOW do i find out please? - something on the PC?
What type of NIC?  What OS?

If the PC has a 2nd address on the same subnet as the phone and the switch port is trunked,then when you ping the phone, the OS will use the source IP address for the one that is on the same IP subnet.

If you do  ipconfig /print then you should see a route for the "phone subnet" that uses the PC's IP address on that subnet.
philb19Author Commented:
thanks route print says

on-link?         On-link - this is 2nderrory on PC interface
philb19Author Commented:
os is windows 7

Intel(R) 82567LM-3 Gigabit Network Connection - is the nic
Bring up the Local Area Connection Properties for the LCN connection.

Then click the Configure box on the top.

Select the Advanced Tab.

Selelect QoS Packet Tagging.  Is it enabled?

I'm still running XP, not sure what on-link means.  Need to research this.
On-link means that the IP addresses within that subnet are on the same subnet as this computer.  So it does not need to go through a router.

This indicates to me that VLAN tag'ing is enabled.  The computer has an IP address on both VLAN's so it can talk to the phones without going through a router.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
philb19Author Commented:
damn :( - there is no QoS Packet Tagging in advanced - best i can see is priority VLAN enabled - what is the significance? - it is enabled
so tagging is significant?
Yes,  that is it.  I have XP, under 7 they may have renamed it.

Yes, tagging is significant.

Tagging is how you can have multiple VLAN's on the same single interface.  

When you have a trunked interface you typically have at least 2 different VLAN's.  

You can have 2 tag'ed, or 1 tag'ed and 1 untag'ed.  If you have a untag'ed VLAN, that is the default VLAN and all frames that are untag'ed are assumed to be on that VLAN.
philb19Author Commented:
Brilliant - thanks everyone for answers. glitjr nailed it. - some further explanation below:

Beyond its intended purpose of configuring trunk links between switches, ISL is often used in other ways. For example, it is possible to purchase network interface cards that support ISL. If a server were configured with an ISL-capable network card, it could be connected to an ISL port on a switch. This would allow a server to be made part of multiple VLANs simultaneously, the benefit being that hosts from different broadcast domains could then access the server without the need for their packets to be routed. While this may seem like a perfect solution, you need to remember than the server would now see all traffic from these VLANs, which could negatively impact performance.

A more common alternative use for ISL is to connect a Cisco router to a switch in order to facilitate the routing of traffic between VLANs. For example, if you wanted to route traffic between VLANs 1 and 99 in a non-ISL environment with one switch, you would need to connect the router to both a port on VLAN 1 and a port on VLAN 99, as shown below.
Today you will see more and more switch port's configured as trunks for the sole purpose of VIOP.  Instead of running two LAN stations to each cube, there is one LAN station that the computer and VOIP traffic share.   However, you need to isolate the traffic so you use VLAN's.

Typically the VOIP traffic  will have tagged traffic and the computer will have untag'ed.  

Notice I said VOIP traffic and not phone.  This is because the VOIP traffic can either be a phone or software running on the computer.
philb19Author Commented:
Typically the VOIP traffic  will have tagged traffic and the computer will have untag'ed.

so in my case the computer traffic is tagged as well - yes?
It's hard to tell without looking at the switch config.

It sounds like you have access to the switch config, so see if the switch config for that port has:

   switchport trunk native vlan ###

Where ### is either 201 or 202.   If it has this, then the VLAN number specified is un'tagged.  If it does NOT have this, then the native VLAN is defaulting to VLAN 1 and both 201 and 202 would be tagged VLANs.
philb19Author Commented:
thanks is this - switchport trunk native vlan ### - run from the port interface?

eg interface gi/0/24

or just from config t?

this command tells me the native vlan?
You can do:

     show run int gi0/24

Replacing gi0/24 with whatever the interface name is.  If it has:

switchport trunk native vlan ###

then the native vlan is ###, if it does not have that line, then the native vlan is 1.
philb19Author Commented:
the native is vlan 1 - so thAt means tAGGED?
That means that VLAN 1 is untagged and VLAN 201 and 202 are tagged.
philb19Author Commented:
Sorry - yep clear now thanks again - the data vlan is tagged
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.