SGE2000 / questions SRW208G VLAN

So we have a little SGE2000P and several SRW208G more, and it was decided to use a GSM7312 for basic L3 functionality (price was among the main issues to be considered, we have found nothing else suited our needs of features in this range). We have just received the GSM7312, seized of the whole of the network was flat

We have several VLANs that need to communicate with some shared resources on a particular VIRTUAL local network. A VLAN mentioned individual will, among other things, the domain controller (make DNS/DHCP) and our RAS in a box that does also all web content filtering, RAS area is directly connected to our line of T-carrier.

right now, everything is in 1 VLAN pointing to the RAS area as its front door. currently all EMS/SRW switches are also directed towards the RAS area as a gateway.

So now we have L3 functionality in place and can affect the IPs to VLAN, am I right to say that all the SEMs and SRWs must point to as default gateway GSM, while GSM only points to the RAS area as its entrance door?

What about pushing DHCP from the domain controller in 1 VLAN to all others? I see that both the EMS and GSM support DHCP relay - what do I have to use? Something doesn't seem right about this... for example. Let's say I have the ms in the VLAN 200 (192.168.2.0/24) and VLAN 300 (192.168.3.0/24) and 400 (192.168.4.0/24) customers. If the switch transmits a broadcast DHCP request to the domain controller, the domain controller is going to know what scope/pool to give the address of? The server would be blind to the fact that the request was relayed to all, and even less should it been relayed from a knot of VLAN 400.

There are a few resolutions in my mind to this problem, but I don't know that I'm barking all the good trees.

One thought would be to establish special reserves for DHCP leases by MAC address in DHCP server pools (assuming that the destination MAC is not changed when the switch relay... I would even consider that at all until I typed all this).

Another idea would be to multihome server and place it in each VLAN unique just to serve DHCP addresses

Another idea would be to buy an 802. 1 q capable NETWORK card for the server and the trunk all the VLAN to it.

These two little seems to defeat some of the purpose of VLAN'ing because network that I placed once more at least 1 server in each area of dissemination of layer 2.

Someone please tell me what single thing I'm on

1. your box of RAS is already a router. This is your default gateway to the internet. The routes on the RAS area are to tell her at what router it traffic for what IP subnet. For example, the traffic of 10.10.71.0/255.255.255.0 must go the GSM. So:

2. you must add 3 routes on the RAS server. And on the domain controller to route traffic directly to the correct gateway, you must add the same routes. Otherwise the DC would always send the traffic to the RAS hence it is send to the mobile PHONE, even if it was possible for the domain controller to send it directly to the GSM. A route tells a computer where to send a specific IP traffic. You need the transatlantic lines to suite of destinations on the AR and the domain controller:

10.10.71.0/255.255.255.0
10.10.30.0/255.255.255.0
10.10.40.0/255.255.255.0

The gateway to all these three subnets is GSM not the RAS. Let's not the 10.0.2.3 that you have suggested. The correct IP address is 10.0.1.230, which is the IP address of the GSM (the next router on the path to these destinations). These roads should be persisted. You can add at the command prompt, or I think you can also add them to RRAS.

3. you're merging doesn't have anything by doing this. The GSM and the RAS will be routers and therefore only to route traffic between subnets. In so doing, they provide connectivity. But it is not fusion. You would merge networks if you put in a bridge instead of a router or switch.

4. the Handset will always carry the traffic according to its routing table. By default, the routing table contains all subnets to which it is directly connected. The routing of the GSM table has entries of routing for all four IP subnets to which it is connected: 10.0.0.0/255.255.0.0, 10.10.71.0/24, 10.10.30.0/24 and 10.10.40.0/24. If the mobile PHONE receives a packet for any of these IP subnets it will forward it to the destination in the VLAN respective. If the IP address is not in these four subnets it passes the packet to the gateway by default unless you define a static route. For your configuration, you don't have to add the routes to the mobile PHONE. He already knows what he has to know.

5. the change of IP address you want is not possible: you cannot configure a VLAN 10.10.0.0/255.255.0.0. It is not possible. The 10.10.0.0/16 VLAN consists of all the IPS 10.10. *. *. If you have a VIRTUAL LAN that you cannot have another VLAN with IP address 10.10.30.0/24. Any IP subnet that is connected to a router must be different. If the mobile PHONE has two VLAN connected 10.10.0.0/16 and 10.10.30.0/24 he wouldn't know where to send the traffic to 10.10.30. * because this IP address is routable two different VLANs. You can only move servers to a subnet as 10.10.1.0/24 or similar. It would be unique in your configuration.

6. There is no "L3 VLAN. A VLAN is always a VLAN. It's always layer 2. You can consider each VLAN as a completely separate physical unmanaged ethernet LAN switching. VLAN is simply a technique to have several LAN separated on a single device (p. ex. 1 managed switch with 4 VLANS instead of 4 switches unmanaged separated). An L3 switch is just another word for a VIRTUAL local network router. It's a L2 switch with a built-in router. There's still that L2 VLAN. But it can also route between different IP subnets in the connected VLANs.

Tags: Linksys Switches

Similar Questions

  • Question of VLAN by default and best practices

    Hi all

    I recently read on VMwares ESX Server 802. 1 q-paper Solutions of VLAN and came across the following article:

    Question of VLAN native (aka "VLAN1 Issues")

    "VLAN native is used to switch protocol management and control.  Native frames of VLAN is not VLAN ID tag in many types of switches, and in which case the trunk ports implicitly treat all frames not marked as frame VLAN native.

    VLAN 1 is the native VLAN ID by default for most Cisco switches.  However, in many enterprise networks, the VLAN is the VLAN 1 or 100, it could be any number depending on your configuration of switch type and running.

    It is common recommended to avoid using some VLAN native (often the VLAN 1) for any regular data traffic.  VMware recommends that you not associate any group native virutal server ESX VLAN VLAN ID switch port.  Also, so that you avoid them VLAN native for your groups of ports VLAN, no native VLAN related configuration is required on ESX Server systems. »

    That being said, I know a lot of people and more small to medium-sized networks leave light network VLAN by default.  If this is the case it would be better to change the entire network switching to one VLAN different and then put groups of ports on the same VLAN?  Or is the problem with the default VLAN really does not impact?

    Hello

    You have quite a few involved networks when you use virtualization and some I would classify as a virtualization host networks: the Service Console, VMotion, storage over IP.  They are more likely on separate networks of your VM network traffic... At least use VLAN to do this.

    See http://kensvirtualreality.wordpress.org for a good series of articles on virtual networks.

    Best regards
    Edward L. Haletky
    VMware communities user moderator, VMware vExpert 2009, Analyst of DABCC
    ====
    Now available on Rough Cuts: ' VMware vSphere (TM) and Virtual Infrastructure Security: ESX security and virtual environment '
    Also available "VMWare ESX Server in the enterprise"
    SearchVMware Pro| Blue gears. Top virtualization security links| Security Round Table Podcast virtualization

  • Question of vlan Cisco 7600 PFD

    Hello!

    Please help with a question.

    In our network, we have 7600 and I need to create a service of vpls with two different VLAN associated with a PFD:

    L2 PFD manual test
    VPN id 100
    neighbor 1.1.1.1 mpls encapsulation

    interface Vlan120
    no ip address
    Shutdown
    PFD xconnect tests
    !
    interface Vlan121
    no ip address

    And when I try to reach "xconnect PFD testing:

    Incompatible with the PFD configured setting.
    Check the interface MTU, VLAN ID size
    Or try to configure BPDU PW on routed SVI, which is not allowed

    Is it possible to do or not? No mapping VLANs etc.

    Thank you all!

    Hi Dimitri, you can do it, but the link is made to port vlan does not level level IVR.

    Here is a configuration snippet:

    the GigabitEthernet4/1/0 interface

    101 ethernet service instance

    encapsulation dot1q 101 second 10

    rewrite the penetration pop tag 2 symmetrical

    interface GigabitEthernet4/1/1

    ethernet 100 service instance

    encapsulation dot1q 100

    rewrite tag pop 1 symmetrical penetration

    connect GigabitEthernet4/1/0 eline-101 101 100 GigabitEthernet4/1/1

    Xander

  • Questions of VLAN and configuration for Cisco AIR-CT2504-25-K9 Controller

    Hello

    It's my first time thanks to the Cisco wireless solutions, so I was hopping someone could help me with the following:

    We just bought the AIR-CT2504-25-K9 controller with some points of access for the AIR-CAP1702I-E-K9.

    The network is as follows:

    Peripheral layer 3 (managed by third parties): it's on the domain network. (VLAN by default, 1 - unidentified)

    ADSL router - it's the network without comment thread. (Default Vlan 4 - tagged).

    VOIP: VLAN 5.

    Both fittings go into a switch Cisco SG500 52 (Layer 2). There is a port to shared resources on the switch SG500 with VLAN 1 (Tagged) and VLAN 4 (with tag). The WLAN controller is plugged into this port trunking.

    The data and management network are in the same subnet and on the same VLAN (1).

    I used the wizard on the controller setup.

    There are three interfaces:

    management VLAN ID 1 IP 192.168.1.2 Port 1 (configured with a gateway domain network, DHCP, etc.).

    VLAN wireless identifier 4 IP 192.168.5.1 Port 1 comments (configured with modem router ADSL, DHCP, etc.).

    Virtual IP 192.0.2.1

    Proxy DHCP active overall.

    There are two wlan networks:

    (1) area - management Interface - SSID abc.

    (2) comments - comments Wireless Interface - SSID xyz (the wizard put to management, but I changed it to the wireless).

    Are the AP connected to another SG500 switch which is shared resources to the switch with the controller.

    Ports of the APs are connected to have only 1 VLAN unidentified. They don't have 4 VLAN Tag or not identified. However, everything seems to work as expected.

    When I join the guest network (SSID xyz), I get an IP address from the router ADSL and all Internet traffic goes through him. When I connect to the domain network (SSID abc), I get an IP address from the DHCP in Windows Server and all traffic goes through the device of layer 3 (I checked the public IP address in my browser). I can't ping anything from one network to the other.

    My questions are the following:

    (1) how the guest network traffic (VLAN 4) headed the APs controller when they are connected to the ports on VLAN1? Is it because the traffic is encapsulated?

    (2) is set up correctly? After you configure the controller, I saw a note in the forums, this State I can simply enter 0 for the management of VLANS to let it not identified. However, in my case, I kept it as 1, which is the same as the switches and then the tag VLAN on the switch. In addition, the set Wizard wlan of comments to use the management interface but I changed it to use the comments interface.

    (3) when I connect to the APs of the controller, I see several options that can be configured manually. Is it necessary for this? For example, there is an option of data encryption.

    Thank you

    A

    Hello

    (1) how the guest network traffic (VLAN 4) headed the APs controller when they are connected to the ports on VLAN1? Is it because the traffic is encapsulated?

    Yes, I'm with CAPWAP:

    More information: http://lets-start-to-learn.blogspot.de/2014/08/cisco-wireless-understand...

    (2) is set up correctly? After you configure the controller, I saw a note in the forums, this State I can simply enter 0 for the management of VLANS to let it not identified. However, in my case, I kept it as 1, which is the same as the switches and then the tag VLAN on the switch. In addition, the set Wizard wlan of comments to use the management interface but I changed it to use the comments interface.

    If you want that mgmt interface must be unmarked and then put 0 otherwise you can use vlan 1.

    I do not have what is configured under mgmt and comments interface, but according to the name I'll say yes, you must set the comments under comments wlan interface.

    (3) when I connect to the APs of the controller, I see several options that can be configured manually. Is it necessary for this? For example, there is an option of data encryption.

    Yes, there are many things that you can configure, but I'll leave most of the default of things unless you really need to change!

    The following best practices: http://www.borderlessccie.net/?p=270

    Concerning

    Remember messages useful rates

  • Nexus 5600 HSRP design question for VLAN stretched between 2 areas of vPc.

    To our new data center network, I have 4 5672UP Nexus in two data centers. Between data centers is a redundant vPc with fiber 2x10Gb. I have configured two areas VPC, one for each data center. I read that HSRP within a VPC domain is active/inactive, but I wonder what would be the right way to configure the HSRP configuration for the VLAN tense because they are two areas different vPc?

    If you need isolation of FHRP between sites, this can be achieved by configuring the HSRP authentication in the same place so stop the HSRP Hellos between the treatment sites and allow each site to act in active / standby. Due to the HW on the 5600 Nexus architecture, control plane packets multicast are punted to the CPU, ignoring any PACL or MAC - ACL. So with a PACKAGE, you will not be able to filter the Hellos HSRP, ARP, BPDU, etc. that need to go to the CPU, because there is an ACL predefined to redirect traffic to control CPU and this ACL that overrides the ACL configured by the user. It is advisable to set up "no arp ip free hsrp duplicate" to repress unnecessary GARPs at each location in this design as well. Note 4-way HSRP is supported only on the latest versions of NX - OS, see also CSCuy89705.

    Another solution is to run FabricPath DCI with Anycast HSRP, which will allow all the 5600 to act as an active gateway by default, refer to page 22 of the FabricPath Cisco best practices.

    -Jeffords Tyler

  • Question of VLAN native of UCS

    All,

    I have a problem that I can not just wrap my mind autour.  We have UCS setup in a lab with 2 interconnections connected to 2 nexus switches 5510.  The nexus switches are passed to the network via a Switch 4900 m.  All circuits are configured and tested as functional. All routing is configured and confirmed.  I have a problem in UCS, which is confusing to me.  In the lab, I kept the VLAN native to the vlan1.  I have the Setup VLAN 2-10 on all switches test and interconnections.  I created a service profile that contains 1 network card and placed it in the VLAN 7.  I installed Windows 2008 on a blade using this service profile.  In the operating system I statically IP'ed the NIC for the schema used in VLAN 7.  The OS, I cannot ping another device located in the vlan 7.  Also, I can't ping a host on a different VLAN.  If I place a check on the VLAN 1 as the vlan native I still cannot ping anything.  If I place the audit for vlan native to vlan 7 I can ping hosts in the same vlan, as well as outside of the vlan.  So why should I place vlan 7 as the vlan native when all my boxes are set up in the vlan 1 is the vlan native?

    Thanks for any help,

    Ken

    Ken,

    When you allow some VLANs on your Service vNIC profile you will need to set the VLAN native. This is because the way you have configured currently you are only "allowing VLAN 15', but you're not marking it.   It will work fine for ESX or Linux which allows to assign the dot1q tag to the host.  With Windows unless you have specific drivers doing the marking for you, you will need to do it at the level of the vNIC in UCS.

    Two ways to see this in action.  When you create a service profile in the 'Basic' - not 'Expert' method, you will need to choose a single VLAN for your interfaces.  This will treat interfaces about like an "access Port".  Conversely, when you use the "Expert mode you select the vNIC as a trunk, in which you" will allow to "all VLAN you acceding them as to, like this is the method you did.»

    For a Windows operating system, set the VLAN natively for the VLAN you want to access and you'll be gentle.  Unchecking this option button that "VLAN native" is allowing traffic to cross out of UCS on the VLAN native VLAN 1, your network - it is therefore MAC appears on other fabric under VLAN1

    Kind regards

    Robert

  • Question of vlan native

    What is recommended for the vlan native?

    Please let me know if my interpretation of the vlan native is correct.  The vlan native exists only on the ports of junction and isn't the only one vlan tagged across this trunk where all other VLANS on that would be labelled.  No access port on the switch that do not belong to a vlan will have their traffic included in the vlan native and sent through the trunk unidentified.

    I know that the vlan native on a port that has been configured as a trunk by default is vlan 1.  What are the best practices and the reasons why the vlan native should be replaced by something other than vlan1?

    All access ports belong to a virtual local network even if it is only the vlan 1.

    By default the vlan native is also vlan 1, so I can see where you are coming.

    Except that you're right, that the vlan native should be replaced with something else on the switch, mainly because by default, all ports are in the vlan 1 and vlan 1 is also used for other things as well.

    Make the vlan native one vlan unused example. VLAN 999 is a common one.

    There should be no port end assigned in, any SVI (L3 of the interface vlan for it) and you do not need to enable through the trunk or a link.

    Jon

  • Question of vlan SG200 (ESXi VSA config)

    Hello! I have three switches SG200-26, and I have also two hosts ESXi I want to connect exactly as shown on the attached map of 'best practices' by VMware.

    Even if I created the VLAN in the SG200 and I put the two VLANS (508 and 608), as authorized these ports (where my ESX NIC are connected), I can't host ping host 1 2 when the configuration of their NETWORK interface card to use 608 VLAN.

    Am I missing something? My IP is all in the 192.168. network and the only reason for which I need a VLAN is to separate the traffic of the VSA backend internally, only these two hosts will use the VLAN. So I think that I don't have to create virtual interfaces on my router because this is the case, is my understanding correct?

    Also sending my switch config screenshot below... 3 switches all have the latest firmware.

    Any ideas what to change to make it work on the SG200 would be appreciated!

    VMware also has that Protocol VLANS on the physical switch must be 802. 1 q, not of ISL, someone knows which one uses my SG200-26?
    In addition, the only requirements is that my two hosts:

    • Are in the same subnet.
    • Have static IP addresses.
    • Have the same default gateway configured.

    Thank you for your time!

    Alex

    Hi Alex,

    My switch supports 802. 1 q, your config switch seems ok at this point.

    Here are some of my thoughts that I see the announcement and I'm a bit confused.

    What worries me is the configuration on the wall of sound, or the router, they are not spread of VLAN between ports on the router?

    • You're not VLAN 508 multiplication and 608 via the router, so I guess you have two network interfaces on the router, one for each of the two switches as shown in the first diagram... You can expand on the description of the network configuration of the router.
    • You are using two NICs for each host and spreading with tag vlan packets for VLAN 508 and 608 of each NETWORK card?  But the pattern of reference would indicate that you have four physical network interface cards to each HOST.
    • If so, I suppose that HOST servers are connected with the GE15 and switch 3 and GE16 and GE2 GE3 switch 1

    Nope, I want to talk to you, please send us your phone coordinated with this validation URL

    dhornste at cisco.com remove the spaces next to the 'at' and replate the to by @.

    Best regards, Dave

  • question of VLAN

    Greetings,

    Is it possible to configure 8 VLANS separated with the following firewall? Is there an additional license or upgrade necessary to allow support for all ports?

    ASA 5505 50 user Bundle includes switch 8 ports Fast Ethernet, IPSec VPN 10 counterparts, 2 SSL VPN peers, 3DES/AES license and 1 extension housing

    REF. Mfg. ASA5505-50-BUN-K9

    Kind regards

    Alberto

    Alberto,

    You need security plust ASA5505-SEC-PL license to create this VLAN ASA5505 amount, you'll have a VLAN up to 20 max.

    Care license

    http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

    See details ASA5505 model/license

    http://www.Cisco.com/en/us/products/ps6120/prod_models_comparison.html

    Rgds

    Jorge

  • Questions of VLAN to the ESX virtual machine

    Guys,

    We run ESX on a R710 with 4 network ports and two virtual servers that it contains.

    We want a server VLAN 1 re-branded and the other to VLAN 2 from the actuall switch. Only problem is there is room for 1 VLAN because all of our physical network cards are already used. Here's the brerakdown.

    vmNIC 0 is for the management port (1 nic physical)

    vmNIC 1 is for VMS (1 nic physical)

    vmNIC 2 & 3 is for the iSCSI network (NIC physical 2)

    So you can see we have not more physical NIC left to assing one of these virtual machines to a VLAN different

    Any ideas? I created a virtual switch, but we of course no physical NIC to attach to it. When I tried to add the existing virtual machien nic, he warned me that the virtual machines will be moved to it. A little confusing, but how do I get this other server on one VLAN different?

    If you enter just one ID VLAN on the parameters of port group ESX will mark all frames leaving the portgroup with a small (4 bytes) 'tag' indicating the id VLAN. This tag will then be analyzed by the physical switch will then understand what VLAN, this framework needs to be sent in.

    However, the switch must be configured to accept incoming frames with certain tags. If this is not the case, most of the switches will drop frames with identification tags VLAN strangers.

  • Question of VLAN to control package mgt Nexus 1000v

    In the documentation of 1000v of last year he suggested that package VSM and control data use different VLAN. However, in the last 2010 document Cisco now has:

    «Cisco recommends to use the same VLAN for control, package and management, but you don't place data traffic on this VLAN.» Flexibility, you can configure separate VLANs. »

    Cisco also provides "Although the management interface is not used to Exchange data between the MSM and VEM, it is used to establish and maintain the connection between the MSM and VMware VirtualCenter Server".

    In a 'high security' deployment of the 1000v, I'm not quite clear what would look like architecture. VCenter clearly needs to connect to the management interface. Control/data packets can stay on a layer 2 VLAN and not be routable to other networks. I'm not a networking guy, but have need to interface with our network team help design, deploy our 1000v. Would put us the control/package/mgt all on a VIRTUAL LAN, then use the ACL to restrict the traffic of just vCenter and other stations approved management work?

    It seems to me the best solution would be a local network VIRTUAL package control information which is the layer 2 only and therefore no gateway or routing. Then place the management interface VLAN another which have Layer 3 connectivity and set the ACLs on the routing to limit what devices can talk to the management interface.

    Thoughts?

    We changed practices version 1.1 to 1.2 with respect to VLANs. There was a lot of pushing all VLANs was exaggerated and confusing to Setup. In a 'high security' configuration, I agree with your last paragraph. I put on a management VLAN is routable and stick control and packages on a non-routable network of L2.

    It's a perfectly acceptable Setup.

    If you go to ACL do not forget the VSM needed connections the following. You need access to vCenter, ssh/telnet access, monitoring of the access, and we use the network interface of pulsation of backup for VSM HA. The heart beat is pure L2 between two VSMs so keep that in mind.

    Louis

  • Question of VLAN.  Communication between two Vlan

    Hello

    We have a network of laboratories.  My ESX Server has two cards on this segment under a Vswitch named Lab_Lan (under default vlan0).  We already have a few virtual machine running on this segment of the lab.  I would like to create two new vlan to simulate the two region.  But for what I understand him Vlan cannot communicate with each other easily. ?  We allow Vlan Trunk on the physical switch?  There is no way to do it in the ESX only... ? Perhaps via a software router?  I need these two new VLANs (1 and 2) can communicate with each other.

    Thanks for the help...

    Don't forget: If you find this information useful, please give points to "correct" or "useful".

    ESX does not routing for VM.

    You can do this with some switches, Layer 3, or with a device of linux that act as a router (with two interfaces).

    André

  • Question of VLAN voice SG300 - 28 p

    Hello

    I was running firmware 1.1.2.0 and everything worked well on 2 of these switches, connected by fiber.  I tried upgrading to the latest firmware (1.3.5.58) and had no luck.  Our phones which are combined Avaya 9650 VoIP has not found the router, would find no DHCP and waited for LLDP.  The update has been applied only on the switch away from the PBX, and yet he still messed up the other switch.  I put the firmware to the original active version, and everything started working again.

    Nothing changed except when I rolled back the version of the firmware, he left all the phones connected to the ports, it changed their marking to not signposted.  I put this back and everything worked fine.

    Y at - it an inconsistency with this firmware with my phones, or what else could be the problem?

    Hi Chris, I think the problem is, the 1.1.2.0 is very different from every version after. When the 1.2.7.76 firmware was introduced it changed the XML code in the switch. If you jump to the top of the 1.1.2.0 to release it later you really should delete your config switch and not reload a configuration file.

    -Tom
    Please mark replied messages useful

  • VLAN Basics

    I read the books of Wendell Odom and I have a question about VLANS and trunking. As far I knew trunking is necessary when you have a network that is split in two between multiple switches. When a host sends a broadcast shall be issued to all hosts in this VLAN on all switches. Switches in turn need to know the VLAN ID when the package comes from another switch. Otherwise he won't know where to deliver the broadcast.

    So in short, my understanding is that trunking is only required for the provision of programming (or packages from unknown hosts, when the package is also flooded to all ports VLAN and trunk) between the switches and only in cases where the network is split between them.

    But I also read that the trunks are necessary between switches and default gateways for networks with the switch services. But I don't see the reason for it. Say, you switch1 switch2 vlanB, vlanA. There is no spread between the switches. And if the host vlanA must deliver unicast packets to host vlanB, then packet is routed using general rules. It comes to the default gateway, then the corresponding switch. Who needs to know the VLAN ID here and for what reason?

    I understand your concern in this way - if the MAC address is unique so why should we VLAN for unicast transfer of packages of L2 if this can be done simply using the destination MAC.

    In a very simple situation it is possible, YES. But the network is not that simple now. Accept this notion of VLAN began with the broadcast domain. And at the beginning of each unicast is unknown unicast to switch that is sent on all ports to get to the destination - then it's first use of the VLAN - limit the scope of unknown unicast.

    Once that known and learned switch destination MAC on his CAM it can transfer packets by dest MAC and no limit to reach necessary because we have unique destination port. But imagine switch is reloaded or CAM table age expired time-out and all MAC removed - now your unicast is unknown still - if you do not use of VLAN at this time here you will flood all ports with it until your learn the destination MAC in CAM. So it's not like--we have VLAN only for broadcast - we need for the unicast to the field of application of the limit of the outbound ports when dest MAC is unknown. And once configured this VLAN we cannot say - tag only these unicast packets and not tag other - we tag all - that's the concept.

    Another thing to support VLAN for unicast - imagine this package came to its final output port. You have this connected IP phone and PC port. Those of design in the field of different mailing - in different VLANS. PC VLAN is untagged, and voice VLAN is tagged as IP phone can understand this encapsulation. If you package was voice and you have lost your tag VLAN already - he will send you to the PC not identified even if you have the right destination MAC of the IP phone and it will be dropped on PC because of incorrect Mac

    Third situation is when the output port is connected to the server hostying multiple virtual machines. Those who can share the same physical MAC but server can support dot1q tagging and put them in different VLANS. Once again if you have lost your code of VLANS through switches you will not be able to achieve the correct server.

    So the questions of VLAN is not just about how to pass from one switch to another - is the notion of transfer from one side to the other packages L2. Package from one VLAN must always stay there if that's the L2 and the output of the last switch to VLAN correct (labeled or not identified based on the connected device).

    VLAN concept goes further L3 routing as explained above in my and Alans messages.

    I hope this helps.

    Nik

  • Problems of configuration of IPTV, WRT1900ACS.

    Hello. I have big problems getting my IPTV to work with my WRT1900ACS. I'm failry certain that it has something to do with something in the router configuration, but what and where is the question. VLAN? Port forwarding? If I go with my cable ISP directly on the uses of the socket of the TV, it works, but as soon as I go through my router, it doesn't. Everything else works, and after reading about this a little bit on the net, it seems almost obvious that I have to click or configure something in my Smart Wifi of Linksys. I'm a lot of people thought have had these problems and in the hope that they were able to solve them.

    Someone has good directions on where to start? I'll also call support for IPTV, but since signals will be mainly done in the router, my guess is that they will not be able to solve. I'm really grateful for any help I can get. I had so many technical problems the last few months, I don't even start taking place with them here...

    I live and the Sweden and the IPTV provider's Viasat. The box is a Samsung.

    Kind regards

    Thomas

    We are pleased to know that you were able to make it work. If you need our help once again, you know where to find us. Have a good!

Maybe you are looking for