+ Post New Thread
Results 1 to 11 of 11
Wired Networks Thread, I don't think I understand VLANs in Technical; I have read "you cannot configure two vlans with the same IP address range". Why not? I thought the whole ...
  1. #1

    Join Date
    Feb 2013
    Posts
    119
    Thank Post
    46
    Thanked 8 Times in 7 Posts
    Rep Power
    5

    I don't think I understand VLANs

    I have read "you cannot configure two vlans with the same IP address range".

    Why not? I thought the whole idea of vlans was to effectively implement two networks on one switch, by the addition of tags containing a vlan id?

    So why can't I have red 192.168.0.0/24 on vlan 10 and blue 192.168.0.0/24 on vlan 20?

    I know there's a good reason, but I can't figure it out at the moment.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,344
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Would it be because a device could route between vlans and thus that would fail?

    Ben

  3. Thanks to plexer from:

    catch21 (29th March 2013)

  4. #3

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    14
    as @plexer says technically you could configure two vlans with the same ip range as long as you aren't trying to route between them, but more you should ask the question why would you? if you did have two completely seperate network segments it would better to have different ip ranges so it was obvious which one you were on, although it could have its uses in testing or lab environments.

  5. Thanks to ConradJones from:

    catch21 (29th March 2013)

  6. #4
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    326
    Thank Post
    5
    Thanked 33 Times in 28 Posts
    Rep Power
    23
    You can do that as long as you do not configure the IP on the switch, a switch is a layer 2 device and doesn’t care about IP’s (layer 3).
    The ip you configure on a switch is used for management purposes, not what IP range the connected machines have. You can configure the red and blue machines with the same address and they will not be able to communicate with each other, but in this case they will each need their own router.
    A single router would not be able to have overlapping IP addresses.
    In theory you may be able to set the IP address with a /32 so the router thinks they are different networks, and each vlan would have to use a different gateway. I think it would still cause routing problems though.
    If this a just what if scenarios for your knowledge by all means play around and try the /32 and perhaps something with sub interfaces. If this is production use separate addresses and use an ACL on the router if you don’t want them to communicate.

    In my school I use vlans to segment and identify the network, not to use the same address. I have separate vlans for wireless, voip, data, security etc. I have multiple data vlans for a couple reasons, 1 to breakup broadcast domains, and 2 for troubleshooting and identification. Each data closet is on its own data vlan. This allows me to know at a glance what part of the building that IP is coming from.

  7. Thanks to ADMaster from:

    catch21 (29th March 2013)

  8. #5

    Join Date
    Feb 2013
    Posts
    119
    Thank Post
    46
    Thanked 8 Times in 7 Posts
    Rep Power
    5
    Thanks. It's the point of convergence of the networks that causes the conflicts then. I hadn't quite got to that part - clearly!

    This isn't exactly hypothetical. I'm a facilities manager with a background in the field but my knowledge is somewhat out-of-date. I've just installed a new wifi network and just coming back up to speed. Next is to upgrade the switch core.

    For some reason I haven't been able to figure out, we are told what IP address range to have on the private side of our network by our broadband/service provider. They also provide firewall and filtering so our delightful children do not download anything that might shock the teachers and I'm guessing this might have something to do with the restriction.

    Up to now we have been issued with a /24 address i.e. 256 hosts and I considered this may not be enough (!) with the explosion of mobile devices that is just hitting us out here in the sticks. (We're not really at the cutting edge of technology here.)

    Our new address range is /22 i.e. 1024 hosts, or 1022 if you exclude the reserved ones. With nearly 500 children and 40 permanent FT or PT members of staff I guess this'll do us for a few more months.

    With the new vlan-aware capabilities of the ethernet switches I am planning, I'm trying to figure out how (even if) to partition the network. The new wifi is ruckus ZD1100 and 7636 APs incidentally.

    I guess where I am at is that if I am partitioning the local network into vlans I will be splitting the host id part of the IP address, but then all hosts would have to share the same DHCP server etc, so I don't see how it will all fit together?
    Last edited by catch21; 29th March 2013 at 05:28 PM.

  9. #6
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    326
    Thank Post
    5
    Thanked 33 Times in 28 Posts
    Rep Power
    23
    Your isp only allowing you 1024 addresses doesn’t leave you much room to segment the network. In my case we are told what private IP’s to use as well, but that is from our ITC and we have networking between other schools in the consortium, they also do firewall and filtering for us. However I have a full class B to work with.
    I could easily put the ip rage they assign me on the router and use anything I wanted internally, I just wouldn’t get all the benefits such as filtering by IP range etc.

    You should be able to tell the ISP what you want to use internally, however if it is a LEA/ITC that might be a different story.

    If there is no advanced filtering by IP or different filters for staff and students, I’d NAT what they give me and use my own IP ranges.

    For the DHCP issue on the router under the vlan interface you set the IP helper address to the IP of your DHCP server. Then you setup the different scopes on your DHCP server. It took me a while to wrap my head around that one too.

  10. Thanks to ADMaster from:

    catch21 (29th March 2013)

  11. #7

    Join Date
    Mar 2012
    Location
    Shrewsbury
    Posts
    23
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    5
    You are out of your depth. If you want good honest advice, get some external consultancy. Your network is the very foundation upon which all services are delivered. It is just not worth getting it wrong.

    Sit with the consultant and design what you want your network to do now and planned growth for the next 3 years. Learn from the consultant and in your own time go and study for your CCENT.

    You will not regret it.
    Last edited by geezersoft; 29th March 2013 at 11:32 PM.

  12. #8

    Join Date
    Feb 2013
    Posts
    119
    Thank Post
    46
    Thanked 8 Times in 7 Posts
    Rep Power
    5
    I'm sure you're right, but I'm quite a strong swimmer

  13. #9

    Join Date
    Mar 2012
    Location
    Shrewsbury
    Posts
    23
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    5
    A vlan can be considered a broadcast domain. So reasons for using more than one vlan are fundamenally the same as why you would use more than one subnet on your network.

    PS: the RNLI has to rescue hundreds of strong swimmers each year.

  14. #10

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    You need to take control of your internet router so that your not limited by the ISP.

    Rob

  15. #11
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    Would Subnet Zero not work here, you could use the same IP but put both IP's on a different subnet.... That would work.... Wouldn't it ?

SHARE:
+ Post New Thread

Similar Threads

  1. [Video] Animated GIF: I Don't Think The Umbrella Was Much Use Here!
    By DaveP in forum Jokes/Interweb Things
    Replies: 2
    Last Post: 13th March 2010, 08:43 AM
  2. [Website] Don't think I'll try one of these:
    By tech_guy in forum Jokes/Interweb Things
    Replies: 2
    Last Post: 10th June 2009, 11:29 AM
  3. Is SIMS free from the LA? I don't think so
    By nomad in forum MIS Systems
    Replies: 4
    Last Post: 26th February 2008, 12:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •