This post is more than 5 years old
27 Posts
0
153527
Creating VLANs and assigning subnets question
What's the difference between these two CLI commands?
Command group 1:
console# configure
console(config)# vlan database
console(config-vlan)# vlan association subnet 192.168.10.0 255.255.255.0 10
VS
Command group 2:
console# configure
console(config)# interface vlan 10
console(config-if-vlan2)# ip address 192.168.10.1 255.255.255.0
console(config-if-vlan2)# routing
console(config-if-vlan2)# exit
console(config)# ip routing
Thanks
DELL-Willy M
802 Posts
0
April 4th, 2012 12:00
From what I can tell it is a broad stroke tool that associates packets with subnet source as the vlan. Here is a couple articles that I gathered on the subject. The User Guide and CLI Guide for the 62xx switch does not elaborate on the vlan association subnet command.
www.simulationexams.com/.../types-of-vlans.htm
itknowledgeexchange.techtarget.com/.../bind-ip-subnet-to-vlan-in-dell-l3-switch
<ADMIN NOTE: Broken link has been removed from this post by Dell>
How are you putting 2 IPs on the same workstation? Does it have a dual port nic? If so then you would have 2 cables going to different ports on the switch correct?
DELL-Willy M
802 Posts
1
April 3rd, 2012 15:00
Command group 1:
Sets up vlan 10 and associates it with subnet 192.168.10.0
Command group 2:
Now that vlan 10 is set up. Enters vlan 10 interface and assigns a specific address to the interface and enables routing for the vlan and the switch globally
Hope this helps,
pie8ter
27 Posts
0
April 3rd, 2012 17:00
Can I just not associate any subnet or assign an interface IP number/mask to the VLAN interface? In this case, I am assuming the VLAN will just server as a layer2 boundary and any device can communicate only within the VLAN.
If I want the traffic to flow between VLANs or VLAN to other networks, I need to first associate the VLAN with a subnet and then assign an IP number/mask to the VLAN interface.
Am I right in my assumptions so far?
Does this line "vlan association subnet 192.168.10.0 255.255.255.0 10" means I can NOT put a PC with the IP number 10.0.0.100 in VLAN 10?
Can I just assign an IP address to the VLAN interface and enable routing globally and don't bother with the vlan association subnet command?
Thanks for your answer.
DELL-Willy M
802 Posts
1
April 3rd, 2012 19:00
Let’s start with:
1. You do not have to use any vlans at all. (you will probably need an address on vlan 1 or whatever vlan you have for management access) Other than that it is not required to use vlans.
2. Vlans are a Layer 2 segregation method that can be routed within or across multiple switches. Usually all behind a single router.
3. Typically the vlan association command is not needed when setting up vlans. You can just use the Command group 2 example you provided after you have created the vlan with these commands:
Console# configure
Console(config)# vlan database
Console(config-vlan)# vlan 10
Console(config-vlan)# vlan xx
And yes if you have a vlan with an IP of 192.168.10.0 255.255.255.0 set then you would not be able to put a PC with IP 10.0.0.100 in the same vlan. They would not communicate since they are different network addresses.
pie8ter
27 Posts
0
April 4th, 2012 07:00
I appreciate your answers. We already have other VLANs besides the default VLAN1 on the switch for VMs, workstations, and so on.
I am still not sure about the effect of the "vlan association subnet 192.168.10.0 255.255.255.0 33" command and why would someone use it. I know this much that it associates the subnet 192.168.10.0/24 with the VLAN 33. But what does that mean to the switch and the ports in VLAN 10? Does the switch lock all the ports in VLAN 33 only to 192.168.10.0/24 traffic?
Let's say there are two PCs with two IP numbers each in VLAN1 (6248 with factory default settings):
PC1 NIC: 192.168.1.1/24 and 10.1.1.1/24
PC2 NIC: 192.168.1.2/24 and 10.1.1.2/24
I should be able to ping PC2 from PC1 with either IP numbers as the ARP table on the PC would map both IPs to PC2's single MAC address.
Now let's say PC1 and PC2 are in VLAN33 (1/g20 - 1/g30). I am now issuing the "vlan association subnet 192.168.1.0 255.255.255.0 33" command. Does this mean the switch locked ports 1/g20-1/g30 for only 192.168.1.0/24 traffic and I can no longer ping the 10.0.0.2 from PC1 anymore? Is that the only function of the vlan association command?
I understand the only reason for assigning an IP address to a VLAN interface is for the layer 3 routing.
I apologize for the long-winded example. Your answer is greatly appreciated.
Thanks
pie8ter
27 Posts
2
April 4th, 2012 14:00
Thank you!!
Now things starting to become clear.
After I create a VLAN:
console(config)#vlan database
console(config-vlan)#vlan 2
console(config-vlan)#exit
I now have number of ways to configure the membership for the VLAN2:
console(config-vlan)#vlan association mac 00:ff:f2:a3:88:86 2
--This means whenever the switch sees this MAC address on any port, that port becomes a member of VLAN 2.
Again it doesn't matter to which port a device connects to on the switch. As long as the the NIC has an IP number from the 192.168.1.0/24 subnet, it automatically becomes a member of the VLAN
console(config-if-1/g18)#switchport general allowed vlan add 2
I have both vlan association and port assignment on my switch. That may explain why if I reboot the switch, it takes a while to converge and for packets to flow.
Again thanks for your help.