>Good points. I should certainly clarify that I don't advocate bridging
>between VLANs unless it makes sense to do so which is usually a corner
>case. I also fully support properly scoping broadcast domains and using a
>one vlan to one subnet methodology for cleanliness. I love simple
>networks. I just wanted to hammer on the distinction a little bit.
>Hopefully the tooth fairy got laid off during the "tech slowdown" and we
>can go back to basic bridging and routing.
>
>Pete
Indirectly, you bring out some of the bad habits that Cisco
certification engenders. Tony Li (principal BGP architect at Cisco,
Juniper, and Procket, and coauthor of the standard) certainly helped
me mature as a routing designer when he pointed out that one of the
signs he used to recognize a clueful design is the significant extent
that APPROPRIATE static routes were present. Yet the lab forbids
static routes under most circumstances.
Like you, Pete, I like to keep configurations understandable. Yet
ACRC (and presumably its successors) used to emphasize weird OSPF
network statements that could match the most interfaces with the
least network statements. I find this very error-prone, as I do
people that try to minimize the number of lines in an access list
unless they have a demonstrated performance problem.
Returning to the VLAN issue, there's often insufficient attention
paid to the alternative of VLAN-aware NICs versus routers versus
servers with multiple interfaces. But, with any of the non-routing
solutions -- be sure you can figure out a way to ping from your
management station.
>
>
>*********** REPLY SEPARATOR ***********
>
>On 7/26/2001 at 9:58 AM Howard C. Berkowitz wrote:
>
>>>Ok, one more round of nit picky comments and I'll quit :)
>>>
>>>> >
>>>>> > Do I need a router between my VLANs?
>>>>
>>>>If you want the VLANs to communicate with each other. Are these trick
>>>>questions? ;-) I realize there are cases where you don't want them to
>>>>communicate. I guess that is what you are getting at.
>>>>
>>>
>>>If you want VLANs to share the same broadcast domain, you bridge them.
>>
>>Which can be dangerous from a scaling standpoint, unless all the
>>bridged parts are under common administration. One of the reasons to
>>have reasonable size broadcast domains is to limit broadcast loads on
>>hosts; it is NOT a bandwidth problem. It is a broadcast problem
>>whether the network is IP, IPX, NetBEUI, etc.
>>
>>I find a lot of optical people getting confused and recommending
>>layer 2 VPNs because they think that interconnecting (i.e., bridging)
>>will magically work because they use full OC-192 lambdas between
>>them. That has nothing to do with the core problem.
>>
>>>Telling people they need a router between them makes people think that
>>>VLANs have some magical layer three capabilities which leads to the
>>>above question. Do people ever ask if you need a router between your
>>>layer 2 broadcast domains? No. Because it used to be obvious. If you
>>>want to route, you need a router. VLANs and the similarly misunderstood
>>>Layer 3 switch haven't changed that caveat.
>>>
>>>>> > Do I need an IP address on my VLANs?
>>>>
>>>>Some sort of network-layer addressing is required for end stations to
>>>>communicate using typical applications. There are some cases where
>>>>network-layer addressing is not used, of course, but that sort of
>>>>communication is being phased out.
>>>
>>>Again, if you want to route layer three protocols, you use a router. In
>>>multiprotocol networks, such as those tested on the CCIE exam, it is
>>>often necessary to support a mix of protocols, some of which need to be
>>>routed across broadcast domains while others are bridged. Understanding
>>>this is much easier when you don't believe in the tooth fairy.
>>
>>Ah, but if you have the tooth fairy as the administrator of an "L3
>>switch..."
>>Mind you, I consider L3 switches and tooth fairies about the same.
>>If it makes L3 decisions, it's a router. It may be a router with
>>hardware distributed forwarding, or it may be a router with a single
> >processor for control and forwarding. It's still a router.
>>
>>>
>>>>
>>>>> > Can I route between VLAN 1 and VLAN 2 with just a switch?
>>>>
>>>>No, not a Layer 2 switch.
>>>
>>>Bad question :) You can certainly bridge two VLANs, essentially
>>>creating one. I should have said connect vs route. The point is to
>>>illustrate the difference between layer two broadcast domains and
>>>routing, thus reinforcing the point that if you want to route, you use a
>>>router. There are no exceptions to this rule.
>>
>>And the question often is, "what problem are you trying to solve by
>>routing between VLANs?" There certainly are reasons, in a campus
>>environment, to bridge between VLANs with a L2 switch, such as the
>>VLAN users in one or more buildings and the servers for that VLAN in
>>a separate central computer room.
>>
>>>
>>>>> > Can I have multiple subnets on the same VLAN?
>>>
>>>>Yes, but they won't communicate without a router. A station trying to
>>>>communicate with a station in a different subnet ARPs for its default
> >>>gateway. Sure there are exceptions with strangely behaving IP stacks
>>>and
>>>>errors with subnet mask configurations, etc., but let's consider the
>>>>typical case.
>>>
>>>This is my point. To route, you need a router. VLANs haven't changed
>>>this whatsoever.
>>>
>>>I simply find that too many people misunderstand the VLAN concept
>>>simply because vendor marketing has confused the issue and numerous
>>>pieces of literature make the layer 3 to VLAN binding without properly
>>>developing the difference.
>>>
>>>Nit picky I know, but its a pet peeve.
>>>
>>>Pete
>>
> >I personally regard VLANs, first and foremost, as a means of
> >multiplexing a LAN.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13894&t=13465
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
