why is routing needed with VLANs

[Bob Vance]

OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why is routing needed with VLANs

[fartcatcher]

Thank you for the information. I am stuggling with the use/purpose of VLANs 
and you've answered some questions for me.

In article <[EMAIL PROTECTED]>, 
[EMAIL PROTECTED] (John Neiberger) wrote:
>A VLAN is, by definition, a separate subnet.  If you decided to separate a
>single LAN into two VLANs, you'll have to change your addressing scheme. 
>Once you've done that, you have to route to get from one subnet to the
>other.  I don't even like the term "VLAN".  The very term seems to cause a
>lot of conceptual problems.   
>
>For example, let's say you have one LAN and you decide to create a new VLAN
>for a total of two VLANs.  This is absolutely no different than having two
>normal LANs on different ports on a router: you have two separate IP subnets
>and you must route to get from one to the other.  The only difference is
>that you can use trunking to pass data for both subnets down the same wire,
>and you can then let a switch split that traffic up and send it to thcorrect
>ports. 
>
>Imagine the router with two separate ethernet interfaces, each in its own
>subnet, and these are connected to two separate switches.  There is no
>topological difference between that scenario and a router doing ISL or
>802.1q trunking to a switch that is configured for two VLANs.  The
>requirements for connectivity are the same:  you must have a router to get
>from one subnet to the other.  Even though they are physically on the same
>switch, topologically speaking they are on different networks. 
>
>I hope this makes sense.  I had three people stop by my cube to talk and I
>had three phone calls while trying to write this.  :-) 
>
>Regards,
>John 
>
>>  OK.
>>  I must be brain dead, today.
>> (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>>  and, yes, I know, "What's so special about 'today' "?
>> )
>>  As far I can understand it so far, about the only benefit that I see
>>  from VLANs is reducing the size of broadcast domains.
>>  
>>  Suppose that I have a switch in the closet with one big flat address
>>  space (well, it couldn't be that big with only one switch, now, could
>>  it ?>).  Then someone says,
>>"You know, we're getting a lot of blah-blah broadcast traffic.
>> Let's VLAN.
>>"
>>  OK, fine.  We VLAN and put whatever services in each VLAN that are
>>  required to handle the broadcasts (e.g., DHCP service).  So, now the
>>  switch doesn't send broadcasts outside a particular VLAN.
>>  
>>  But, what's so magic about a VLAN that the switch also decides not to
>>  send unicasts outside a VLAN.   Before the VLANs, the switch maintained
>>  a MAC table and knew which port to go out to get to any unicast address
>>  in the entire space.  So, why can't it continue to do that after we
>>  arbitrarily implement some constraint on broadcast addresses?
>>  It seems to me that the same, exact MAC table, with an additional VLAN
>>  field would not require that restriction.  If it's a broadcast, send the
>>  packet only out ports with a VLAN-id that matches the source port's
>>  VLAN-id.  If it's a unicast, handle it just like we used to.
>>  
>>  
>>  Similarly, even if we have 5 switches, I just don't see the requirement
>>  that we (as switch-code designers) must block unicasts and resort to a
>>  routing requirement.
>>  
>>  Even with 500 switches ... well, let's not get ridiculous :)
>>  
>>  
>>  I feel that there is a simple point that I've overlooked, so I will
>>  continue to RTFM while I await your responses.>)
>>  
>>  
>>  -
>>  Tks??? ??? | 
>>  BV???  | 
>>  Sr. Technical?Consultant,? SBM, A Gates/Arrow Co.
>>  Vox 770-623-3430???11455 Lakefield Dr.
>>  Fax 770-623-3429?? Duluth, GA 30097-1511
>>  =
>>  
>>  
>>  
>>  
>>  _
>>  FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>>  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>
>
>___
>Send a cool gift with your E-Card
>http://www.bluemountain.com/giftcenter/
>
>
>_
>FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Patrick Kirk]

If I understand your question correctlyhere's a response

A router operates at Layer 3 while all the switching you are discussing =
is
happening at Layer 2.  In order for a switch to forward packets to any =
VLAN
it would have to also re-write the packet so that he destination =
workstation
or server can answer properly and know where to send it's response.  =
This is
essentially what happens in MLS or Layer 3 switching.  The switch can
forward packets based on the Vlan Id tag all it wants but the packet =
has to
makes sense to the endpoint in order for a complete conversation to =
take
place.

Am I close??


-Original Message-
From: Bob Vance [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 8:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send =
the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks=A0=A0=A0 =A0=A0=A0 | <mailto:[EMAIL PROTECTED]>
BV=A0=A0=A0 =A0=A0=A0=A0 | <mailto:[EMAIL PROTECTED]>
Sr. Technical=A0Consultant,=A0 SBM, A Gates/Arrow Co.
Vox 770-623-3430=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A011455 Lakefield Dr.
Fax 770-623-3429=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Duluth, GA 30097-1511
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Curtis Call]

Keep in mind that seperate VLANs will be seperate subnets.  Which means 
that by default a host will encapsulate any IP packet destined for a 
different VLAN within an ethernet packet with a destination MAC address of 
the default gateway.  So a layer 2 switch will never get the chance to try 
and "switch" between VLANs since everytime a host needs to get to a 
different VLAN (subnet) it will just send a packet to the router which is 
on the same VLAN in order for it to be routed.




>-Original Message-
>From: Bob Vance [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, January 16, 2001 8:35 AM
>To: CISCO_GroupStudy List (E-mail)
>Subject: why is routing needed with VLANs
>
>
>OK.
>I must be brain dead, today.
>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
> and, yes, I know, "What's so special about 'today' "?
>)
>As far I can understand it so far, about the only benefit that I see
>from VLANs is reducing the size of broadcast domains.
>
>Suppose that I have a switch in the closet with one big flat address
>space (well, it couldn't be that big with only one switch, now, could
>it ?>).  Then someone says,
>   "You know, we're getting a lot of blah-blah broadcast traffic.
>Let's VLAN.
>   "
>OK, fine.  We VLAN and put whatever services in each VLAN that are
>required to handle the broadcasts (e.g., DHCP service).  So, now the
>switch doesn't send broadcasts outside a particular VLAN.
>
>But, what's so magic about a VLAN that the switch also decides not to
>send unicasts outside a VLAN.   Before the VLANs, the switch maintained
>a MAC table and knew which port to go out to get to any unicast address
>in the entire space.  So, why can't it continue to do that after we
>arbitrarily implement some constraint on broadcast addresses?
>It seems to me that the same, exact MAC table, with an additional VLAN
>field would not require that restriction.  If it's a broadcast, send =
>the
>packet only out ports with a VLAN-id that matches the source port's
>VLAN-id.  If it's a unicast, handle it just like we used to.
>
>
>Similarly, even if we have 5 switches, I just don't see the requirement
>that we (as switch-code designers) must block unicasts and resort to a
>routing requirement.
>
>Even with 500 switches ... well, let's not get ridiculous :)
>
>
>I feel that there is a simple point that I've overlooked, so I will
>continue to RTFM while I await your responses.>)
>
>
>-
>Tks=A0=A0=A0 =A0=A0=A0 | <mailto:[EMAIL PROTECTED]>
>BV=A0=A0=A0 =A0=A0=A0=A0 | <mailto:[EMAIL PROTECTED]>
>Sr. Technical=A0Consultant,=A0 SBM, A Gates/Arrow Co.
>Vox 770-623-3430=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A011455 Lakefield Dr.
>Fax 770-623-3429=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Duluth, GA 30097-1511
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>=3D
>
>
>
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why is routing needed with VLANs

[John Neiberger]

A VLAN is, by definition, a separate subnet.  If you decided to separate a
single LAN into two VLANs, you'll have to change your addressing scheme. 
Once you've done that, you have to route to get from one subnet to the
other.  I don't even like the term "VLAN".  The very term seems to cause a
lot of conceptual problems.  

For example, let's say you have one LAN and you decide to create a new VLAN
for a total of two VLANs.  This is absolutely no different than having two
normal LANs on different ports on a router: you have two separate IP subnets
and you must route to get from one to the other.  The only difference is
that you can use trunking to pass data for both subnets down the same wire,
and you can then let a switch split that traffic up and send it to the
correct ports.

Imagine the router with two separate ethernet interfaces, each in its own
subnet, and these are connected to two separate switches.  There is no
topological difference between that scenario and a router doing ISL or
802.1q trunking to a switch that is configured for two VLANs.  The
requirements for connectivity are the same:  you must have a router to get
from one subnet to the other.  Even though they are physically on the same
switch, topologically speaking they are on different networks.

I hope this makes sense.  I had three people stop by my cube to talk and I
had three phone calls while trying to write this.  :-)

Regards,
John

>  OK.
>  I must be brain dead, today.
> (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>  and, yes, I know, "What's so special about 'today' "?
> )
>  As far I can understand it so far, about the only benefit that I see
>  from VLANs is reducing the size of broadcast domains.
>  
>  Suppose that I have a switch in the closet with one big flat address
>  space (well, it couldn't be that big with only one switch, now, could
>  it ?>).  Then someone says,
>"You know, we're getting a lot of blah-blah broadcast traffic.
> Let's VLAN.
>"
>  OK, fine.  We VLAN and put whatever services in each VLAN that are
>  required to handle the broadcasts (e.g., DHCP service).  So, now the
>  switch doesn't send broadcasts outside a particular VLAN.
>  
>  But, what's so magic about a VLAN that the switch also decides not to
>  send unicasts outside a VLAN.   Before the VLANs, the switch maintained
>  a MAC table and knew which port to go out to get to any unicast address
>  in the entire space.  So, why can't it continue to do that after we
>  arbitrarily implement some constraint on broadcast addresses?
>  It seems to me that the same, exact MAC table, with an additional VLAN
>  field would not require that restriction.  If it's a broadcast, send the
>  packet only out ports with a VLAN-id that matches the source port's
>  VLAN-id.  If it's a unicast, handle it just like we used to.
>  
>  
>  Similarly, even if we have 5 switches, I just don't see the requirement
>  that we (as switch-code designers) must block unicasts and resort to a
>  routing requirement.
>  
>  Even with 500 switches ... well, let's not get ridiculous :)
>  
>  
>  I feel that there is a simple point that I've overlooked, so I will
>  continue to RTFM while I await your responses.>)
>  
>  
>  -
>  Tks??? ??? | 
>  BV???  | 
>  Sr. Technical?Consultant,? SBM, A Gates/Arrow Co.
>  Vox 770-623-3430???11455 Lakefield Dr.
>  Fax 770-623-3429?? Duluth, GA 30097-1511
>  =
>  
>  
>  
>  
>  _
>  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Ole Drews Jensen]

Hmm, I think I know what the question is, however I don't really have an
answer right now if I'm right.

Picture two different scenarios:

<<1>>

Workstation A, B and C are connected to a switch that IS NOT running VLAN,
hence they are in the same broadcast domain. The IP addresses are as
follows:

A   : 10.0.0.10 / 8
B   : 10.0.0.11 / 8
C   : 192.168.29.14 / 24

If A wants to send to C, it broadcasts an ARP request for 192.168.29.14
which the switch forwards to C, and C replies back with it's MAC address,
and A can now send to C.

This is however (I believe) a bad configuration.

<<2>>

Workstation A, B and C are connected to a switch that IS running VLAN, and
with the same IP addresses as in example 1, A and B are in VLAN 11 and C is
in VLAN 12 - hence they are in two different broadcast domains.

If A wants to send to C, it broadcasts an ARP request for 192.168.29.14, but
the switch does not forward it since C is on a different broadcast domain.

A now has to send the data to it's Default Gateway.


I think that the question is : If you take example 2, why doesn't the switch
just reply to station A's ARP request with C's MAC address, so A can send
directly to C anyway.

Have a fun brain storm,

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
 http://www.oledrews.com/ccnp

 NEED A JOB ???
 http://www.oledrews.com/job




-Original Message-
From: Curtis Call [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: why is routing needed with VLANs


Keep in mind that seperate VLANs will be seperate subnets.  Which means 
that by default a host will encapsulate any IP packet destined for a 
different VLAN within an ethernet packet with a destination MAC address of 
the default gateway.  So a layer 2 switch will never get the chance to try 
and "switch" between VLANs since everytime a host needs to get to a 
different VLAN (subnet) it will just send a packet to the router which is 
on the same VLAN in order for it to be routed.




>-Original Message-
>From: Bob Vance [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, January 16, 2001 8:35 AM
>To: CISCO_GroupStudy List (E-mail)
>Subject: why is routing needed with VLANs
>
>
>OK.
>I must be brain dead, today.
>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
> and, yes, I know, "What's so special about 'today' "?
>)
>As far I can understand it so far, about the only benefit that I see
>from VLANs is reducing the size of broadcast domains.
>
>Suppose that I have a switch in the closet with one big flat address
>space (well, it couldn't be that big with only one switch, now, could
>it ?>).  Then someone says,
>   "You know, we're getting a lot of blah-blah broadcast traffic.
>Let's VLAN.
>   "
>OK, fine.  We VLAN and put whatever services in each VLAN that are
>required to handle the broadcasts (e.g., DHCP service).  So, now the
>switch doesn't send broadcasts outside a particular VLAN.
>
>But, what's so magic about a VLAN that the switch also decides not to
>send unicasts outside a VLAN.   Before the VLANs, the switch maintained
>a MAC table and knew which port to go out to get to any unicast address
>in the entire space.  So, why can't it continue to do that after we
>arbitrarily implement some constraint on broadcast addresses?
>It seems to me that the same, exact MAC table, with an additional VLAN
>field would not require that restriction.  If it's a broadcast, send =
>the
>packet only out ports with a VLAN-id that matches the source port's
>VLAN-id.  If it's a unicast, handle it just like we used to.
>
>
>Similarly, even if we have 5 switches, I just don't see the requirement
>that we (as switch-code designers) must block unicasts and resort to a
>routing requirement.
>
>Even with 500 switches ... well, let's not get ridiculous :)
>
>
>I feel that there is a simple point that I've overlooked, so I will
>continue to RTFM while I await your responses.>)
>
>
>-
>Tks=A0=A0=A0 =A0=A0=A0 | <mailto:[EMAIL PROTECTED]>
>BV=A0=A0=A0 =A0=A0=A0=A0 | <mailto:[EMAIL PROTECTED]>
>Sr. Technical=A0Consultant,=A0 SBM, A Gates/Arrow Co.
>Vox 770-623-3430=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A011455 Lakefield Dr.
>Fax 770-623-3429=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Duluth, GA 30097-1511
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3

RE: why is routing needed with VLANs

[Bob Vance]

Thanks.

>A VLAN is, by definition, a separate subnet.

Well, not by any definition that I've yet read :)

But, I was essentially asking *why* it has to be a different subnet.
That is not discussed anywhere that I've read.
But, anyway, as I posted, I think that the answer is ARP.
If ARP broadcast is not forwarded then we'll not be able to find the MAC
address of a destination IP outside our own VLAN (at least not without
Proxy ARP -- and we've just introduced a router, again !!!


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 12:48 PM
To: Bob Vance; [EMAIL PROTECTED]
Subject: Re: why is routing needed with VLANs


A VLAN is, by definition, a separate subnet.  If you decided to separate
a
single LAN into two VLANs, you'll have to change your addressing scheme.
Once you've done that, you have to route to get from one subnet to the
other.  I don't even like the term "VLAN".  The very term seems to cause
a
lot of conceptual problems.

For example, let's say you have one LAN and you decide to create a new
VLAN
for a total of two VLANs.  This is absolutely no different than having
two
normal LANs on different ports on a router: you have two separate IP
subnets
and you must route to get from one to the other.  The only difference is
that you can use trunking to pass data for both subnets down the same
wire,
and you can then let a switch split that traffic up and send it to the
correct ports.

Imagine the router with two separate ethernet interfaces, each in its
own
subnet, and these are connected to two separate switches.  There is no
topological difference between that scenario and a router doing ISL or
802.1q trunking to a switch that is configured for two VLANs.  The
requirements for connectivity are the same:  you must have a router to
get
from one subnet to the other.  Even though they are physically on the
same
switch, topologically speaking they are on different networks.

I hope this makes sense.  I had three people stop by my cube to talk and
I
had three phone calls while trying to write this.  :-)

Regards,
John

>  OK.
>  I must be brain dead, today.
> (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>  and, yes, I know, "What's so special about 'today' "?
> )
>  As far I can understand it so far, about the only benefit that I see
>  from VLANs is reducing the size of broadcast domains.
>
>  Suppose that I have a switch in the closet with one big flat address
>  space (well, it couldn't be that big with only one switch, now, could
>  it ?>).  Then someone says,
>"You know, we're getting a lot of blah-blah broadcast traffic.
> Let's VLAN.
>"
>  OK, fine.  We VLAN and put whatever services in each VLAN that are
>  required to handle the broadcasts (e.g., DHCP service).  So, now the
>  switch doesn't send broadcasts outside a particular VLAN.
>
>  But, what's so magic about a VLAN that the switch also decides not to
>  send unicasts outside a VLAN.   Before the VLANs, the switch
maintained
>  a MAC table and knew which port to go out to get to any unicast
address
>  in the entire space.  So, why can't it continue to do that after we
>  arbitrarily implement some constraint on broadcast addresses?
>  It seems to me that the same, exact MAC table, with an additional
VLAN
>  field would not require that restriction.  If it's a broadcast, send
the
>  packet only out ports with a VLAN-id that matches the source port's
>  VLAN-id.  If it's a unicast, handle it just like we used to.
>
>
>  Similarly, even if we have 5 switches, I just don't see the
requirement
>  that we (as switch-code designers) must block unicasts and resort to
a
>  routing requirement.
>
>  Even with 500 switches ... well, let's not get ridiculous :)
>
>
>  I feel that there is a simple point that I've overlooked, so I will
>  continue to RTFM while I await your responses.>)
>
>
>  -
>  Tks??? ??? | <mailto:[EMAIL PROTECTED]>
>  BV???  | <mailto:[EMAIL PROTECTED]>
>  Sr. Technical?Consultant,? SBM, A Gates/Arrow Co.
>  Vox 770-623-3430???11455 Lakefield Dr.
>  Fax 770-623-3429?? Duluth, GA 30097-1511
>  =
>
>
>
>
>  _
>  FAQ, list arch

Re: why is routing needed with VLANs

[John Neiberger]

A VLAN is, by definition, a separate subnet.  If you decided to separate a
single LAN into two VLANs, you'll have to change your addressing scheme. 
Once you've done that, you have to route to get from one subnet to the
other.  I don't even like the term "VLAN".  The very term seems to cause a
lot of conceptual problems.   

For example, let's say you have one LAN and you decide to create a new VLAN
for a total of two VLANs.  This is absolutely no different than having two
normal LANs on different ports on a router: you have two separate IP subnets
and you must route to get from one to the other.  The only difference is
that you can use trunking to pass data for both subnets down the same wire,
and you can then let a switch split that traffic up and send it to thcorrect
ports. 

Imagine the router with two separate ethernet interfaces, each in its own
subnet, and these are connected to two separate switches.  There is no
topological difference between that scenario and a router doing ISL or
802.1q trunking to a switch that is configured for two VLANs.  The
requirements for connectivity are the same:  you must have a router to get
from one subnet to the other.  Even though they are physically on the same
switch, topologically speaking they are on different networks. 

I hope this makes sense.  I had three people stop by my cube to talk and I
had three phone calls while trying to write this.  :-) 

Regards,
John 

>  OK.
>  I must be brain dead, today.
> (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>  and, yes, I know, "What's so special about 'today' "?
> )
>  As far I can understand it so far, about the only benefit that I see
>  from VLANs is reducing the size of broadcast domains.
>  
>  Suppose that I have a switch in the closet with one big flat address
>  space (well, it couldn't be that big with only one switch, now, could
>  it ?>).  Then someone says,
>"You know, we're getting a lot of blah-blah broadcast traffic.
> Let's VLAN.
>"
>  OK, fine.  We VLAN and put whatever services in each VLAN that are
>  required to handle the broadcasts (e.g., DHCP service).  So, now the
>  switch doesn't send broadcasts outside a particular VLAN.
>  
>  But, what's so magic about a VLAN that the switch also decides not to
>  send unicasts outside a VLAN.   Before the VLANs, the switch maintained
>  a MAC table and knew which port to go out to get to any unicast address
>  in the entire space.  So, why can't it continue to do that after we
>  arbitrarily implement some constraint on broadcast addresses?
>  It seems to me that the same, exact MAC table, with an additional VLAN
>  field would not require that restriction.  If it's a broadcast, send the
>  packet only out ports with a VLAN-id that matches the source port's
>  VLAN-id.  If it's a unicast, handle it just like we used to.
>  
>  
>  Similarly, even if we have 5 switches, I just don't see the requirement
>  that we (as switch-code designers) must block unicasts and resort to a
>  routing requirement.
>  
>  Even with 500 switches ... well, let's not get ridiculous :)
>  
>  
>  I feel that there is a simple point that I've overlooked, so I will
>  continue to RTFM while I await your responses.>)
>  
>  
>  -
>  Tks??? ??? | 
>  BV???  | 
>  Sr. Technical?Consultant,? SBM, A Gates/Arrow Co.
>  Vox 770-623-3430???11455 Lakefield Dr.
>  Fax 770-623-3429?? Duluth, GA 30097-1511
>  =
>  
>  
>  
>  
>  _
>  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Ole Drews Jensen]

This kind of brings up a question from my side.

Picture a branch office connected to the Internet with a router setup for
PAT. Let's say that the scope of IP addresses assigned to the office by
their ISP is 214.100.200.64 / 29, which gives them 214.100.200.65 thru
214.100.200.71 to play around with. 

Workstations on the LAN has addresses on a private 192.168.20.0 network.

Let's say that 214.100.200.68 is the IP address that they every workstation
on the LAN will be translated to when going out through the router.

However, that office has a printer that must be available to external
workstations/servers, so I would like to take assign it 214.100.200.70.

Now, with all devices at that office connecting to a cheap hub, wouldn't
this work okay, or would the best thing be to statically NAT 214.100.200.70
to a dedicated address on the 192.168.20.0 network which then is assigned
the printer?

This is probably an easy question for some of you guys, but I just haven't
played around with it before.

Thanks,

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
 http://www.oledrews.com/ccnp

 NEED A JOB ???
 http://www.oledrews.com/job




-Original Message-
From: Bob Vance [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 11:58 AM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs


Thanks.

>A VLAN is, by definition, a separate subnet.

Well, not by any definition that I've yet read :)

But, I was essentially asking *why* it has to be a different subnet.
That is not discussed anywhere that I've read.
But, anyway, as I posted, I think that the answer is ARP.
If ARP broadcast is not forwarded then we'll not be able to find the MAC
address of a destination IP outside our own VLAN (at least not without
Proxy ARP -- and we've just introduced a router, again !!!


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 12:48 PM
To: Bob Vance; [EMAIL PROTECTED]
Subject: Re: why is routing needed with VLANs


A VLAN is, by definition, a separate subnet.  If you decided to separate
a
single LAN into two VLANs, you'll have to change your addressing scheme.
Once you've done that, you have to route to get from one subnet to the
other.  I don't even like the term "VLAN".  The very term seems to cause
a
lot of conceptual problems.

For example, let's say you have one LAN and you decide to create a new
VLAN
for a total of two VLANs.  This is absolutely no different than having
two
normal LANs on different ports on a router: you have two separate IP
subnets
and you must route to get from one to the other.  The only difference is
that you can use trunking to pass data for both subnets down the same
wire,
and you can then let a switch split that traffic up and send it to the
correct ports.

Imagine the router with two separate ethernet interfaces, each in its
own
subnet, and these are connected to two separate switches.  There is no
topological difference between that scenario and a router doing ISL or
802.1q trunking to a switch that is configured for two VLANs.  The
requirements for connectivity are the same:  you must have a router to
get
from one subnet to the other.  Even though they are physically on the
same
switch, topologically speaking they are on different networks.

I hope this makes sense.  I had three people stop by my cube to talk and
I
had three phone calls while trying to write this.  :-)

Regards,
John

>  OK.
>  I must be brain dead, today.
> (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>  and, yes, I know, "What's so special about 'today' "?
> )
>  As far I can understand it so far, about the only benefit that I see
>  from VLANs is reducing the size of broadcast domains.
>
>  Suppose that I have a switch in the closet with one big flat address
>  space (well, it couldn't be that big with only one switch, now, could
>  it ?>).  Then someone says,
>"You know, we're getting a lot of blah-blah broadcast traffic.
> Let's VLAN.
>"
>  OK, fine.  We VLAN and put whatever services in each VLAN that are
>  required to handle the broadcasts (e.g., DHCP service).  So, now the
>  switch doesn't send broadcasts outside a particular VLAN.
>
>  But, what's so magic about a VLAN that the switch als

RE: why is routing needed with VLANs

[John Neiberger]

You're right, machines on one "vlan" would not be able to reach hosts on the
other side.  Another problem would be connectivity to the router.  If you
had a switch split up into two "vlans" that used the same ip subnet, you
would have to have two links connected to a router to allow them access to
the rest of the network, so you're going to need two different interfaces on
a router.  But since you can't have two different interfaces in the same
subnet, you're up a creek without a paddle.  Of course, you could enable
bridging, but then you've completely negated the purpose of the exercise.

With true VLANs, you would have to renumber the hosts, but then you could
have a single trunk connection to a router with one subnet per VLAN
subinterface.

-John

>  Thanks.
>  
>  >A VLAN is, by definition, a separate subnet.
>  
>  Well, not by any definition that I've yet read :)
>  
>  But, I was essentially asking *why* it has to be a different subnet.
>  That is not discussed anywhere that I've read.
>  But, anyway, as I posted, I think that the answer is ARP.
>  If ARP broadcast is not forwarded then we'll not be able to find the MAC
>  address of a destination IP outside our own VLAN (at least not without
>  Proxy ARP -- and we've just introduced a router, again !!!
>  
>  
>  -
>  Tks??? ??? | <mailto:[EMAIL PROTECTED]>
>  BV???  | <mailto:[EMAIL PROTECTED]>
>  Sr. Technical?Consultant,? SBM, A Gates/Arrow Co.
>  Vox 770-623-3430???11455 Lakefield Dr.
>  Fax 770-623-3429?? Duluth, GA 30097-1511
>  =
>  
>  
>  
>  
>  
>  -Original Message-
>  From: John Neiberger [mailto:[EMAIL PROTECTED]]
>  Sent: Tuesday, January 16, 2001 12:48 PM
>  To: Bob Vance; [EMAIL PROTECTED]
>  Subject: Re: why is routing needed with VLANs
>  
>  
>  A VLAN is, by definition, a separate subnet.  If you decided to separate
>  a
>  single LAN into two VLANs, you'll have to change your addressing scheme.
>  Once you've done that, you have to route to get from one subnet to the
>  other.  I don't even like the term "VLAN".  The very term seems to cause
>  a
>  lot of conceptual problems.
>  
>  For example, let's say you have one LAN and you decide to create a new
>  VLAN
>  for a total of two VLANs.  This is absolutely no different than having
>  two
>  normal LANs on different ports on a router: you have two separate IP
>  subnets
>  and you must route to get from one to the other.  The only difference is
>  that you can use trunking to pass data for both subnets down the same
>  wire,
>  and you can then let a switch split that traffic up and send it to the
>  correct ports.
>  
>  Imagine the router with two separate ethernet interfaces, each in its
>  own
>  subnet, and these are connected to two separate switches.  There is no
>  topological difference between that scenario and a router doing ISL or
>  802.1q trunking to a switch that is configured for two VLANs.  The
>  requirements for connectivity are the same:  you must have a router to
>  get
>  from one subnet to the other.  Even though they are physically on the
>  same
>  switch, topologically speaking they are on different networks.
>  
>  I hope this makes sense.  I had three people stop by my cube to talk and
>  I
>  had three phone calls while trying to write this.  :-)
>  
>  Regards,
>  John
>  
>  >  OK.
>  >  I must be brain dead, today.
>  > (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>  >  and, yes, I know, "What's so special about 'today' "?
>  > )
>  >  As far I can understand it so far, about the only benefit that I see
>  >  from VLANs is reducing the size of broadcast domains.
>  >
>  >  Suppose that I have a switch in the closet with one big flat address
>  >  space (well, it couldn't be that big with only one switch, now, could
>  >  it ?>).  Then someone says,
>  >"You know, we're getting a lot of blah-blah broadcast traffic.
>  > Let's VLAN.
>  >"
>  >  OK, fine.  We VLAN and put whatever services in each VLAN that are
>  >  required to handle the broadcasts (e.g., DHCP service).  So, now the
>  >  switch doesn't send broadcasts outside a particular VLAN.
>  >
>  >  But, what's so magic about a VLAN that the switch also decides not to
>  >  send unicasts outside a VLAN.   Before the VLANs, the switch
>  maintained
>  >  a MAC table and knew which port to go out to get to any unica

RE: why is routing needed with VLANs

[Brian Hartsfield]

At 12:28 PM 1/16/2001 -0600, Ole Drews Jensen wrote:

>Now, with all devices at that office connecting to a cheap hub, wouldn't
>this work okay, or would the best thing be to statically NAT 214.100.200.70
>to a dedicated address on the 192.168.20.0 network which then is assigned
>the printer?

You would want to use a static NAT because can't put a device from the 
214.100.200.* network on the 192.168.20.* network.   If a machine on the 
local LAN tries to get to that printer, it will determine that the machine 
is not on its local network and send the packet to its default gateway 
(i.e. the router).  The router will then route the packet to the external 
network and nobody will respond to it.  A static NAT will solve this 
problem and machine on the local LAN will use the "inside" IP address for 
the printer and users on the internet will use the "external" IP address of 
the printer and both will work.

Brian

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: why is routing needed with VLANs

[J Roysdon]

Yes, this should work fine.  I'd configure a tight ACL on that thing so you
don't walk in and find a ream of paper wasted.  You can configure the ACL to
limit who can print to it, say the main office and all the other remote
sites, etc., but just not that internet at large.  Not to mention you don't
want some script kiddie going into your JetDirect (if it's HP) and setting a
password and tweaking with settings.

--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


"Ole Drews Jensen" <[EMAIL PROTECTED]> wrote in message
2019FB428FD3D311893700508B71EBFB4D3FF9@RWR_MAIL_SVR">news:2019FB428FD3D311893700508B71EBFB4D3FF9@RWR_MAIL_SVR...
> This kind of brings up a question from my side.
>
> Picture a branch office connected to the Internet with a router setup for
> PAT. Let's say that the scope of IP addresses assigned to the office by
> their ISP is 214.100.200.64 / 29, which gives them 214.100.200.65 thru
> 214.100.200.71 to play around with.
>
> Workstations on the LAN has addresses on a private 192.168.20.0 network.
>
> Let's say that 214.100.200.68 is the IP address that they every
workstation
> on the LAN will be translated to when going out through the router.
>
> However, that office has a printer that must be available to external
> workstations/servers, so I would like to take assign it 214.100.200.70.
>
> Now, with all devices at that office connecting to a cheap hub, wouldn't
> this work okay, or would the best thing be to statically NAT
214.100.200.70
> to a dedicated address on the 192.168.20.0 network which then is assigned
> the printer?
>
> This is probably an easy question for some of you guys, but I just haven't
> played around with it before.
>
> Thanks,
>
> Ole
>
> 
>  Ole Drews Jensen
>  Systems Network Manager
>  CCNA, MCSE, MCP+I
>  RWR Enterprises, Inc.
>  [EMAIL PROTECTED]
>  http://www.oledrews.com/ccnp
> 
>  NEED A JOB ???
>  http://www.oledrews.com/job
> ~~~~
>
>
>
> -----Original Message-
> From: Bob Vance [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 16, 2001 11:58 AM
> To: CISCO_GroupStudy List (E-mail)
> Subject: RE: why is routing needed with VLANs
>
>
> Thanks.
>
> >A VLAN is, by definition, a separate subnet.
>
> Well, not by any definition that I've yet read :)
>
> But, I was essentially asking *why* it has to be a different subnet.
> That is not discussed anywhere that I've read.
> But, anyway, as I posted, I think that the answer is ARP.
> If ARP broadcast is not forwarded then we'll not be able to find the MAC
> address of a destination IP outside our own VLAN (at least not without
> Proxy ARP -- and we've just introduced a router, again !!!
>
>
> -
> Tks | <mailto:[EMAIL PROTECTED]>
> BV | <mailto:[EMAIL PROTECTED]>
> Sr. Technical Consultant, SBM, A Gates/Arrow Co.
> Vox 770-623-3430 11455 Lakefield Dr.
> Fax 770-623-3429 Duluth, GA 30097-1511
> =
>
>
>
>
>
> -Original Message-
> From: John Neiberger [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 16, 2001 12:48 PM
> To: Bob Vance; [EMAIL PROTECTED]
> Subject: Re: why is routing needed with VLANs
>
>
> A VLAN is, by definition, a separate subnet.  If you decided to separate
> a
> single LAN into two VLANs, you'll have to change your addressing scheme.
> Once you've done that, you have to route to get from one subnet to the
> other.  I don't even like the term "VLAN".  The very term seems to cause
> a
> lot of conceptual problems.
>
> For example, let's say you have one LAN and you decide to create a new
> VLAN
> for a total of two VLANs.  This is absolutely no different than having
> two
> normal LANs on different ports on a router: you have two separate IP
> subnets
> and you must route to get from one to the other.  The only difference is
> that you can use trunking to pass data for both subnets down the same
> wire,
> and you can then let a switch split that traffic up and send it to the
> correct ports.
>
> Imagine the router with two separate ethernet interfaces, each in its
> own
> subnet, and these are connected to two separate switches.  There is no
> topological difference between that scenario and a router doing ISL or
> 802.1q trunking to a switch that is configured for two VLANs.  The
> requirements for connectivity are the same:  you must hav

Re: why is routing needed with VLANs

[J Roysdon]

Inside users would use the inside IP for the printer.

--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


"Brian Hartsfield" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 12:28 PM 1/16/2001 -0600, Ole Drews Jensen wrote:
>
> >Now, with all devices at that office connecting to a cheap hub, wouldn't
> >this work okay, or would the best thing be to statically NAT
214.100.200.70
> >to a dedicated address on the 192.168.20.0 network which then is assigned
> >the printer?
>
> You would want to use a static NAT because can't put a device from the
> 214.100.200.* network on the 192.168.20.* network.   If a machine on the
> local LAN tries to get to that printer, it will determine that the machine
> is not on its local network and send the packet to its default gateway
> (i.e. the router).  The router will then route the packet to the external
> network and nobody will respond to it.  A static NAT will solve this
> problem and machine on the local LAN will use the "inside" IP address for
> the printer and users on the internet will use the "external" IP address
of
> the printer and both will work.
>
> Brian
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Curtis Call]

Comments Inline

At 11:43 AM 1/16/01 -0600, you wrote:
>Hmm, I think I know what the question is, however I don't really have an
>answer right now if I'm right.
>
>Picture two different scenarios:
>
><<1>>
>
>Workstation A, B and C are connected to a switch that IS NOT running VLAN,
>hence they are in the same broadcast domain. The IP addresses are as
>follows:
>
> A   : 10.0.0.10 / 8
> B   : 10.0.0.11 / 8
> C   : 192.168.29.14 / 24
>
>If A wants to send to C, it broadcasts an ARP request for 192.168.29.14
>which the switch forwards to C, and C replies back with it's MAC address,
>and A can now send to C.
>
>This is however (I believe) a bad configuration.
>

Actually this won't happen.  Host A has no idea it is on a common broadcast 
domain with Host C.  It will just look at the address and see that it is on 
a different network and because of this it will forward the packet to the 
default gateway.  The only way it would issue an ARP request is if it was 
on the same IP network as Host A.  This is default IP behavior.

><<2>>
>
>Workstation A, B and C are connected to a switch that IS running VLAN, and
>with the same IP addresses as in example 1, A and B are in VLAN 11 and C is
>in VLAN 12 - hence they are in two different broadcast domains.
>
>If A wants to send to C, it broadcasts an ARP request for 192.168.29.14, but
>the switch does not forward it since C is on a different broadcast domain.
>
>A now has to send the data to it's Default Gateway.
>
>
>I think that the question is : If you take example 2, why doesn't the switch
>just reply to station A's ARP request with C's MAC address, so A can send
>directly to C anyway.

Once again it is because Host A will never broadcast an ARP request.  Hosts 
only broadcast ARP requests when it is on the same network.  The exception 
to this would be if you did not configure Host A with a default gateway in 
which case I believe it would just throw out an ARP request, but I don't 
think this would be the best practice.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Ole Drews Jensen]

Yes I know Curtis, I don't know where I was in my mind yesterday, but too
much studying must have messed up my brain temporarily   8^O

Thanks,

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
 http://www.oledrews.com/ccnp

 NEED A JOB ???
 http://www.oledrews.com/job


-Original Message-
From: Curtis Call [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 9:25 PM
To: Ole Drews Jensen
Cc: [EMAIL PROTECTED]
Subject: RE: why is routing needed with VLANs


Comments Inline

At 11:43 AM 1/16/01 -0600, you wrote:
>Hmm, I think I know what the question is, however I don't really have an
>answer right now if I'm right.
>
>Picture two different scenarios:
>
><<1>>
>
>Workstation A, B and C are connected to a switch that IS NOT running VLAN,
>hence they are in the same broadcast domain. The IP addresses are as
>follows:
>
> A   : 10.0.0.10 / 8
> B   : 10.0.0.11 / 8
> C   : 192.168.29.14 / 24
>
>If A wants to send to C, it broadcasts an ARP request for 192.168.29.14
>which the switch forwards to C, and C replies back with it's MAC address,
>and A can now send to C.
>
>This is however (I believe) a bad configuration.
>

Actually this won't happen.  Host A has no idea it is on a common broadcast 
domain with Host C.  It will just look at the address and see that it is on 
a different network and because of this it will forward the packet to the 
default gateway.  The only way it would issue an ARP request is if it was 
on the same IP network as Host A.  This is default IP behavior.

><<2>>
>
>Workstation A, B and C are connected to a switch that IS running VLAN, and
>with the same IP addresses as in example 1, A and B are in VLAN 11 and C is
>in VLAN 12 - hence they are in two different broadcast domains.
>
>If A wants to send to C, it broadcasts an ARP request for 192.168.29.14,
but
>the switch does not forward it since C is on a different broadcast domain.
>
>A now has to send the data to it's Default Gateway.
>
>
>I think that the question is : If you take example 2, why doesn't the
switch
>just reply to station A's ARP request with C's MAC address, so A can send
>directly to C anyway.

Once again it is because Host A will never broadcast an ARP request.  Hosts 
only broadcast ARP requests when it is on the same network.  The exception 
to this would be if you did not configure Host A with a default gateway in 
which case I believe it would just throw out an ARP request, but I don't 
think this would be the best practice.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Peter Van Oene]

Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 3 (please 
do not start with the "but what layer is arp again" :)  

Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of theoretical 
and practical discussions, the two concepts are totally unrelated and altogether 
unaware of each others presence.  An IP host will not detect a node is on another VLAN 
and hence send to the gateway, it will detect a node is on another subnet.  It doesn' 
t really care if the node is in the same broadcast domain or halfway around the world, 
if its not on the network, its sent via the gateway.  This is very strict behavior.  
Nodes on different IP subnets do not communicate directly in any case without the use 
of an intermediary, layer 3 device.  

VLANs as a concept are of trivial complexity.  VLAN membership, particularly dynamic 
membership along with protocols like 802.1q, ISL, PVST etc that leverage and support 
VLANs do offer some element of challenge and opportunity for best practise designs.  

I just felt that the line between VLANs (broadcast domains) and IP subnets was getting 
somewhat blurry when it really shouldn't be.



*** REPLY SEPARATOR  ***

On 1/16/2001 at 10:19 AM Curtis Call wrote:

>Keep in mind that seperate VLANs will be seperate subnets.  Which means 
>that by default a host will encapsulate any IP packet destined for a 
>different VLAN within an ethernet packet with a destination MAC address of 
>the default gateway.  So a layer 2 switch will never get the chance to try 
>and "switch" between VLANs since everytime a host needs to get to a 
>different VLAN (subnet) it will just send a packet to the router which is 
>on the same VLAN in order for it to be routed.
>
>
>
>
>>-Original Message-
>>From: Bob Vance [mailto:[EMAIL PROTECTED]]
>>Sent: Tuesday, January 16, 2001 8:35 AM
>>To: CISCO_GroupStudy List (E-mail)
>>Subject: why is routing needed with VLANs
>>
>>
>>OK.
>>I must be brain dead, today.
>>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>> and, yes, I know, "What's so special about 'today' "?
>>)
>>As far I can understand it so far, about the only benefit that I see
>>from VLANs is reducing the size of broadcast domains.
>>
>>Suppose that I have a switch in the closet with one big flat address
>>space (well, it couldn't be that big with only one switch, now, could
>>it ?>).  Then someone says,
>>   "You know, we're getting a lot of blah-blah broadcast traffic.
>>Let's VLAN.
>>   "
>>OK, fine.  We VLAN and put whatever services in each VLAN that are
>>required to handle the broadcasts (e.g., DHCP service).  So, now the
>>switch doesn't send broadcasts outside a particular VLAN.
>>
>>But, what's so magic about a VLAN that the switch also decides not to
>>send unicasts outside a VLAN.   Before the VLANs, the switch maintained
>>a MAC table and knew which port to go out to get to any unicast address
>>in the entire space.  So, why can't it continue to do that after we
>>arbitrarily implement some constraint on broadcast addresses?
>>It seems to me that the same, exact MAC table, with an additional VLAN
>>field would not require that restriction.  If it's a broadcast, send =
>>the
>>packet only out ports with a VLAN-id that matches the source port's
>>VLAN-id.  If it's a unicast, handle it just like we used to.
>>
>>
>>Similarly, even if we have 5 switches, I just don't see the requirement
>>that we (as switch-code designers) must block unicasts and resort to a
>>routing requirement.
>>
>>Even with 500 switches ... well, let's not get ridiculous :)
>>
>>
>>I feel that there is a simple point that I've overlooked, so I will
>>continue to RTFM while I await your responses.>)
>>
>>
>>-
>>Tks=A0=A0=A0 =A0=A0=A0 | <mailto:[EMAIL PROTECTED]>
>>BV=A0=A0=A0 =A0=A0=A0=A0 | <mailto:[EMAIL PROTECTED]>
>>Sr. Technical=A0Consultant,=A0 SBM, A Gates/Arrow Co.
>>Vox 770-623-3430=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A011455 Lakefield Dr.
>>Fax 770-623-3429=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Duluth, GA 30097-1511
>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>>=3D
>>
>>
>>
>>
>>_
>>FAQ, list archives, and subscription info:
>>http://www.groupstudy.com/list/cisco.html
>>

RE: why is routing needed with VLANs

[Bob Vance]

And, I suppose (more idle speculation, Bob??) ...

If you had two sets of devices and no need for communication between
those sets, you could theoretically create 2 VLANs with addresses all
within the same subnet (ignoring any possible restrictions in a
particular piece of switch code).

Even then, you *would* be able even to talk TCP/IP between those VLANs,
if unicasts were forwarded by the switch outside the VLAN (and you were
willing to create manual, permanent ARP entries where needed) --
but, they're not.  BTW, is this a CISCO-specific implementation
or are there VLAN RFCs that prescribe necessary behavior.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Peter Van Oene
Sent: Wednesday, January 17, 2001 12:26 PM
To: [EMAIL PROTECTED]
Subject: RE: why is routing needed with VLANs


Just for clarity, VLAN's are a layer 2 concept and IP is of course a
layer 3 (please do not start with the "but what layer is arp again" :)

Despite subnets and VLAN's generally happening on a 1:1 basis in a lot
of theoretical and practical discussions, the two concepts are totally
unrelated and altogether unaware of each others presence.  An IP host
will not detect a node is on another VLAN and hence send to the gateway,
it will detect a node is on another subnet.  It doesn' t really care if
the node is in the same broadcast domain or halfway around the world, if
its not on the network, its sent via the gateway.  This is very strict
behavior.  Nodes on different IP subnets do not communicate directly in
any case without the use of an intermediary, layer 3 device.

VLANs as a concept are of trivial complexity.  VLAN membership,
particularly dynamic membership along with protocols like 802.1q, ISL,
PVST etc that leverage and support VLANs do offer some element of
challenge and opportunity for best practise designs.

I just felt that the line between VLANs (broadcast domains) and IP
subnets was getting somewhat blurry when it really shouldn't be.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Peter Van Oene]

In my experience, there exist some bridge table variations from vendor to vendor that 
might impact on your unicast forwarding idea.  I'm not positive what Cisco does and 
maybe someone can comment, but I have seen many implementations that build separate 
MAC - Interface tables per VLAN, thus fully isolation traffic from one VLAN to the 
other(s).  

In theory, VLAN technology should involve complete separation of traffic from VLAN to 
VLAN and not simply isolation of all 1's broadcasts.  I expect this is exactly the 
case in most vendors implementations but never really tried to verify it.  Keep in 
mind that again, VLAN technology was not solely designed for IP networks.  

To you point below, the 802.1d compliant switch is a layer 2 device and does not 
decode layer 3 headers and thus it doesn't matter what addresses (be they IP or 
otherwise) you assign to whatever devices you chose to attach to it.  As far as 
documentation goes, I haven't seen much outside of 802.1q document ion which exists I 
believe as a subset of a revised 802.1d spec out of the IEEE.  The basic functionality 
to me isn't reflective of something one would need a document for, given RFC's and 
such are designed to enable multi vendor inter operability among other things. 

-pete
 

*** REPLY SEPARATOR  ***

On 1/17/2001 at 1:33 PM Bob Vance wrote:

>And, I suppose (more idle speculation, Bob??) ...
>
>If you had two sets of devices and no need for communication between
>those sets, you could theoretically create 2 VLANs with addresses all
>within the same subnet (ignoring any possible restrictions in a
>particular piece of switch code).
>
>Even then, you *would* be able even to talk TCP/IP between those VLANs,
>if unicasts were forwarded by the switch outside the VLAN (and you were
>willing to create manual, permanent ARP entries where needed) --
>but, they're not.  BTW, is this a CISCO-specific implementation
>or are there VLAN RFCs that prescribe necessary behavior.
>
>
>-
>Tks        | <mailto:[EMAIL PROTECTED]>
>BV     | <mailto:[EMAIL PROTECTED]>
>Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
>Vox 770-623-3430   11455 Lakefield Dr.
>Fax 770-623-3429   Duluth, GA 30097-1511
>=
>
>
>
>
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Peter Van Oene
>Sent: Wednesday, January 17, 2001 12:26 PM
>To: [EMAIL PROTECTED]
>Subject: RE: why is routing needed with VLANs
>
>
>Just for clarity, VLAN's are a layer 2 concept and IP is of course a
>layer 3 (please do not start with the "but what layer is arp again" :)
>
>Despite subnets and VLAN's generally happening on a 1:1 basis in a lot
>of theoretical and practical discussions, the two concepts are totally
>unrelated and altogether unaware of each others presence.  An IP host
>will not detect a node is on another VLAN and hence send to the gateway,
>it will detect a node is on another subnet.  It doesn' t really care if
>the node is in the same broadcast domain or halfway around the world, if
>its not on the network, its sent via the gateway.  This is very strict
>behavior.  Nodes on different IP subnets do not communicate directly in
>any case without the use of an intermediary, layer 3 device.
>
>VLANs as a concept are of trivial complexity.  VLAN membership,
>particularly dynamic membership along with protocols like 802.1q, ISL,
>PVST etc that leverage and support VLANs do offer some element of
>challenge and opportunity for best practise designs.
>
>I just felt that the line between VLANs (broadcast domains) and IP
>subnets was getting somewhat blurry when it really shouldn't be.
>
>
>_
>FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


---
Peter A. van Oene
Juniper Networks Inc.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Bob Vance]

Right.  It all depends on how the tables are managed and the particular
code implementing VLAN.  The ICND book specifically says unicasts are
*not* forwarded outside of the VLAN, so I conclude that my little
scenario obviously wouldn't work on a CISCO.

But, if the MAC tables *were* VLAN-commingled and forwarding outside
VLAN were permitted, it seems that it *could* work on a single switch.

E.g., if I, in VLAN2, send a packet with a destination MAC in VLAN3,
the switch *could* see which port the target MAC is on and forward it.
Now, if the target MAC weren't in the table at all, then it might
forward only out VLAN2 ports, so I couldn't initiate a conversation
until the switch actually learned which port this particular target is
on.  But if the switch *did* forward unknown-destination-MAC packets to
*all* unknown ports, even VLAN3, then 

Now, let's think about the above scenario with multiple switches and
trunking.

No.  Let's not ;>)



-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Peter Van Oene
Sent: Wednesday, January 17, 2001 3:59 PM
To: [EMAIL PROTECTED]
Subject: RE: why is routing needed with VLANs


In my experience, there exist some bridge table variations from vendor
to vendor that might impact on your unicast forwarding idea.  I'm not
positive what Cisco does and maybe someone can comment, but I have seen
many implementations that build separate MAC - Interface tables per
VLAN, thus fully isolation traffic from one VLAN to the other(s).

In theory, VLAN technology should involve complete separation of traffic
from VLAN to VLAN and not simply isolation of all 1's broadcasts.  I
expect this is exactly the case in most vendors implementations but
never really tried to verify it.  Keep in mind that again, VLAN
technology was not solely designed for IP networks.

To you point below, the 802.1d compliant switch is a layer 2 device and
does not decode layer 3 headers and thus it doesn't matter what
addresses (be they IP or otherwise) you assign to whatever devices you
chose to attach to it.  As far as documentation goes, I haven't seen
much outside of 802.1q document ion which exists I believe as a subset
of a revised 802.1d spec out of the IEEE.  The basic functionality to me
isn't reflective of something one would need a document for, given RFC's
and such are designed to enable multi vendor inter operability among
other things.

-pete


*** REPLY SEPARATOR  ***

On 1/17/2001 at 1:33 PM Bob Vance wrote:

>And, I suppose (more idle speculation, Bob??) ...
>
>If you had two sets of devices and no need for communication between
>those sets, you could theoretically create 2 VLANs with addresses all
>within the same subnet (ignoring any possible restrictions in a
>particular piece of switch code).
>
>Even then, you *would* be able even to talk TCP/IP between those VLANs,
>if unicasts were forwarded by the switch outside the VLAN (and you were
>willing to create manual, permanent ARP entries where needed) --
>but, they're not.  BTW, is this a CISCO-specific implementation
>or are there VLAN RFCs that prescribe necessary behavior.
>
>
>-
>Tks        | <mailto:[EMAIL PROTECTED]>
>BV     | <mailto:[EMAIL PROTECTED]>
>Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
>Vox 770-623-3430   11455 Lakefield Dr.
>Fax 770-623-3429   Duluth, GA 30097-1511
>=
>
>
>
>
>
>-Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Peter Van Oene
>Sent: Wednesday, January 17, 2001 12:26 PM
>To: [EMAIL PROTECTED]
>Subject: RE: why is routing needed with VLANs
>
>
>Just for clarity, VLAN's are a layer 2 concept and IP is of course a
>layer 3 (please do not start with the "but what layer is arp again" :)
>
>Despite subnets and VLAN's generally happening on a 1:1 basis in a lot
>of theoretical and practical discussions, the two concepts are totally
>unrelated and altogether unaware of each others presence.  An IP host
>will not detect a node is on another VLAN and hence send to the
gateway,
>it will detect a node is on another subnet.  It doesn' t really care if
>the node is in the same broadcast domain or halfway around the world,
if
>its not on the network, its sent via the gateway.  This is very strict
>behavior.  Nodes on different IP subnets

Re: why is routing needed with VLANs

[Ruben Arias]

VLANs can be defined by MAC address or IP address.
When MAC address is used, you have a layer 2 VLAN, when IP address is used you have a 
layer 3 VLAN and a router is needed.
Layer 2 VLANs mostly used for filtering (never done, I supose is a hard work to 
mantain)


Peter Van Oene wrote:

> Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 3 (please 
>do not start with the "but what layer is arp again" :)
>
> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of 
>theoretical and practical discussions, the two concepts are totally unrelated and 
>altogether unaware of each others presence.  An IP host will not detect a node is on 
>another VLAN and hence send to the gateway, it will detect a node is on another 
>subnet.  It doesn' t really care if the node is in the same broadcast domain or 
>halfway around the world, if its not on the network, its sent via the gateway.  This 
>is very strict behavior.  Nodes on different IP subnets do not communicate directly 
>in any case without the use of an intermediary, layer 3 device.
>
> VLANs as a concept are of trivial complexity.  VLAN membership, particularly dynamic 
>membership along with protocols like 802.1q, ISL, PVST etc that leverage and support 
>VLANs do offer some element of challenge and opportunity for best practise designs.
>
> I just felt that the line between VLANs (broadcast domains) and IP subnets was 
>getting somewhat blurry when it really shouldn't be.
>
> *** REPLY SEPARATOR  ***
>
> On 1/16/2001 at 10:19 AM Curtis Call wrote:
>
> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
> >that by default a host will encapsulate any IP packet destined for a
> >different VLAN within an ethernet packet with a destination MAC address of
> >the default gateway.  So a layer 2 switch will never get the chance to try
> >and "switch" between VLANs since everytime a host needs to get to a
> >different VLAN (subnet) it will just send a packet to the router which is
> >on the same VLAN in order for it to be routed.
> >
> >
> >
> >
> >>-Original Message-
> >>From: Bob Vance [mailto:[EMAIL PROTECTED]]
> >>Sent: Tuesday, January 16, 2001 8:35 AM
> >>To: CISCO_GroupStudy List (E-mail)
> >>Subject: why is routing needed with VLANs
> >>
> >>
> >>OK.
> >>I must be brain dead, today.
> >>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
> >> and, yes, I know, "What's so special about 'today' "?
> >>)
> >>As far I can understand it so far, about the only benefit that I see
> >>from VLANs is reducing the size of broadcast domains.
> >>
> >>Suppose that I have a switch in the closet with one big flat address
> >>space (well, it couldn't be that big with only one switch, now, could
> >>it ?>).  Then someone says,
> >>   "You know, we're getting a lot of blah-blah broadcast traffic.
> >>Let's VLAN.
> >>   "
> >>OK, fine.  We VLAN and put whatever services in each VLAN that are
> >>required to handle the broadcasts (e.g., DHCP service).  So, now the
> >>switch doesn't send broadcasts outside a particular VLAN.
> >>
> >>But, what's so magic about a VLAN that the switch also decides not to
> >>send unicasts outside a VLAN.   Before the VLANs, the switch maintained
> >>a MAC table and knew which port to go out to get to any unicast address
> >>in the entire space.  So, why can't it continue to do that after we
> >>arbitrarily implement some constraint on broadcast addresses?
> >>It seems to me that the same, exact MAC table, with an additional VLAN
> >>field would not require that restriction.  If it's a broadcast, send =
> >>the
> >>packet only out ports with a VLAN-id that matches the source port's
> >>VLAN-id.  If it's a unicast, handle it just like we used to.
> >>
> >>
> >>Similarly, even if we have 5 switches, I just don't see the requirement
> >>that we (as switch-code designers) must block unicasts and resort to a
> >>routing requirement.
> >>
> >>Even with 500 switches ... well, let's not get ridiculous :)
> >>
> >>
> >>I feel that there is a simple point that I've overlooked, so I will
> >>continue to RTFM while I await your responses.>)
> >>
> >>
> >>-
> >>Tks=A0=A0=A0 =A0=A0=A0 | 

Re: why is routing needed with VLANs

[Peter Van Oene]

To me, there is no concept of a layer three VLAN.  If you chose to route IP, you need 
a router, whether you have dynamic or statically configured broadcast scopes is fully 
irrelevant.  If you are talking about dynamic VLAN membership based on IP address (or 
protocol for that matter), then I will agree that some level of layer 3 and 
potentially above awareness is required to identify the address or protocol.  However, 
any such application that I have seen (mostly Xylan) performed this at the switch 
level. 

Given most networks are running DHCP, or moving in that direction, VLAN's that 
determined membership based on IP address would be a challenging thing to accomplish.  

*** REPLY SEPARATOR  ***

On 1/18/2001 at 9:21 AM Ruben Arias wrote:

>VLANs can be defined by MAC address or IP address.
>When MAC address is used, you have a layer 2 VLAN, when IP address is used you have a 
>layer 3 VLAN and a router is needed.
>Layer 2 VLANs mostly used for filtering (never done, I supose is a hard work to 
>mantain)
>
>
>Peter Van Oene wrote:
>
>> Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 3 
>(please do not start with the "but what layer is arp again" :)
>>
>> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of 
>theoretical and practical discussions, the two concepts are totally unrelated and 
>altogether unaware of each others presence.  An IP host will not detect a node is on 
>another VLAN and hence send to the gateway, it will detect a node is on another 
>subnet.  It doesn' t really care if the node is in the same broadcast domain or 
>halfway around the world, if its not on the network, its sent via the gateway.  This 
>is very strict behavior.  Nodes on different IP subnets do not communicate directly 
>in any case without the use of an intermediary, layer 3 device.
>>
>> VLANs as a concept are of trivial complexity.  VLAN membership, particularly 
>dynamic membership along with protocols like 802.1q, ISL, PVST etc that leverage and 
>support VLANs do offer some element of challenge and opportunity for best practise 
>designs.
>>
>> I just felt that the line between VLANs (broadcast domains) and IP subnets was 
>getting somewhat blurry when it really shouldn't be.
>>
>> *** REPLY SEPARATOR  ***
>>
>> On 1/16/2001 at 10:19 AM Curtis Call wrote:
>>
>> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
>> >that by default a host will encapsulate any IP packet destined for a
>> >different VLAN within an ethernet packet with a destination MAC address of
>> >the default gateway.  So a layer 2 switch will never get the chance to try
>> >and "switch" between VLANs since everytime a host needs to get to a
>> >different VLAN (subnet) it will just send a packet to the router which is
>> >on the same VLAN in order for it to be routed.
>> >
>> >
>> >
>> >
>> >>-Original Message-
>> >>From: Bob Vance [mailto:[EMAIL PROTECTED]]
>> >>Sent: Tuesday, January 16, 2001 8:35 AM
>> >>To: CISCO_GroupStudy List (E-mail)
>> >>Subject: why is routing needed with VLANs
>> >>
>> >>
>> >>OK.
>> >>I must be brain dead, today.
>> >>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>> >> and, yes, I know, "What's so special about 'today' "?
>> >>)
>> >>As far I can understand it so far, about the only benefit that I see
>> >>from VLANs is reducing the size of broadcast domains.
>> >>
>> >>Suppose that I have a switch in the closet with one big flat address
>> >>space (well, it couldn't be that big with only one switch, now, could
>> >>it ?>).  Then someone says,
>> >>   "You know, we're getting a lot of blah-blah broadcast traffic.
>> >>Let's VLAN.
>> >>   "
>> >>OK, fine.  We VLAN and put whatever services in each VLAN that are
>> >>required to handle the broadcasts (e.g., DHCP service).  So, now the
>> >>switch doesn't send broadcasts outside a particular VLAN.
>> >>
>> >>But, what's so magic about a VLAN that the switch also decides not to
>> >>send unicasts outside a VLAN.   Before the VLANs, the switch maintained
>> >>a MAC table and knew which port to go out to get to any unicast address
>> >>in the entire space.  So, why can't it continue to do that after we
>> >>arbitrarily implement so

Re: why is routing needed with VLANs

[Lowell Sharrah]

are we talking about the difference between collision domains and broadcast domains?

>>> "Peter Van Oene" <[EMAIL PROTECTED]> 01/18/01 09:07AM >>>
To me, there is no concept of a layer three VLAN.  If you chose to route IP, you need 
a router, whether you have dynamic or statically configured broadcast scopes is fully 
irrelevant.  If you are talking about dynamic VLAN membership based on IP address (or 
protocol for that matter), then I will agree that some level of layer 3 and 
potentially above awareness is required to identify the address or protocol.  However, 
any such application that I have seen (mostly Xylan) performed this at the switch 
level. 

Given most networks are running DHCP, or moving in that direction, VLAN's that 
determined membership based on IP address would be a challenging thing to accomplish.  

*** REPLY SEPARATOR  ***

On 1/18/2001 at 9:21 AM Ruben Arias wrote:

>VLANs can be defined by MAC address or IP address.
>When MAC address is used, you have a layer 2 VLAN, when IP address is used you have a 
>layer 3 VLAN and a router is needed.
>Layer 2 VLANs mostly used for filtering (never done, I supose is a hard work to 
>mantain)
>
>
>Peter Van Oene wrote:
>
>> Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 3 
>(please do not start with the "but what layer is arp again" :)
>>
>> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of 
>theoretical and practical discussions, the two concepts are totally unrelated and 
>altogether unaware of each others presence.  An IP host will not detect a node is on 
>another VLAN and hence send to the gateway, it will detect a node is on another 
>subnet.  It doesn' t really care if the node is in the same broadcast domain or 
>halfway around the world, if its not on the network, its sent via the gateway.  This 
>is very strict behavior.  Nodes on different IP subnets do not communicate directly 
>in any case without the use of an intermediary, layer 3 device.
>>
>> VLANs as a concept are of trivial complexity.  VLAN membership, particularly 
>dynamic membership along with protocols like 802.1q, ISL, PVST etc that leverage and 
>support VLANs do offer some element of challenge and opportunity for best practise 
>designs.
>>
>> I just felt that the line between VLANs (broadcast domains) and IP subnets was 
>getting somewhat blurry when it really shouldn't be.
>>
>> *** REPLY SEPARATOR  ***
>>
>> On 1/16/2001 at 10:19 AM Curtis Call wrote:
>>
>> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
>> >that by default a host will encapsulate any IP packet destined for a
>> >different VLAN within an ethernet packet with a destination MAC address of
>> >the default gateway.  So a layer 2 switch will never get the chance to try
>> >and "switch" between VLANs since everytime a host needs to get to a
>> >different VLAN (subnet) it will just send a packet to the router which is
>> >on the same VLAN in order for it to be routed.
>> >
>> >
>> >
>> >
>> >>-Original Message-
>> >>From: Bob Vance [mailto:[EMAIL PROTECTED]] 
>> >>Sent: Tuesday, January 16, 2001 8:35 AM
>> >>To: CISCO_GroupStudy List (E-mail)
>> >>Subject: why is routing needed with VLANs
>> >>
>> >>
>> >>OK.
>> >>I must be brain dead, today.
>> >>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>> >> and, yes, I know, "What's so special about 'today' "?
>> >>)
>> >>As far I can understand it so far, about the only benefit that I see
>> >>from VLANs is reducing the size of broadcast domains.
>> >>
>> >>Suppose that I have a switch in the closet with one big flat address
>> >>space (well, it couldn't be that big with only one switch, now, could
>> >>it ?>).  Then someone says,
>> >>   "You know, we're getting a lot of blah-blah broadcast traffic.
>> >>Let's VLAN.
>> >>   "
>> >>OK, fine.  We VLAN and put whatever services in each VLAN that are
>> >>required to handle the broadcasts (e.g., DHCP service).  So, now the
>> >>switch doesn't send broadcasts outside a particular VLAN.
>> >>
>> >>But, what's so magic about a VLAN that the switch also decides not to
>> >>send unicasts outside a VLAN.   Before the VLANs, the switch maintained
>> >>a MAC table and

Re: why is routing needed with VLANs

[Peter Van Oene]

Actually not.  Collision domains have a layer 1 scope (assuming CSMA/CD media), and 
broadcast domains a layer 2 scope.  

*** REPLY SEPARATOR  ***

On 1/18/2001 at 9:39 AM Lowell Sharrah wrote:

>are we talking about the difference between collision domains and broadcast domains?
>
>>>> "Peter Van Oene" <[EMAIL PROTECTED]> 01/18/01 09:07AM >>>
>To me, there is no concept of a layer three VLAN.  If you chose to route IP, you need 
>a router, whether you have dynamic or statically configured broadcast scopes is fully 
>irrelevant.  If you are talking about dynamic VLAN membership based on IP address (or 
>protocol for that matter), then I will agree that some level of layer 3 and 
>potentially above awareness is required to identify the address or protocol.  
>However, any such application that I have seen (mostly Xylan) performed this at the 
>switch level. 
>
>Given most networks are running DHCP, or moving in that direction, VLAN's that 
>determined membership based on IP address would be a challenging thing to accomplish. 
> 
>
>*** REPLY SEPARATOR  ***
>
>On 1/18/2001 at 9:21 AM Ruben Arias wrote:
>
>>VLANs can be defined by MAC address or IP address.
>>When MAC address is used, you have a layer 2 VLAN, when IP address is used you have 
>a layer 3 VLAN and a router is needed.
>>Layer 2 VLANs mostly used for filtering (never done, I supose is a hard work to 
>mantain)
>>
>>
>>Peter Van Oene wrote:
>>
>>> Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 3 
>(please do not start with the "but what layer is arp again" :)
>>>
>>> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of 
>theoretical and practical discussions, the two concepts are totally unrelated and 
>altogether unaware of each others presence.  An IP host will not detect a node is on 
>another VLAN and hence send to the gateway, it will detect a node is on another 
>subnet.  It doesn' t really care if the node is in the same broadcast domain or 
>halfway around the world, if its not on the network, its sent via the gateway.  This 
>is very strict behavior.  Nodes on different IP subnets do not communicate directly 
>in any case without the use of an intermediary, layer 3 device.
>>>
>>> VLANs as a concept are of trivial complexity.  VLAN membership, particularly 
>dynamic membership along with protocols like 802.1q, ISL, PVST etc that leverage and 
>support VLANs do offer some element of challenge and opportunity for best practise 
>designs.
>>>
>>> I just felt that the line between VLANs (broadcast domains) and IP subnets was 
>getting somewhat blurry when it really shouldn't be.
>>>
>>> *** REPLY SEPARATOR  ***
>>>
>>> On 1/16/2001 at 10:19 AM Curtis Call wrote:
>>>
>>> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
>>> >that by default a host will encapsulate any IP packet destined for a
>>> >different VLAN within an ethernet packet with a destination MAC address of
>>> >the default gateway.  So a layer 2 switch will never get the chance to try
>>> >and "switch" between VLANs since everytime a host needs to get to a
>>> >different VLAN (subnet) it will just send a packet to the router which is
>>> >on the same VLAN in order for it to be routed.
>>> >
>>> >
>>> >
>>> >
>>> >>-Original Message-
>>> >>From: Bob Vance [mailto:[EMAIL PROTECTED]] 
>>> >>Sent: Tuesday, January 16, 2001 8:35 AM
>>> >>To: CISCO_GroupStudy List (E-mail)
>>> >>Subject: why is routing needed with VLANs
>>> >>
>>> >>
>>> >>OK.
>>> >>I must be brain dead, today.
>>> >>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>>> >> and, yes, I know, "What's so special about 'today' "?
>>> >>)
>>> >>As far I can understand it so far, about the only benefit that I see
>>> >>from VLANs is reducing the size of broadcast domains.
>>> >>
>>> >>Suppose that I have a switch in the closet with one big flat address
>>> >>space (well, it couldn't be that big with only one switch, now, could
>>> >>it ?>).  Then someone says,
>>> >>   "You know, we're getting a lot of blah-blah broadcast traffic.
>>> >>Let's VLAN.
>>> >>   &q

RE: why is routing needed with VLANs

[Jennifer Cribbs]

Questions:

 So the only reason vlans are implemented then is for a "type of subnet" 
that controls broadcasts from a layer 2 standpoint and for no other reason 
other than that.  And the benefits would be  increased bandwidth for the 
network since it is a form of broadcast control??  Is that correct?

Routers (layer 3 switches) are only necessary when communication between 
vlans is necessary?

And if that is so, routers are unnecessary in this type of network, unless 
they are there only for the purpose of connecting different vlans in the 
same network.

I am reading the last sentence you wrote and it is confusing to me. 
 "VLAN's that determined membership based on IP address would be a 
challenging thing to accomplish."  In school, I did this..at least I think 
I did..if I understand you correctly.  When you say based on Ip address, do 
you mean they are implemented at router level based on the ip addresses and 
that is how membership is determined??  By way of router access lists?  And 
then routed to the correct ports of the switch?


Jennifer




-Original Message-
From:   Peter Van Oene [SMTP:[EMAIL PROTECTED]]
Sent:   Thursday, January 18, 2001 8:08 AM
To: Ruben Arias; [EMAIL PROTECTED]
Subject:    Re: why is routing needed with VLANs

To me, there is no concept of a layer three VLAN.  If you chose to route 
IP, you need a router, whether you have dynamic or statically configured 
broadcast scopes is fully irrelevant.  If you are talking about dynamic 
VLAN membership based on IP address (or protocol for that matter), then I 
will agree that some level of layer 3 and potentially above awareness is 
required to identify the address or protocol.  However, any such 
application that I have seen (mostly Xylan) performed this at the switch 
level.

Given most networks are running DHCP, or moving in that direction, VLAN's 
that determined membership based on IP address would be a challenging thing 
to accomplish.

*** REPLY SEPARATOR  ***

On 1/18/2001 at 9:21 AM Ruben Arias wrote:

>VLANs can be defined by MAC address or IP address.
>When MAC address is used, you have a layer 2 VLAN, when IP address is used 
you have a layer 3 VLAN and a router is needed.
>Layer 2 VLANs mostly used for filtering (never done, I supose is a hard 
work to mantain)
>
>
>Peter Van Oene wrote:
>
>> Just for clarity, VLAN's are a layer 2 concept and IP is of course a 
layer 3 (please do not start with the "but what layer is arp again" :)
>>
>> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot 
of theoretical and practical discussions, the two concepts are totally 
unrelated and altogether unaware of each others presence.  An IP host will 
not detect a node is on another VLAN and hence send to the gateway, it will 
detect a node is on another subnet.  It doesn' t really care if the node is 
in the same broadcast domain or halfway around the world, if its not on the 
network, its sent via the gateway.  This is very strict behavior.  Nodes on 
different IP subnets do not communicate directly in any case without the 
use of an intermediary, layer 3 device.
>>
>> VLANs as a concept are of trivial complexity.  VLAN membership, 
particularly dynamic membership along with protocols like 802.1q, ISL, PVST 
etc that leverage and support VLANs do offer some element of challenge and 
opportunity for best practise designs.
>>
>> I just felt that the line between VLANs (broadcast domains) and IP 
subnets was getting somewhat blurry when it really shouldn't be.
>>
>> *** REPLY SEPARATOR  ***
>>
>> On 1/16/2001 at 10:19 AM Curtis Call wrote:
>>
>> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
>> >that by default a host will encapsulate any IP packet destined for a
>> >different VLAN within an ethernet packet with a destination MAC address 
of
>> >the default gateway.  So a layer 2 switch will never get the chance to 
try
>> >and "switch" between VLANs since everytime a host needs to get to a
>> >different VLAN (subnet) it will just send a packet to the router which 
is
>> >on the same VLAN in order for it to be routed.
>> >
>> >
>> >
>> >
>> >>-Original Message-
>> >>From: Bob Vance [mailto:[EMAIL PROTECTED]]
>> >>Sent: Tuesday, January 16, 2001 8:35 AM
>> >>To: CISCO_GroupStudy List (E-mail)
>> >>Subject: why is routing needed with VLANs
>> >>
>> >>
>> >>OK.
>> >>I must be brain dead, today.
>> >>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>> >> and, yes, I know, "What's so special about 'to

Re: why is routing needed with VLANs

[Jennifer Cribbs]

First of all, if I send this twice, excuse me...I am trying out outlook 
express and I am not sure it is sending anything...but I have a couple of 
questions and comments.

Questions:

 So the only reason vlans are implemented then is for a "type of subnet" that 
controls broadcasts from a layer 2 standpoint and for no other reason other 
than that.  And the benefits would be  increased bandwidth for the network 
since it is a form of broadcast control??  Is that correct?

Routers (layer 3 switches) are only necessary when communication between vlans 
is necessary?

And if that is so, routers are unnecessary in this type of network, unless 
they are there only for the purpose of connecting different vlans in the same 
network.

I am reading the last sentence you wrote and it is confusing to me.  "VLAN's 
that determined membership based on IP address would be a challenging thing to 
accomplish."  In school, I did this..at least I think I did..if I understand 
you correctly.  When you say based on Ip address, do you mean they are 
implemented at router level based on the ip addresses and that is how 
membership is determined??  By way of router access lists?  And then routed to 
the correct ports of the switch?


Jennifer




-Original Message-
From:   Peter Van Oene [SMTP:[EMAIL PROTECTED]]
Sent:   Thursday, January 18, 2001 8:08 AM
To: Ruben Arias; [EMAIL PROTECTED]
Subject:
To me, there is no concept of a layer three VLAN.  If you chose to route IP, 
you need a router, whether you have dynamic or statically configured broadcast 
scopes is fully irrelevant.  If you are talking about dynamic VLAN membership 
based on IP address (or protocol for that matter), then I will agree that some 
level of layer 3 and potentially above awareness is required to identify the 
address or protocol.  However, any such application that I have seen (mostly 
Xylan) performed this at the switch level.

Given most networks are running DHCP, or moving in that direction, VLAN's that 
determined membership based on IP address would be a challenging thing to 
accomplish.

*** REPLY SEPARATOR  ***

On 1/18/2001 at 9:21 AM Ruben Arias wrote:

>VLANs can be defined by MAC address or IP address.
>When MAC address is used, you have a layer 2 VLAN, when IP address is used 
you have a layer 3 VLAN and a router is needed.
>Layer 2 VLANs mostly used for filtering (never done, I supose is a hard work 
to mantain)
>
>
>Peter Van Oene wrote:
>
>> Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 
3 (please do not start with the "but what layer is arp again" :)
>>
>> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of 
theoretical and practical discussions, the two concepts are totally unrelated 
and altogether unaware of each others presence.  An IP host will not detect a 
node is on another VLAN and hence send to the gateway, it will detect a node 
is on another subnet.  It doesn' t really care if the node is in the same 
broadcast domain or halfway around the world, if its not on the network, its 
sent via the gateway.  This is very strict behavior.  Nodes on different IP 
subnets do not communicate directly in any case without the use of an 
intermediary, layer 3 device.
>>
>> VLANs as a concept are of trivial complexity.  VLAN membership, 
particularly dynamic membership along with protocols like 802.1q, ISL, PVST 
etc that leverage and support VLANs do offer some element of challenge and 
opportunity for best practise designs.
>>
>> I just felt that the line between VLANs (broadcast domains) and IP subnets 
was getting somewhat blurry when it really shouldn't be.
>>
>> *** REPLY SEPARATOR  ***
>>
>> On 1/16/2001 at 10:19 AM Curtis Call wrote:
>>
>> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
>> >that by default a host will encapsulate any IP packet destined for a
>> >different VLAN within an ethernet packet with a destination MAC address of
>> >the default gateway.  So a layer 2 switch will never get the chance to try
>> >and "switch" between VLANs since everytime a host needs to get to a
>> >different VLAN (subnet) it will just send a packet to the router which is
>> >on the same VLAN in order for it to be routed.
>> >
>> >
>> >
>> >
>> >>-Original Message-
>> >>From: Bob Vance [mailto:[EMAIL PROTECTED]]
>> >>Sent: Tuesday, January 16, 2001 8:35 AM
>> >>To: CISCO_GroupStudy List (E-mail)
>> >>Subject: why is routing needed with VLANs
>> >>
>> >>
>> >>OK.
>> >>I must be brain dead, today.
>> >>(and, yes, Chuck, I *hav

Re: why is routing needed with VLANs

[Ruben Arias]

Sorry, I was trying to make a puzzle with the words, instead  I did a lot of noise in 
the line, looks like I have to improve my language!

Peter Van Oene wrote:

> To me, there is no concept of a layer three VLAN.  If you chose to route IP, you 
>need a router, whether you have dynamic or statically configured broadcast scopes is 
>fully irrelevant.  If you are talking about dynamic VLAN membership based on IP 
>address (or protocol for that matter), then I will agree that some level of layer 3 
>and potentially above awareness is required to identify the address or protocol.  
>However, any such application that I have seen (mostly Xylan) performed this at the 
>switch level.
>
> Given most networks are running DHCP, or moving in that direction, VLAN's that 
>determined membership based on IP address would be a challenging thing to accomplish.
>
> *** REPLY SEPARATOR  ***
>
> On 1/18/2001 at 9:21 AM Ruben Arias wrote:
>
> >VLANs can be defined by MAC address or IP address.
> >When MAC address is used, you have a layer 2 VLAN, when IP address is used you have 
>a layer 3 VLAN and a router is needed.
> >Layer 2 VLANs mostly used for filtering (never done, I supose is a hard work to 
>mantain)
> >
> >
> >Peter Van Oene wrote:
> >
> >> Just for clarity, VLAN's are a layer 2 concept and IP is of course a layer 3 
>(please do not start with the "but what layer is arp again" :)
> >>
> >> Despite subnets and VLAN's generally happening on a 1:1 basis in a lot of 
>theoretical and practical discussions, the two concepts are totally unrelated and 
>altogether unaware of each others presence.  An IP host will not detect a node is on 
>another VLAN and hence send to the gateway, it will detect a node is on another 
>subnet.  It doesn' t really care if the node is in the same broadcast domain or 
>halfway around the world, if its not on the network, its sent via the gateway.  This 
>is very strict behavior.  Nodes on different IP subnets do not communicate directly 
>in any case without the use of an intermediary, layer 3 device.
> >>
> >> VLANs as a concept are of trivial complexity.  VLAN membership, particularly 
>dynamic membership along with protocols like 802.1q, ISL, PVST etc that leverage and 
>support VLANs do offer some element of challenge and opportunity for best practise 
>designs.
> >>
> >> I just felt that the line between VLANs (broadcast domains) and IP subnets was 
>getting somewhat blurry when it really shouldn't be.
> >>
> >> *** REPLY SEPARATOR  ***
> >>
> >> On 1/16/2001 at 10:19 AM Curtis Call wrote:
> >>
> >> >Keep in mind that seperate VLANs will be seperate subnets.  Which means
> >> >that by default a host will encapsulate any IP packet destined for a
> >> >different VLAN within an ethernet packet with a destination MAC address of
> >> >the default gateway.  So a layer 2 switch will never get the chance to try
> >> >and "switch" between VLANs since everytime a host needs to get to a
> >> >different VLAN (subnet) it will just send a packet to the router which is
> >> >on the same VLAN in order for it to be routed.
> >> >
> >> >
> >> >
> >> >
> >> >>-Original Message-
> >> >>From: Bob Vance [mailto:[EMAIL PROTECTED]]
> >> >>Sent: Tuesday, January 16, 2001 8:35 AM
> >> >>To: CISCO_GroupStudy List (E-mail)
> >> >>Subject: why is routing needed with VLANs
> >> >>
> >> >>
> >> >>OK.
> >> >>I must be brain dead, today.
> >> >>(and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
> >> >> and, yes, I know, "What's so special about 'today' "?
> >> >>)
> >> >>As far I can understand it so far, about the only benefit that I see
> >> >>from VLANs is reducing the size of broadcast domains.
> >> >>
> >> >>Suppose that I have a switch in the closet with one big flat address
> >> >>space (well, it couldn't be that big with only one switch, now, could
> >> >>it ?>).  Then someone says,
> >> >>   "You know, we're getting a lot of blah-blah broadcast traffic.
> >> >>Let's VLAN.
> >> >>   "
> >> >>OK, fine.  We VLAN and put whatever services in each VLAN that are
> >> >>required to handle the broadcasts (e.g., DHCP service).  So, now the
> >&

RE: why is routing needed with VLANs - ARP?

[Bob Vance]

What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs - ARP?

[Baety Wayne A1C 18 CS/SCBD]

Because VLANs are what they are, virtual lans,
in other words many lan segments (self contained
broadcast domains).  We're trying to accomplish
something in software, which was traditionally
implemented physically.

The Question 2 you is...  What is the traditional
way of moving 1 packet from a lan segment to
another that doesnt share the same broadcast
domain? (i.e. Not just connected by a bridge or
layer 2 switch)

Answer: Routing.

Clients don't find IP address of other clients in
different broadcast domains.  To them, they simply
don't exist.  Only the common Router between them exists.
(Layer 2 is completely Ignorant of Layer 3). They only
ARP the IP address of the Router. Or should I say RARP.
They're usually configured with the gw IP already.

Wayne

-Original Message-
From: Bob Vance [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 2:50 AM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs - ARP?

[Bob Vance]

>What is the traditional
>way of moving 1 packet from a lan segment to
>another that doesnt share the same broadcast
>domain? (i.e. Not just connected by a bridge or
>layer 2 switch)
>Answer: Routing.

I know that you're speaking practically, but,
it's not evident, a priori, that
   " moving 1 packet from a lan segment to another
 that doesn't share the same broadcast domain ..
   "
*requires* routing.  And, in fact, it *doesn't* (at least in the sense
of IP routing.  Let's not get too far into the semantics of the word
"routing" ;>).

The whole point of my noodling, was "*Why* do we need the router."
It would certainly be a lot cheaper (cost and process) if we didn't
need one.


The answer is that limiting broadcasts limits practical communication
at the IP level because of IP address discovery (forgetting about all
other protocols), as you point out.  But, I contend that this is a
practical consideration, not theoretical.

For example, we *could*, of course, still have the possibility of
entering static ARP entries into two clients on different VLANs pointing
to each other in the same flat address space.
Then *if* the switch commingled VLAN MAC addresses *and* forwarded
inter-VLAN unicasts, *then* the 2 clients *could* talk.

In fact, it seems that if there were some kind of server process in each
VLAN that handled various broadcast requests, then the scenario *could*
work, generally, without a router.
Of course, we've just introduced another box/process, so what has been
gained ?>)

I dunno.  Just seems to me that the text books ought to point this out
and make the router requirement clearer.  Then, again, maybe I'm the
only one that didn't see the issue right away :)

This may be all just angels dancing on a pin, but thinking about the
why always makes me learn more.

One of my aphorisms is;

"If you learn the *why* of something, you'll never
 forget the *how* of it.
"

Oh, boy.  My kids, eyes are a-rollin', again :)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: Baety Wayne A1C 18 CS/SCBD [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 19, 2001 6:11 AM
To: 'Bob Vance'
Cc: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


Because VLANs are what they are, virtual lans,
in other words many lan segments (self contained
broadcast domains).  We're trying to accomplish
something in software, which was traditionally
implemented physically.

The Question 2 you is...  What is the traditional
way of moving 1 packet from a lan segment to
another that doesnt share the same broadcast
domain? (i.e. Not just connected by a bridge or
layer 2 switch)

Answer: Routing.

Clients don't find IP address of other clients in
different broadcast domains.  To them, they simply
don't exist.  Only the common Router between them exists.
(Layer 2 is completely Ignorant of Layer 3). They only
ARP the IP address of the Router. Or should I say RARP.
They're usually configured with the gw IP already.

Wayne

-----Original Message-
From: Bob Vance [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 2:50 AM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=====





-Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I mus

RE: why is routing needed with VLANs - ARP? - follow-up

[Bob Vance]

I think that Peter Van Oene hit the nail on the head (and confirmed my
conclusion :) , so I thought that I'd share a couple of his thoughts.

   " ...  More specifically, which applications can work in a unicast
only
world?  Do you intend on statically mapping all your IP to MAC
relationships on node by node basis since ARP no longer works as a
discovery mechanism?

Thinking about this stuff leads to the understanding that
broadcasting
is a fundamental communication tool in today's networks and one
cannot
eliminate its use without creating a major disturbance.

Your understanding of VLAN'ing as a very simple technology is on the
money however.  Its simply a way to create two broadcast domains
where
there was previously one without additional replication of hardware
and
cabling.
   "

You know, it seems that broadcasting is a lot like friction --

We spend a lot of time trying to reduce it, but we can't live without it
!


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 12:50 PM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
===

RE: why is routing needed with VLANs - ARP? - follow-up

[Bob Vance]

I think that Peter Van Oene hit the nail on the head (and confirmed my
conclusion :) , so I thought that I'd share a couple of his thoughts.

   " ...  More specifically, which applications can work in a unicast
only
world?  Do you intend on statically mapping all your IP to MAC
relationships on node by node basis since ARP no longer works as a
discovery mechanism?

Thinking about this stuff leads to the understanding that
broadcasting
is a fundamental communication tool in today's networks and one
cannot
eliminate its use without creating a major disturbance.

Your understanding of VLAN'ing as a very simple technology is on the
money however.  Its simply a way to create two broadcast domains
where
there was previously one without additional replication of hardware
and
cabling.
   "

You know, it seems that broadcasting is a lot like friction --

We spend a lot of time trying to reduce it  ...
but we can't live without it !


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 12:50 PM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
===