Difference between VLAN

Hi,
whats the difference between layer 2 VLAN and Layer 3 VLAN.
regards
Neo

Here's the IEEE 802.1 defintion of VLAN. This is basically your layer 2 VLAN.
• Provides for the logical grouping of stations (MAC Service Access Points - MSAPs) and/or switch ports, allowing communications as if all stations/ports are on the same physical LAN segment. This includes stations/ports that are physically located on different LANs or segments within the physical boundary of an 802.1D Bridged LAN. A single Bridged LAN may include multiple VLAN “segments”.
With that said, as the previous poster mentioned, for a host on a VLAN to communicate with a host on another VLAN you need a layer 3 device (router). Often, this is done by a layer 3 switch (like 3550, 6500 etc.). On a layer 3 device you have to create a logical interface, vlan interface on a switch or sub-interface if you are doing router-on-a-stick, to route traffic between VLANs. This is basically your layer 3 VLAN (interface) if you like to call it that way.
HTH,
Sundar
*Please rate all helpful posts.

Similar Messages

  • Whats difference between native vlan and pvid

                       whats difference between native vlan and pvid ?

    Hi,
    a port VLAN ID is the assigned VLAN of an access-port.
    The native VLAN is used in a trunk. A trunk is used to connect another switch or a device which belongs to more than 1 VLAN. Since a standard ethernet frame doesn't provide a field to distinguish VLANs, a special field is inserted, this is called "tagging". Nevertheless, frames belonging to the native VLAN  are transmitted without such a tag (in other words: the ethernet frames are not modified). In this way, traffic forwaring is possible in the native VLAN even when the trunk is not working  correctly.
    In theory, when you would connect a trunkport from one switch to an accessport of another, communication for the native VLAN would be possible. In such a scenario, the native VLAN-ID doesn't have to match the PVID. Hope, this isn't to confusing.
    You can find more details in discussion https://learningnetwork.cisco.com/thread/8721#39225
    Regards,
    Rolf

  • Difference between bridge-group and VLAN

    Hi all,
    I don't understand very well the difference between bridge-group and VLAN...
    Could someone explain me or give me a site which could help me?
    Thx U by advance!

    Khay
    bridge-group is used on a router to enable bridging on an interface. In terms of functionality a bridge-group is very similar to a VLAN. For example if you create bridge-group 1 and assign it to interfaces FastEthernet 1/0 and 2/0 and you create bridge-group 2 and assign it to interfaces FastEthernt 1/1 and 2/1 it is like creating 2 VLANs. Devices in bridge-group 1 (interfaces 1/0 and 2/0) can communicate with each other but not with devices in bridge-group 2 (intefaces 1/1 and 2/1).
    HTH
    Rick

  • The difference between VTP server and transparent mode on Catalyst Switch.

    Hello 
    I have a question about the difference between VTP server mode and VTP transparent mode on general catalyst switch.
    Basically VTP server mode can create and modify VLAN configuration but  actually there is not any VLAN configuration through running-config, is it true?  When I checked it on Cat3550, certainly there is not VLAN configuration on VTP server mode. But VTP transparent can create VLAN and configuration but does not synchronize with other switch VLAN status. I appreciate any related information and reason of the VTP server mode specification, thank you very much.
    [VTP Transparent mode]
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Transparent
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *omit
    vlan 99
     name TEST-VLAN
    [VTP Server mode]
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Server
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *no VLAN like above configuration on VTP transparent mode.
    Best Regards,
    Masanobu Hiyoshi

    Hi mhiyoshi,
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Transparent
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *omit
    vlan 99
     name TEST-VLAN
    The above out put indicates that Vlan is created and then mode changed to transparent. i.e why revision no is 0.
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Server
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *no VLAN like above configuration on VTP transparent mode.
    This indicates that vlan never created in server mode nor learnt from another switch as revision no is 0

  • Differences between inband and outband management IP

    Hi All
    What is the difference between inband mgmt IP and outband mgmt IP 
    and How could I configure the inband as when I tried to configure it I received the following error:
    vlan"xyz"resolved to unsupported vlan ID 
    as in attached
    BTW the procedure I used to create inband mgmt IP
    1- create vlan group includes all vlans created globally (vlan of data traffic and mgmt traffic)
    2- modify the inband profile from the LAN tab to be: 
        Inband vlan group: the created in point 1
        Network: vlan of data traffic
    3- from service profile of certain server I changed the inband mgmt with static IP ( in the range of data traffic vlan) and use the network of data traffic vlan
    Thanks in advance

    Thanks Walter
    You are very helpful
    I tried the procedure you provide me with
    The management IP range 192.168.2.0/24 vlan 2
    the data traffic IP range 192.168.3.0/24 vlan 3
    I tried to use different IP range(192.168.4.0/24 vlan 4)  for inband management IP and I can open the inband KVM but the VMs on the server could not be accessed (the uplink ports are trunk for vlan 3,4) and the ports in the core SW are trunk for vlan 3,4 also.
    also I tried the same range of data traffic but I could not open the KVM inband and the error of vlan"xyz"resolved to unsupported vlan ID  appeared again 
    so any advice 
    thanks in advance
    Amr

  • Difference between SF200 and SF200E

    I wonder what is the difference between SF200 and SF200E smart switch. They seem like having same spec. Anyone can help me this?

    Hello Mr. Fan,
    Another aspect to take in consideration is that the SF200 supports for up to 128 simultaneous VLAN (VLAN ID 4096). Port-based VLAN and 802.1Q tag and the SF200E supports up to 256
    Diego Rodriguez
    Cisco network engineer
    Thank you

  • Difference between L2 and L3

    What exactly are the differences between using L2 mode against a L3 mode for WLC?

    In a nutshell, L3 provides for more flexibility & scalability in AP deployment.
    The technical definition:
    "The mechanics and sequencing of Layer 3 LWAPP are similar to Layer 2 LWAPP except that the packets are carried in UDP packets instead of being encapsulated in Ethernet frames."
    Logical definition
    L2 limits the APs to the same vlan as the ap-management, whereas L3 allows the APs to be in a different subnet
    Here is the url that goes in depth about lwapp:
    http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html

  • Difference between Trunk links and port channel

    Hi 
    Can anyone please explain me the difference between the Trunk links and Ether channel ?

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    As the other posters have already described, in Cisco parlance, a "trunk" is a link that carries VLAN tagged frames.  (Note, Cisco has two technologies for these, ISL [old/proprietary] and IEEE 802.1Q [vendor independent].)  An Etherchannel (also called a port-channel) is one logical link that includes one or more physical links.  (Note, although Etherchannel can run across just one link, normally more than one link is configured.  Older and most Cisco implementations support up to 8 links in one channel bundle.  There's also multiple Cisco technologies that support Etherchannels, such as manual/PAgP[Cisco/old]/LACP[IEEE 802.3ad].)
    Trunk links might also be configured on an Etherchannel link.

  • Difference between Linksys SRW224G4 & Cisco SF300-24

    Hi Guys
    I was wondering if there was a difference between the Linksys SRW224G4 & Cisco SF300-24 switches. Going through the support docs I see the SF300 has limited L3 functionality in terms of being able to establish static routes between VLANS. Any further information would be of use.
    Also any recommendations for an equivalent switch for access layer/distribution layer use would be most welcome
    Thanks
    GR

    SF300-24 is a brand new product with vast improvements over SRW224G4. Here's a few of the major ones:
    1)    1) Overall Value:
    -          > 80 New software features:
    o   Layer 3 Routing for improved network performance where multiple VLANs are used
    o   IPv6 support to protect investments as you evolve your network to the Next Generation Internet
    o   Advanced VLAN Services enabling new application support (Voice VLAN, Guest VLAN, MAC-based VLAN, Protocol-based VLAN, Dynamic VLAN assignment)
    o   Advanced Security – Denial of Service Attack prevention, Protected ports, Private VLAN Edge
    o   Unique things to Cisco - like CDP, Auto Smartports, CCA, FindIT - deliver simplified management and autodiscovery
    o   Others including Energy Efficiency, IGMP Querier, LLDP-MED, Time-based 802.1x, etc
    -          Numerous hardware enhancements
    o   Energy-efficient technology, helping save power and reduce costs
    o   Fanless designs on many models for silent operation
    o   Advanced and latest silicon with larger memory and flash footprints deliver confidence in this state of the art solution 
    -          More ports per Gigabit switch. In the case of low density (10 port), equates to 25% more ports. With 24-port switches, 16% more ports
    -          Very competitively priced – in most cases below comparative competitive products while delivering more capabilities
    2)     2) Unique Cisco Value deliver simplified management and autodiscovery – CDP, Smartports, CCA, FindIT
    3)   3) Lifetime Warranty with Next Business Day Advanced Replacement (where available) and lifetime warranty on power supplies and fans
    4)     4) Localization into seven languages - English, German, French, Italian, Spanish, Simplified Chinese, and Japanese

  • Difference between WRV200 and WRV210

    Dear Cisco
    Can you tell me the main difference between WRV200 and WRV210.
    Another question
    The datasheet said that the WRV200 can run SSL VPN, is that rigth???
    Cisco WRV200 Wireless-G VPN Router: RangeBooster
    Downloads
    Cisco WRV200 Wireless-G VPN Router: RangeBooster
    Secure Wireless Network Access for Small Offices
    Highlights
    • IPsec and SSL VPN connectivity on a single device
    • Built-in 4-port 10/100 Fast Ethernet switch
    • Multiple SSIDs and VLANs provide separate secure networks
    • Simple, browser-based configuration
    Figure 1. Cisco WRV200 Wireless-G VPN Router: RangeBooster

    Do WRV200 support SSL. strange if yes a newer product do not
    Highlights
    • IPsec and SSL VPN connectivity on a single device
    • Built-in 4-port 10/100 Fast Ethernet switch
    • Multiple SSIDs and VLANs provide separate secure networks
    • Simple, browser-based configuration

  • Difference between AP groups and HREAP or flexconnect

    Hi Experts ,
    Can anyone please tell me the difference between AP groups and HREAP functionality?
    Is the AP group for within one office location ? and Hreap is over WAN?
    Regards,
    Vijay.

    AP groups and H-REAP/FlexConnect are used differently.  AP Groups define what SSID's and WLAN to VLAN mapping (local mode) that ap's in the group will have.  H-REAP/FlexConnect group is only used when the ap's are in this mode and you define ap's that are close together in that group for fast roaming if using 802.1x.  If your only using pre-shared key or non-802.1x, then you really don't need to use H-REAP/FlexConnect groups.  You can have ap's in both ap groups or h-reap/flexconnect groups, that is why you need to understand what each does.
    FlexConnect Grups:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010001111.html
    AP Groups:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01011111.html
    Scott

  • Difference between ACS and ISE

    What is the big difference between the ACS and the ISE? We just purchased an ACS server to start locking down ports on our switches and use the Radius functions to better secure our wireless environment. It has been ordered but not yet arrived. I had a discussion with management today about preventing the IPads / IPhones / Smartphones / etc. of the world from accessing the network. If the user knows the credentials for getting their laptop onto the network then they can use these same credentials to get their IPad on the network. How do we detect and prevent is the current question.
    In discussing with others the ISE comes up. The questions now become what is the big difference between this and the ACS. Do they work together or independently since they both seem to have "radius on steroids". Can I configure the ACS to do the same functions? I figure this will have to be something on a MAC address level anyway. Oh and one other thing. My wireless infrastructure is not Cisco.
    Off to continue the research path ....
    Brent

    To put it simply I usually say ACS = RADIUS, ISE = NAC.
    ISE will do RADIUS functions as well as NAC functions. Eventually you'll probably see ACS go away and be simply replaced by ISE.
    ISE will do posturizing and profiling of a device to see if it truly meets requirements to be on a certain VLAN. For your example if you were to my credentials on my own smart device I would have access. ISE could profile this device to see if it truly is a corporate owned device or not. If it wasn't ISE can switch the network that the device connects to, say a guest network.
    ISE can also do captive web portals for wired/wireless guest access.
    I wouldn't rely on any type of MAC address authentication as I can easily spoof that.

  • Difference between ip default-gateway command & a default route

    Can any please let me know the difference between ip default-gateway command & a default route. i have a couple 4500 and 2950 for which i need to have a management VLAN as well as their VLAN memberships.

    ip default-gateway command is for layer 2, it's how you can access a switch from outside the mgmt interface vlan. Think of this as you would configure and ip address on a PC or a end host, it needs a default-gateway.
    A default route on the other hand is for a device that has a lauer 3 capability, this is the gateway of last resort for anything that the device receives to be routed and the destination is not in it's routing table it (the L3 device) sends it to the default route or gateway of last resort.
    Since you are referring to 2950 which is strictly a layer 2 device, even if it take dafault route or "ip route 0.0.0.0 0.0.0.0 x.x.x.x", it will not work, for this device you need to configure default-gateway so that this switch can be reached outside it out subnet, this is given the default-gateway have routes to the rest of the network.
    Please rate all posts.

  • Re: Difference between HWIC-1FE and HWIC-4ESW

    Hi
    I am trying to find out the main difference between the HWIC-1FE and HWIC-4ESW cards.
    Also I have a cisco 2811 router that is configured with one Fastethernet connected to DSL and the other port connects to mt LAN and METRO (using subinterfaces), is this the best practice?

    HWIC-4ESW is the 4-port single-wide 10/100BaseT Ethernet switch HWIC. The 4ESW is a L2 switch and is cost effective.
    HWIC-1FE is 1-port Fast Ethernet HWIC. The HWIC-1FE is a true L3 interface and is expensive. It has feature parity with an onboard FE interface except for OAM support, which is delayed.
    HWIC-4ESW has the capability to setup VLAN but they are not the routed ports Whereas, HWIC-1FE has the same characteristics as Onboard FE ports.

  • Difference between bridge mode and routed mode on CSS

    Hi,
    Could some one tell me the difference between routed mode and bridge mode.
    Regards
    Neha

    Hi,
    routed mode:
    The CSS acts as a router, it routes packets from the client to the server. The server has the ACE configured as default-gateway.
    There is a client-side VLAN and a server-side VLAN. These VLANs have different subnets.
    Bridged mode:
    The CSS acts as a bridge, it switches frames from the client to the server. The server has the upstream router configured as default-gateway.
    There is a client-side VLAN and a server-side VLAN. These VLANs have the same subnet, but different VLAN IDs. The ACE bridges the client traffic from the client-side VLAN to the server-side VLAN.
    Bridged mode would be most used in case one cannot change the servers IP addresses, or if address space is an issue.
    Hope this helps.
    Kind regards,
    Dario

Maybe you are looking for