VLAN To VLAN

Is it possible to bridge one vlan to another vlan if they are on different subnets? Like can clients accessing to one vlan, access the resources on another vlan?

O my, Im sorry, i forgot that detail about the device, I am working with a CSS 11501. I have a vlan setup with two load balancing servers. The servers are plugged into the CSS, and theres a cable connecting to a 8 port switch on the same vlan. So if i plug my laptop into that 8 port switch I can access the load balanced servers. Lets say the subnet for this switch and servers is 10.0.0.X/24. Now i create another vlan with the same setup, 2 servers, 8 port switch, and cable from the CSS to the switch. But its a different switch on another subnet like 192.168.1.X/24. i want to be able to access the load balanced servers on the 10.0.0.X subnet from my laptop while plugged into the 8 port switch with the 192.168.1.X subnet. So I need to allow each vlan to access the other vlan right? So that is possible right? What contents of the manuals do I need to look at to get this accomplished?

Similar Messages

  • VLAN to VLAN firewall rules support missing on RV180

    How do I submit an RFE (Request For Enhancement) to the Cisco SBR team to encourage them to  implement the missing support for VLAN to VLAN firewall rules that was available in the RVS4000 (See https://supportforums.cisco.com/message/3614106#3614106) and that was supposedly added to a beta release of the RV220W firmware (See  https://supportforums.cisco.com/message/3614106#3614106)?

    Hi Kelly, the RV220W does support LAN to LAN access rules on the 1.0.4.17 and it is released.
    To make a feature request, it is pretty simple. Call the SBSC, have a case created for you. Tell the engineer you'd like to make a feature request. It usually gets escalated in 3 days or less.
    -Tom
    Please mark answered for helpful posts

  • Vlan & Inter Vlan question

    Here is my network layout:
    I have a cable modem connecting to a Linksys WRT54GL (DDWRT) router. Port 1 on the WRT54GL is connect to port 01 on the SG300-10 switch.
    On the SG300-10 I've created two Vlans (Vlan 30 & Vlan 40). I assigned ports 3 & 4 on the SG300-10 to Vlan 30 and ports 5 & 6 to Vlan 40. Vlan 30 has the IP Address 10.10.30.1 and Vlan 40 has an Address of 10.10.40.1. The default Vlan (Vlan1) has an Address of 10.10.20.2. The default gateway (WRT54GL router) has an Address of 10.10.20.1. I have also enable DHCP relay on the switch and enter the command "ip routing". My question is on either vlan if I wanted to setup static addresses for clients would I use the 10.10.20.1 (WRT54GL) address as the default gateway? Also, what additional configurations do I need to make for the Vlans to be able to talk to each other and be able to access the internet?
    Thanks,

    Van,
    Thanks for the reply. The SG300-10 is in layer 3 mode. I have configured the DHCP server accordingly. Here is my setup:
                       cable modem
                              |
                              |
                       linksys wrt54gl (10.10.20.1)
                              |
                              |
                       sg300-10  Vlan1=  10.10.20.2 (manage)
                                      Vlan30= 10.10.30.0 /24 (GW= 10.10.30.1)
                                      Vlan40= 10.10.40.0 /24 (GW= 10.10.40.1)
    You said that for inter-Vlan to work I need to set the clients GW to the switch. Would that be the Vlan's gateway for clients in each vlan? For example if a client was in vlan30 their gw would be 10.10.30.1?
    The clients are not able to access the internet from the vlan. How would I configure the static on the switch for the vlans to be able to access the internet? Would this work:  ip route 0.0.0.0 0.0.0.0 10.10.20.1?

  • Create 2 VLAN (VLAN 1 & VLAN 2)

    Hello all,
    i need help and advice with my new Cisco SF300-48. I want to create 2 vlan (vlan 1 & vlan 2). The switch is set at layer 2.
    example :
    vlan 1 (port 1, 2, 3) , vlan 2 (port 4, 5, 6)
    vlan 1 can communicate each other (port 1, 2, 3) and vlan 2 can communicate each other (port 4, 5, 6)
    But vlan 1 cannot communicate with vlan 2.
    Any help would be appreciated
    Thanks,
    Johan

    Hi Johan,  in a layer 2 environment VLANs are designed to not be able to communicate to each other. For intervlan communication, it requires a layer 3 device.
    If you have the switch with 2 computers connecting on the different VLAN with no other devices connected, vlan 1 talks to vlan 1, vlan 2 talks to vlan 2. A router would have to be able to route between the VLANs. However, the router would have to support 802.1q and either trunk or sub interfaces to make it possible for the VLANs to communicate.
    -Tom
    Please mark answered for helpful posts

  • L2VPN Local Switching VLAN to VLAN issue on 7200VXR/NPE-G1

    I've been working with a client trying to get this working. We tried 12.2(31)SB6, 12.4(15)T1 IP Services and 12.4(15)T1 Advanced IP Services.
    It works fine for Ethernet to Ethernet, or Ethernet to VLAN, but it doesn't work for VLAN to VLAN either on the same interface or on different interfaces. We've tried this on both a Cat5505 as well as a Cat294XL thinking that maybe there would be some issues with one platform or the other.
    Here's an example:
    ! VXR (12.4(15)T1 Adv. IP Services)
    interface GigabitEthernet0/1
    no ip address
    duplex full
    speed 100
    media-type rj45
    no negotiation auto
    interface GigabitEthernet0/1.202
    encapsulation dot1Q 202
    interface GigabitEthernet0/1.203
    encapsulation dot1Q 203
    connect test GigabitEthernet0/1.202 GigabitEthernet0/1.203
    ! Cat 5505
    set vlan 202 9/1
    set vlan 203 9/2
    set port name 9/1 PC1
    set port name 9/2 PC2
    set port name 9/3 VXR-G0/1TRUNK
    clear trunk 9/3 1-201,204-999
    set trunk 9/3 on dot1q 202-203,1000-1005
    We seem to be able to sequeeze a few packets through every once in awhile - like 1 or 2 every 20 or 30 packets:
    64 bytes from 192.168.1.1: icmp_seq=10 ttl=64 time=0.604 ms
    64 bytes from 192.168.1.1: icmp_seq=18 ttl=64 time=0.638 ms
    64 bytes from 192.168.1.1: icmp_seq=40 ttl=64 time=0.621 ms
    64 bytes from 192.168.1.1: icmp_seq=48 ttl=64 time=0.608 ms
    64 bytes from 192.168.1.1: icmp_seq=70 ttl=64 time=0.605 ms
    64 bytes from 192.168.1.1: icmp_seq=78 ttl=64 time=0.630 ms
    As you can see from the below show interface, the interface is receiving lots more packets than it's sending:
    Router#show int g0/1
    GigabitEthernet0/1 is up, line protocol is up
    Hardware is BCM1250 Internal MAC, address is 001c.b0fa.101b (bia 001c.b0fa.101b)
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
    Keepalive set (10 sec)
    Full Duplex, 100Mbps, RJ45, media type is RJ45
    output flow-control is unsupported, input flow-control is XON
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters 00:00:15
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 1000 bits/sec, 2 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    40 packets input, 2836 bytes, 0 no buffer
    Received 36 broadcasts (0 IP multicasts)
    0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog, 19 multicast, 0 pause input
    8 packets output, 672 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier, 0 PAUSE output
    0 output buffer failures, 0 output buffers swapped out
    Router#
    Does L2VPN Local Switching VLAN to VLAN not work on VXRs or something?
    This link seems to indicate that E-E VLAN is supported in 12.4(11)T.
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/fslocal.htm#wp1149105
    What am I missing?

    Hi,
    In ASR9k, VLAN is port significant so yes you can match the same VLAN on different port.
    For your untagged traffic, both UPE fo site 1 will think they are directly connected via two links so yes STP should take care about the loop
    For your VPLS domain, if you are not using VLAN 100 on site 3, you need to pop the tag on both ASR9k. Also do you extend STP to site 3 ?
    SVI is not supported in ASR9k today so you have to use unumbered interfaces instead:
    interface Loopback1
    ipv4 address a.b.c.d 255.255.255.255
    interface g0/7/0/0.200
    encapsulation dot1q 200
    ipv4 point-to-point
    ipv4 unnumbered Loopback1
    proxy-arp
    interface g0/7/0/1.200
    encapsulation dot1q 200
    ipv4 point-to-point
    ipv4 unnumbered Loopback1
    proxy-arp
    I never tested it in this situation but from STP perspective those links should be seen as host connection.
    Let me know if it works
    HTH
    Laurent.

  • L2TPv3 Ethernet VLAN-to-VLAN Session problem

    Hi all ,
    I had got in trouble with L2TPv3 Ethernet VLAN-to-VLAN Session.
    control tunnel state is up,but session state is down.
    Circuit state is DOWN
    cisco 851 Session state is wait-for-service-selection-icrq,
    cisco 2811 Session state is wait-reply,
    topology:cisco 851 --------cisco 2811
    detail:Attachment

    It Only works in situations where there is more than one Ethernet interface.Check the interface support for these technology and recreate it

  • 1200: Native VLAN & Management VLAN

    I want to keep the management VLAN and native VLAN seperate. Is this the correct setup when using VLAN 999 as the native VLAN and VLAN 100 for the management VLAN.
    Management VLAN 100 (10.100.0.0/24)
    ### Trunk SW ###
    description "AP"
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 999
    switchport trunk allowed vlan
    switchport mode trunk
    switchport nonegotiate
    speed 100
    duplex full
    ### AP ###
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 99 key 1 size 128bit 7 3831CB248113D952741376BEC352 transmit-key
    encryption vlan 99 mode wep mandatory
    encryption vlan 11 mode ciphers tkip
    ssid xoxoxo
    vlan 11
    authentication open eap eap_methods
    authentication network-eap eap_methods
    authentication key-management wpa
    ssid xxx
    vlan 99
    authentication network-eap eap_methods
    speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
    rts threshold 2312
    station-role root
    interface Dot11Radio0.11
    encapsulation dot1Q 11
    no ip route-cache
    bridge-group 11
    bridge-group 11 subscriber-loop-control
    bridge-group 11 block-unknown-source
    no bridge-group 11 source-learning
    no bridge-group 11 unicast-flooding
    bridge-group 11 spanning-disabled
    interface Dot11Radio0.99
    encapsulation dot1Q 99
    no ip route-cache
    bridge-group 99
    bridge-group 99 subscriber-loop-control
    bridge-group 99 block-unknown-source
    no bridge-group 99 source-learning
    no bridge-group 99 unicast-flooding
    bridge-group 99 spanning-disabled
    interface dot11radio 0.999
    encapsulation dot1q 999 native
    interface dot11radio 0.100
    encapsulation dot1q 100
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    ntp broadcast client
    interface FastEthernet0.11
    encapsulation dot1Q 11
    no ip route-cache
    bridge-group 11
    no bridge-group 11 source-learning
    bridge-group 11 spanning-disabled
    interface FastEthernet0.99
    encapsulation dot1Q 99
    no ip route-cache
    bridge-group 99
    no bridge-group 99 source-learning
    bridge-group 99 spanning-disabled
    interface fastethernet 0.999
    encapsulation dot1q 999 native
    interface fastethernet 0.100
    encapsulation dot1q 100
    interface BVI100
    ip address 10.100.0.110 255.255.255.0
    no ip route-cache
    ip default-gateway 10.100.0.1

    This looks correct to me. Do you have a non_root bridge on their other side?
    Are you able to trunk all 4 VLANS with this config?

  • Two SSIDs; different VLANs; second VLAN can't talk to Internet

    I've got an ASA 5505 firewall with internal interface 192.168.65.1 on port 1 and a WAP connected to port 5 with the address 10.10.1.1. The WAP has two SSIDs configured; one is on VLAN 1 and the other on VLAN 14. The firewall has port 5 configured as a trunk for VLAN 1,14 and the interface was configured a VLAN 14.
    If I connect to the WAP using the SSID on VLAN 1 I get an address of 192.168.x.x from our internal DHCP server and have full connectivity to the internal and external networks. If I connect to the SSID on VLAN 14 I get an address of 10.10.1.x from the firewall DHCP server but am unable to connect to anything.
    When connecting to the SSID on VLAN 14 I want to be able to access the external interface but not anything internally. I have configured a firewall access rule to allow 10.10.1.0/24 to outside and deny 10.10.1.0/24 to 192.168.0.0/16 but this hasn't worked.
    Any ideas?

    You need to configure an IP helper on the appropriate VLAN interface(s). Routers, by default, will not forward broadcast packets. Since DHCP client messages use the destination IP address of 255.255.255.255 (all Nets Broadcast), DHCP clients will not be able to send requests to a DHCP server on a different subnet unless the DHCP/BootP Relay Agent is configured on the router. The DHCP/BootP Relay Agent will forward DHCP requests on behalf of a DHCP client to the DHCP server. The DHCP/BootP Relay Agent will append its own IP address to the source IP address of the DHCP frames going to the DHCP server. This allows the DHCP server to respond via unicast to the DHCP/BootP Relay Agent. The DHCP/BootP Relay Agent will also populate the Gateway IP address field with the IP address of the interface on which the DHCP message is received from the client. The DHCP server uses the Gateway ip address field to determine the subnet from which the DHCPDISCOVER, DHCPREQUEST, or DHCPINFORM message originates.
    See more at the following document, with configuration steps and examples:
    http://www.cisco.com/warp/public/473/100.html#configdhcpbootpciscoios

  • RV042 VLAN to VLAN access?

    I have 2 VLANs set up and I know they are set as default to not allow one to communicate to the other.  Is there a way to set a rule to allow that?  I'd like VLAN1 to be able to access VLAN2, but not the other way around.

    The port-based VLAN feature of RV042 does not allow different VLANs to communicate with each other.
    To support your scenario, you could try configuring multiple subnets under the Setup>Network page, and then configure Access Rules to restrict the traffic between the multiple subnets.

  • BUG? when Using SCVMM 2012 R2 SP1 RU2 to move a vm and change vlan setting,vlan setting on hyper-v was not changed

    1. when i use scvmm 2012 r2 sp1 ru2 to move a vm to another host(with no vlan trunk ) and change vlan 2 to vlan disabled. the network of vm was lost,when i check the network property on hyper-v management console ,i saw the vlan still the original setting,
    but when i check the network propery on scvmm ,the vlan setting shows disabled,then i refresh the vm on scvmm console,the vlan setting shows vlan 2.
    image 1, move a vm and change vlan settings to be disabled.
    image 2. after vm was moved to another host ,the vm vlan settings shows on hyper-v console
    yoke88
    IM:[email protected]

    Hi,
    in 2012 R2 UR2 there is already one bug fix regarding the vlan's. This can be a different problem. I would suggest to post this question to 
    https://connect.microsoft.com/WindowsServer/SC_Public
    Regards,
    Cengiz Kuskaya

  • Routing from VLAN to VLAN

    I just created a VLAN (VLAN 5) on my 6509 switch. (I am running in Hybrid Mode)
    I created a VLAN 5 interface on the Router of the 6509 and assigned it an address.
    I assigned a port (3/43) on the 6509 to VLAN 5
    I created an ip helper-address for VLAN 5 int. on the router, and I can successfully pull a dhcp address from the PC on port 3/43 in VLAN 5 from a DHCP server in VLAN 1. I can ping host on VLAN1 and accross my WAN environment,but I cannot get to the internet from this PC on VLAN 5.
    I can successfully trace a route to google.com from the VLAN 1 interface of the router, but not the VLAN 5 interface, and I have the same results on the PC.
    I checked my firewall to allow access from both VLANS, and logs show that it is not even getting hit from VLAN 5.
    Any ideas on where I can look to allow VLAN 5 to route to my Internet connection would be great.

    Hi,
    Can you answer the following questions.
    1. Do you have an ACL/filter applied on the inside interface of the firewall?
    2. Does the 6509 connect directly to the firewall. If so, what subnet (vlan) is the firewall inside interface on?
    3. Does the firewall know how to route back to vlan5.
    Pls. rate all helpful posts.
    --Sundar

  • WPA321 VLAN / Management VLAN

    Hey all,
    i have a Network with multiple VLANs, VLAN 19-23 is for the WLAN (one per floor) because of security Reasons. All Switches got 192.168.1.xx IP Adresses. The VLANS have 192.168.19.xx to 192.168.23.xx So my WPA321 for example has the IP 192.168.19.2 (WIth VLAN 19 for WLAN Traffic) How can i set it up the way that the clients get the 192.168.19.xx IPs but the Router itself lies on the 192.168.1.xx network?
    Thanks in advance!

    Are you talking about an autonomous AP right?
    With regards to your case, you need to configure using the MBSSID setup, 
    ASSUME: VLAN20 MGMT VLAN
    dot11 ssid VLAN119
      vlan 19
      authentication open    -just a sample, configure as you desire
      mbssid guest-mode
    interface dot11radio 0
      ssid VLAN19
      mbssid
      bridge-group 1        -already default, but just in case
    interface dot11radio 0.19
      encapsulation dot1q 19
      bridge-group 2
    interface gig0/0
      encapsulation dot1q 19
      bridge group 2
    interface bvi 1
      ip address 10.10.19.10 255.255.255.0  -ip mgmt of AP
    AT SWITCH
    interface f0/1
      switchport mode trunk
      switchport trunk native vlan 20  
    pretty much explainable your WLAN traffic gets tag with VLAN19 and since the native vlan is 20, 
    well you guessed it you can manage your AP

  • RV220W - VLAN 2 VLAN single port access

    Hi
    I just bought Cisco RV220W router, and i have some problems connecting VLANs.
    I have 2 vlans on my network. Now i would like to leave those 2 vlans seperate, so that nobody can go from one vlan to another.
    But i want 3 exceptions.
    1.) access from VLAN1 (default vlan) to a server (192.168.10.2) on VLAN10 port 3389 (RDP).
    2.) access from VLAN10 to a server (10.10.10.3) on VLAN1 (default vlan) port 62000.
    3.) allow ping from VLAN10 to a server (10.10.10.3) on VLAN1 (default vlan).
    Thanks for all your help in advance.
    Bostjan

    cool
    and when can we expect the next firmware release?
    (can i get a beta version of this firmware?)
    Bostjan

  • VLAN, Inter-Vlan I need help...

    Hi guys. I just wanna ask if it's possible to block 192.168.98.2 pc from accessing the 192.168.99.11?
    Router 0
    interface GigabitEthernet0/0.98
    encapsulation dot1Q 98
    ip address 192.168.98.254 255.255.255.0
    interface GigabitEthernet0/0.99
    encapsulation dot1Q 99
    ip address 192.168.99.254 255.255.255.0
    VLAN 98 and VLAN 99 is already connect via Inter-Vlan. My problem now is, how can I block PC 192.168.98.2 from accessing PC 192.168.99.11?
    Thanks
    Best Regards,
    Jaycer
    [email protected]

    Hello
    access-list 100 deny  ip host 192.168.98.2 host 192.168.99.11
    access-list 100 permit ip any any
    interface GigabitEthernet0/0.98
    ip access-group 100 in
    or
    interface GigabitEthernet0/0.99
    ip access-group 100 out
    res
    Paul
    Please don't forget to rate any posts that have been helpful.
    Thanks.

  • NAtive VLAN?what is the use of vlan?VLAN in trunk link?

    what is the use of native VLAN in trunk links? where should i change native vlan from vlan1 to another?
    what is the use of untagged native VLAN frame?

    Hi,
    On ethernet, you can connect more than one device to a port. So when you configure a port as trunk, it expects a vlan tag to arrive. But some times there are devices which dont have the capability to tag the packet and still they need to connect to network. So they can use native vlan to have connectivity. It is not a usual situation, but it helps on some situation where multiple devices connected on a trunk and not all have ability to send tagged frames. Hope this helps.
    Please do remember to rate all useful posts.
    Thanks,
    Madhu

Maybe you are looking for