What's new

VLAN Question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

NFSbuff

Occasional Visitor
This is probably a noob question, and Google wasn't much help.

Does joining multiple VLANs allow for cross VLAN communication?

Specifically in my case, does a device on VLAN 1 have internet access, and/or does the internet have access to VLAN 1 ? Image to clarify:

BL38jTk.jpg
 
Last edited:
It all centers around configuring VLAN memberships. If your internet router is connected say to port 8 and port 8 is a member of all your VLANs, they will all have internet access. But the VLANs should not be able to talk to each other.
 
Thanks for the reply. I get that the VLANs shouldn't talk to each other. I'm wondering if VLAN 1 will have internet access. I've re-arranged the image to hopefully better illustrate the question:

Pp97SRK.jpg
 
Last edited:
So in this scenario, vlan1 doesn't have direct intervlan routing to vlan2, so it should not have access.

vlan8 will have both internet access (vlan2) and access to vlan1.

However, a lot of this depends on how your hardware implements the vlans. I've seen some funky stuff with vlans before. Just test it to make sure using a simple ping from vlan1 to something on vlan2. The ping should fail.
 
Thanks Samir. The next step is to actually implement it. I'm using a Ubiquiti Gateway and switch, so hopefully the theory will equate to reality.
 
Just asking - why introduce complexity with VLAN's if one doesn't need them?

Just because some joker on the internet suggests it's cool, doesn't mean it is...

The layout below - it works, but it's a lot of work for little benefit...


BL38jTk.jpg


Even this one - is there a true and honest need for it (could be, depending on what's going on inside that LAN)

Pp97SRK.jpg


I'm just not seeing a good reason to introduce things that don't need to be there...

Each VLAN is going to introduce a bit of overhead - the more, the more overhead here...

Also - just a a gentle hint - config your VLAN's, but keep the VLAN tag ID's above 100 - just to be safe, as many router/AP's do set up VLAN's internally, and you don't want to conflict with them.
 
It's not to be cool, I assure you.

The office devices should never communicate with devices on the guest network. The broadcast traffic of the VoIP phones should be limited to just themselves. I don't want the core devices (maintenance pages for the gateway, switches, controllers, etc) seen by the office, but I do want external access for remote management. As for processing power that won't be an issue.
 
The office devices should never communicate with devices on the guest network. The broadcast traffic of the VoIP phones should be limited to just themselves. I don't want the core devices (maintenance pages for the gateway, switches, controllers, etc) seen by the office, but I do want external access for remote management. As for processing power that won't be an issue.

If wishes were fishes, we'd all cast nets, eh?

What's to worry here? Don't introduce complexity where one doesn't _need_ to, regardless of _wants_...

Just saying...
 
It's not to be cool, I assure you.

The office devices should never communicate with devices on the guest network. The broadcast traffic of the VoIP phones should be limited to just themselves. I don't want the core devices (maintenance pages for the gateway, switches, controllers, etc) seen by the office, but I do want external access for remote management. As for processing power that won't be an issue.

I have looked through this thread and don't completely get what your trying to do. It appears you are trying to control things with VLANs but with one subnet? Like trying to make a device a member of multiple VLANs? If this is for an office you really need to put each VLAN on its own subnet and use a router or routing switch to manage what has access to things.
 
It's not to be cool, I assure you.

The office devices should never communicate with devices on the guest network. The broadcast traffic of the VoIP phones should be limited to just themselves. I don't want the core devices (maintenance pages for the gateway, switches, controllers, etc) seen by the office, but I do want external access for remote management. As for processing power that won't be an issue.
I don't see a problem at all with this. Makes perfect sense to me for the desired segregation.
 
Just as a heads up - try to keep your VLAN ID's - the explicit ones, above 100 - there are implicit VLAN's inside many routers that are used for internal purposes, and a conflict there can cause really weird issues...
 
VLANs really come into there own when you have a layer 3 switch to handle the high speed routing for local LAN traffic. With VLANs you are going to end up with some crossover between VLANs. It always happens. You will need to handle the routing and security between VLANs.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top