VLAN configuration question

Ron Nutter helps a reader who needs help with a VLAN configuration issue.

I am studying for my CCNA (self taught). I'm trying to understand an issue. If I had Host A and Host B attached to individual switch ports with Host A in VLAN 2 and Host B in VLAN 3, and then a third switch port attached to a router, does the link from the switch to the router have to be in another VLAN or trunked? Can the router run DHCP for Host A and Host B? I'd appreciate all help you can provide.

Bill Hamilton

Let me put things in terms of what I did on the network I handle at the college where I work. What you can do with VLANs is dependent on the type of switch gear you have on the network. To do VLANs, at least one device, for example in my case - the core switch where everything on the network terminates (either individual connections or buildings when dealing with a multiple-building network) has to be a Layer 3 device. Layer 3 devices have the intelligence to drive a multiple VLAN network, while Layer 2 devices can only participate in the VLAN network. In my case, I have a 6509 Catalyst Switch as the core switch for the network I work with daily. On that switch, since it is a Layer 3 device, I define the VLANs, what subnets they belong in, etc. On the ayer 2 switches I have, such as a 3524XL or 3548, I tell each port on the switch what VLAN it is in if I want it in something other than VLAN 1 where all ports end up by default. In my experience, Layer 3 devices are more expensive as a general than Layer 2 devices in part because of the additional functionality.

Another thing to consider: In my configuration I have enabled VLAN encapsulated trunking on the fiber ports between switches. This is the best way I have found to deal with a multi-switch, multi-VLAN configuration. Setting this up is fairly straightforward and there are several PDFs available from Cisco's Web site that show you how to do it.

As to DHCP, if the DHCP service understands how to support multiple subnets, you can do that with the router. It doesn't have to be in a different subnet than the other two ports you have already defined in other subnets. One of things you will have to do in the VLAN configuration on the Layer 3 device is enter a command called IP helper-address, followed by the IP address of the system providing the DHCP service. While it may be possible to put the DHCP service on the router, I would probably rather have that service running on a server on the network. In that case, when you work on the router or have it reboot for any reason, you haven't lost Internet access and DHCP service, just 'Net access. This should give you an idea of how I have implemented VLANs on my network. As with anything, there is probably more than one way to do it. My way may not be the best, but it has worked well for me. Just remember one thing, when configuring a multi-VLAN network, keep good notes on your configuration and update it when you make changes, and things should go smoothly for you.

Learn more about this topic

Securing a network with VLANs


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)