GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Subnet question [7:60711] posted 01/09/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Thank you very much for taking pains to right such a detailed explanation.
Thank you all for your answers they were very helpful.

Thanks
Nitin

-----Original Message-----
From: Priscilla Oppenheimer [mailto:nobody@xxxxxxxxxxxxxx]
Sent: Thursday, January 09, 2003 12:36 PM
To: cisco@xxxxxxxxxxxxxx
Subject: RE: Subnet question [7:60711]


You may not need virtual LANs. Real LANs solve the problem. :-) This is a
classic case of subnetting.

With DHCP, the client should get the right address when it broadcasts after
it moves, so there's no issue.

Leaving DHCP out of the picture, the need to ensure that a moved node can't
communicate is met simply by the way IP works.

Assume there's a client with this config:

address = 100.10.1.100
subnet mask = 255.255.255.0
default gateway = 100.10.1.1

Assume the client is physically sitting on the 100.10.2.0/24 network. When
it wants to send to nodes on the 100.10.1.0 network, it will compare its
address with the destination address, assume it's on the same subnet, and
send an ARP broadcast. The ARP broadcast won't reach the destination though,
which is on a different LAN, so it won't work.

(Make sure the router isn't configured for Proxy ARP. But even with Proxy
ARP, communication won't work. With Proxy ARP, the router could respond on
behalf of the destination on the 100.10.1.0 network. However that host
wouldn't be able to respond because it would assume that 100.10.1.1 is
local.)

Assume the client wishes to reach devices on the 100.10.2.0 or 100.10.3.0
network. It will compare its address with the destination address and decide
that it's not on the same subnet, so it needs to send to the default
gateway. It will send a broadcast for the default gateway, which won't work
because 10.10.1.1 is on a different LAN. Once again make sure Proxy ARP is
disabled. I'll leave it to the reader to figure out what would happen in
this case if Proxy ARP were enabled. :-)

The question of VLANs versus real LANs requires more info. How many router
ports to you have? Is each router port a subnet? Or do you plan to have
multiple subnets out one router port, in which case you need VLANs and
inter-VLAN routing on the router.

_______________________________

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com

Nathan Nakao wrote:
> 
> I'd probably use VLAN's.
> 
> Conf t
> Int vlan 101
> Int vlan 102
> Int vlan 103
> 
> Then setup the DHCP to assign IP addresses accordingly.
> 
> Once that is done. Set the vlans to 101 for first floor, 102
> for second
> floor, and 103 for third floor.
> 
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On
> Behalf Of
> Tamhankar, Nitin
> Sent: Thursday, January 09, 2003 8:40 AM
> To: cisco@xxxxxxxxxxxxxx
> Subject: Subnet question [7:60711]
> 
> 
> This might be a very elementary question for some of you guys
> but I
> would appreciate the answer. 
> 
> If an office which has 3 different floors and has Cisco routers
> and
> catalyst switches and windows environment. We need to configure
> it in
> such a way that each floor is on its own subnet for example 
> 
> floor1   100.10.1.0
> floor2   100.10.2.0
> floor3   100.10.3.0
> 
> Also if a computer which has IP address in subnet 100.10.1.0 is
> moved
> from floor 1 to floor 2, it should not communicate with the
> network
> unless its IP address is changed to one in 100.10.2.0 subnet.
> 
> How it can be accomplished?
> 
> Thank you
> Nitin
> 
> [GroupStudy.com removed an attachment of type
> application/ms-tnef]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60728&t=60711
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx