Can One VLAN Reach Another Without a Router or OSI Layer 3 Device? (2024)

Early one morning, an engineer end user discovered that the Engineer servers were unreachable, and he didn’t know if he could reach the Internet. The administrator investigated the user’s PC with the IPCONFIG /ALL command and verified that the PC was a DHCP client, but it had received an address from the Accounting DHCP server, not the Engineering DHCP server. The administrator wrote down the engineer’s MAC address and proceeded to the data center, expecting to find that the engineer’s PC was connected to the wrong access port on the access switch or that the port was assigned to the wrong VLAN.

The administrator was surprised to find the user’s port Fa0/1 configured for the correct Engineer VLAN (VLAN 10). Upon closer examination, the DHCP server for the engineers was operational and connected to Engineer VLAN 10, and the Accounting DHCP server was operational and connected within the Accounting VLAN 20.

So there are two separate VLANs, but they are performing as a single broadcast domain. How is this possible?

The engineer’s PC sent a DHCPDiscover message within its VLAN 10, but the Engineer DHCP server was busy responding to other requests. So the second DHCPOffer coming from the Accounting DHCP server was accepted.

What MAC address does a DHCPDiscover frame use?

A DHCPDiscover frame uses a destination MAC address of 12 hexadecimal Fs (broadcast), which will result in a flood. Since this frame will exit the access port of VLAN 10 untagged or modified in any way, when it is received on the other end of the cable into an access port of VLAN 20, the switch will not care and will continue to flood the frame throughout VLAN 20.

What does flooding mean?

Flooding means it will allow the frame to exit out all ports of the VLAN in which the frame was received but not out of the port in which it entered. The frame will also flood out trunk ports.

Another way to combine two VLANs

Combine the two VLANs into a common single broadcast domain using a trunk port with 802.1q trucking protocol. 802.1q tags all VLAN traffic except one. This untagged VLAN is called the native VLAN.

It is possible to create a trunk between two switches, with each switch having a different native VLAN on its end of the trunk. Though CDP will generate a native VLAN mismatch message, the trunk will still form and untagged traffic from one switch will be deposited into the neighboring switches’ native VLAN.

Of course, CDP can be turned off to silence the warning.

So, can one VLAN reach another without a router or OSI Layer 3 device?

Yes, but this is normally found as a fault, not a proposed design. Depending on manufacturer, make, model, IOS release and lunar position, some devices may respond differently to this mostly undesirable outcome.

Related Courses

CCNA - Implementing and Administering Cisco Solutions v1.0 Boot Camp
Cisco Premier Certification Collection: Data Center
Cisco Platinum Learning Library: Data Center

FAQs

Can One VLAN Reach Another Without a Router or OSI Layer 3 Device? ›

Read On ›

How to perform inter-VLAN routing without layer 3 device? ›

The simplest way to enable routing between the two VLANs to simply connect an additional port from each VLAN into a Router. The Router doesn't know that it has two connections to the same switch — nor does it need to. The Router operates like normal when routing packets between two networks.

Discover More Details ›

Do you need layer 3 for VLAN? ›

Since VLANs exist in their own layer 3 subnet, routing will need to occur for traffic to flow in between VLANs. This is where a layer 3 switch can be utilized.

Do you need a router to route between VLANs? ›

Switches and VLANs work at the MAC address Layer (Layer 2). Traffic can't be routed between VLANs at Layer 2 based on MAC addresses. Therefore, routers (or Layer 3 switches) that use IP addresses (Layer 3) are required for inter-VLAN routing.

See Details ›

On which OSI layer does a VLAN operate? ›

A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).

Find Out More ›

Can two VLANs communicate without a router? ›

So, can one VLAN reach another without a router or OSI Layer 3 device? Yes, but this is normally found as a fault, not a proposed design.

Tell Me More ›

Can two switches communicate without a router? ›

Two switches can communicate with each and there is no need of router. Router is required only when you have different subnets to communicate with each other.

Show Me More ›

What is the basic requirement for VLAN? ›

Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode. If the switch is a VTP server, you must define a VTP domain or VTP will not function. The switch does not support Token Ring or FDDI media.

Explore More ›

Why use VLAN instead of a router? ›

VLANs are very cost-effective. This is because workspaces communicate via VLAN switches rather than routers, which are only needed when data is being transferred outside the VLAN.

Is VLAN tagging Layer 2 or layer 3? ›

Layer 2 switches are often used to reduce data traffic on a LAN. Because they use MAC addresses only, an unidentified device attempting to use the network will be denied. On the other hand, Layer 3 switches are primarily used to operate VLANs and improve security.

Show Me More ›

Does every VLAN need a gateway? ›

If multiple VLANs are configured, then each VLAN can have its own IP address. This is because each VLAN operates as a separate broadcast domain and requires a unique IP address and subnet mask. A default gateway (IP) address for the switch is optional, but recommended.

Read The Full Story ›

How do I connect to another VLAN? ›

Three options are available for routing between VLANs:

Use a router, with one router LAN interface connected to the switch for each and every VLAN. ...
Use one router interface with trunking enabled. ...
Use a Layer3 switch, a device that performs both the switching and routing operations.

See Details ›

What is the difference between VLAN and Inter-VLAN? ›

This report provides a comprehensive overview of VLANs and inter VLAN routing. VLANs are logical networks that partition a physical network into multiple virtual networks, and inter VLAN routing is necessary for communication between devices on different VLANs.

Get More Info Here ›

Do you need a layer 3 switch for VLANs? ›

For larger networks, networks needing VLAN connectivity, or in situations where enhanced security is required, a Layer 3 switch is the way to go. Most networks use a combination of Layer 2 and Layer 3 switches to optimize cost and performance.

Are VLANs just subnets? ›

Subnetting and VLANs are two important concepts to understand when it comes to networking. Subnets are a way of breaking up a larger network into smaller, more scalable and secure networks. VLANs provide an additional layer of security by creating virtual networks within the same physical infrastructure.

What layer of OSI is Ethernet? ›

Layer 2: Data Link

The Data Link layer is the Ethernet protocol. Devices on an Ethernet network use what's known as a MAC address, sometimes referred to as an Ethernet address. This layer is a protocol layer responsible for the transfer of data between neighboring network nodes.

View Details ›

Can switches do inter VLAN routing? ›

To provide inter-VLAN routing, Layer 3 switches use SVIs. SVIs are configured using the same interface vlan vlan-id command used to create the management SVI on a Layer 2 switch. A Layer 3 SVI must be created for each of the routable VLANs.

What are the different methods of implementing inter VLAN routing? ›

There are three methods of inter-VLAN routing namely, router-on-a-stick configuration, which uses a single router to connect VLANs through which all traffic must pass; legacy inter-VLAN routing, which comprises the use of multiple routers each for a different VLAN; and Layer 3 switch, which uses switched virtual ...

Learn More ›