View original (French)

Packet tracer: Ping between 2 different VLANs

mdgy Posted messages 10 Status Member -  
Yornes Posted messages 12 Status Member -
Hello,

On Packet Tracer, I created a network with a switch and 2 VLANs (10 and 99) on this switch. I placed PC A (192.168.10.11) in VLAN 10 and PC B (192.168.99.2) in VLAN 99. However, I am able to "ping" PC B from PC A. Is this normal? Aren't VLANs supposed to prevent any communication between machines?

Did I forget to enter a command to prevent communication?

Thank you for your help!

1 answer

Answer 1 / 1
phil2k Posted messages 10841 Registration date   Status Contributor Last intervention   2 339
 
Hello

The switch must have automatically created a routing between the 2 VLANs.
We need to check its configuration.

--
"To fix something that isn’t working or is too noisy, just hit it with something that works better or makes more noise" The Shadoks
1
mdgy Posted messages 10 Status Member
 
Building configuration...

Current configuration : 1460 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 20
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
switchport voice vlan 20
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
switchport voice vlan 20
!
interface FastEthernet0/5
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.99.10 255.255.255.0
!
ip default-gateway 192.168.99.1
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end


here is the switch config
0
phil2k Posted messages 10841 Registration date   Status Contributor Last intervention   2 339
 
and a traceroute of the ping from A to B, and from B to A.
there is not a router somewhere in the configuration.
0
mdgy Posted messages 10 Status Member
 
Indeed, the traceroute from A to B shows:

Tracing route to 192.168.99.2 over a maximum of 30 hops:

1 41 ms 16 ms 25 ms 192.168.10.1
2 * 16 ms 21 ms 192.168.99.2

Trace complete.

192.168.10.1 is the router positioned after the switch.

Here is the router configuration:

Router#show running-config
Building configuration...

Current configuration : 1383 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
ip dhcp excluded-address 192.168.10.1 192.168.10.9
ip dhcp excluded-address 192.168.20.1 192.168.20.9
!
ip dhcp pool Data
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
ip dhcp pool Voice
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
option 150 ip 192.168.20.1
ip dhcp pool Management
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0.99
encapsulation dot1Q 99 native
ip address 192.168.99.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
ip address 192.168.2.1 255.255.255.0
clock rate 64000
!
interface Serial0/3/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.2.0
network 192.168.10.0
network 192.168.20.0
no auto-summary
!
ip classless
!
!
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end

Any ideas on where the problem might be?
0
phil2k Posted messages 10841 Registration date   Status Contributor Last intervention   2 339
 
There is no problem.
The router has an address in each VLAN, it does its job, it routes .......
0
Yornes Posted messages 12 Status Member 2
 
Your switch is configured as a router, and you're confusing two concepts: to put it simply, two VLANs can communicate with each other only if they are routed, which is the case here as soon as you assign an IP address to each VLAN and enable routing, which is what happens here.
If you wish to isolate the traffic, you do not enable routing; two devices in different VLANs will not be able to communicate; however, two devices in the same VLAN can communicate with each other via a table stored in the switch that dynamically learns the Mac Address - interface number pairs.
So, you can either disable routing or create an ACL.
1