Unlike notfred, I don't write networking stuff, except for tons and tons of documentation for implementations and design, but since about 12 years ago, I've been doing operations, troubleshooting, design, implementations and integration within security and networking. Basically, most of the things that pertain to networking and security as switches, routers, firewalls, IPS, loadbalancers as well as supporting services with regards to monitoring,identity management, logging, SIEM, certificate infrastructure, ip-addressing, dns, audits, etc. Not everything into the total nitty gritty(pure debugging of processes and kernel tables is reserved for a few specific areas where firewalls, a bit of woreless and some radius implementations stand out).
|FN|Steel wrote:I'm just gonna keep posting on this thread unless I have something really specific to speak to I think.
Trying to understand VLANs and such. Due to how my switches are setup, I can clear a few on each easily for trunking (if I'm using terms incorrectly please lemme know). I'm trying to make sure I'm understanding the following correctly:
VLANs are primarily used to isolate traffic so that it's not repeated every friggin' place and takes the shortest route to it's destination.
Only VLANs in the same subnet can speak to each other... so 10.1.20.1 and 10.1.30.1 can talk, but not 169.1.1.1? How can I change this if I NEED two addresses like that speaking to each other?
Steel - Not really.
10.1.20.1 and 10.1.30.1 can depending on how you have subnetted, either be on separate subnets, or be on the same subnet.
10.1.20.1 with a /20 (255.255.240.0) mask will be on the same subnet as 10.1.30.1, and then they can talk to each other. If the hosts are setup with a smaller mask... /21 or smaller, they cant talk to each other. And that is on the same vlan. If they are on separate vlans, you need something connection those vlans together.
Vlans are used for isolation. This have nothing to do with taking the shortest path to a destination though. Although there are other technologies that can facilitate that, but that is beyond this discussion I would say.
A vlan is a basically a virtual switch. If you have two physical switches not connected to each other, two vlans is the virtual version of the same, but sharing the same physical chassi. Vlans are normally totally isolated from each other and nothing on them can talk to each other unless you have connected something between them, either a cable, or most often a router.
A trunk, sometimes mentioned as tagged trunk, is just a connection between several switches that has several vlans traversing it. It is used between switches, or between router & switches, or for instance, a phone with a computer connected to it and a switch, and is a way to have several vlans go between two devices over a single cable.
Vlan by themselves have nothing to do with subnets though. You can setup devices with different subnets on the same vlan, but the usual way is to have a one subnet on one vlan, then have a router that routes between subnets. And thus are connected to two separate vlans. The router has an adress on each subnet that is normally used as a gateway. If a computer needs to talk to something outside of its own subnet, they send that traffic to the gateway. If they want to talk to something on the same subnet, they talk directly with the other host.
Now to learn how to talk with that equipment, they use a protocol called ARP, that translates an IP-adress to a MAC, adress. Which is how computers and switched knows which devices connected to a VLAN. VLAN's and switches(layer-2) deals with MAC-adresses. And only endpoints and routers deal with IP-Addresses ( layer-3).
Not to confuse things, especially the consumer markert bundles a lot of different things within a single box. So a home "router" is usually both part router, part switch, part wireless bridge, part firewall. And there are Router-Switches that act both as routers as switches. Most modern switches can do that if enabled.
If you want to get some solid basics down, get the Cisco CCNA self study literature and plow through that, Especailly ICND-1, which is something any administrator within IT should read, server or otherwise.
If you need something faster, there is quite a lot you need to read up on.
But what you really need to get down fully are the pure basics, then build from that.
A few tips that you really need to get down to even start with are some of the following.
OSI - model. More importantly, Layer 1-3 to start with.
* Layer-1, physical, Ethernet, copper, fiber, etc.
* Layer-2, Data-Link, Frames, MAC addresses, vlans,
* Layer-3, Network, IP, Subnetting, Packets, Arp, Routing, etc.
The specific meanings of the following, as deep as you can go.
IP
Subnet'ing
ARP
MAC
Vlans / switches
Basic Routing / Routers
Feel free to read a bit on the above, and put in a question or two if you are wondering about something specific. Not all resources are that easy to assimilate so....
But there are a lot of resources out there, and it's often easier with a few good illustrations to follow that as well.