Sounds like the switch has some anti bridging feature to prevent two network domains accidentally being joined together.
Your two VLANs are two different networks. To route traffic between them you need a router, not a switch. This could be a PC with two network interfaces, set up to route traffic between them.
I was expecting joining VLAN2 to VLAN1 via patch cable would work, but it doesn't. Am I understanding VLAN wrong or could that be equipment failure?
I was expecting joining VLAN2 to VLAN1 via patch cable would work, but it doesn't. Am I understanding VLAN wrong or could that be equipment failure?
It should work - you need to track down why it doesn't, and I would start with ip addressing - are you using ip addresses in the same logical network?
A switch with two static VLANs should behave exactly like two physical switches.
VLAN1 and VLAN2 do act like two separate physical switches - except when I put a patch cable from VLAN2 to VLAN1, then VLAN2 stops working.
Most switches do not like their ports connected like that. Do not do it.
You need a router. A real one, not a NAT toy. It it probably sensible to build a 802.1q trunk to the router from the switch.
You need an IP network per VLAN, and assign the router addresses on these two networks.
Then, computers on those two networks need to get IP addresses on the corresponding network, and also a routing entry that points to where the other network is. If the router is responsible for connectivity to other networks as well, like the Internet, it's probably sufficient to point the default gateway to the router. Do keep in mind that there needs to be routes back to the network too.
Should this work?
I have a 24 ports 3com managed switch I acquired from a company closure sale. The FANs failed so other failures is possible.
- The default is all ports on VLAN1 untagged. They all worked. The switch supports 802.1Q, I just left them as default untagged.
- I assigned 6 ports (that was functioning well in VLAN1) as VLAN2 untagged, intended as an isolated environment for equipment setup. That worked - I do have that 6 ports communicating with each other but isolated from VLAN1.
- What doesn't work is when I patch cable VLAN2 to VLAN1 (using VLAN2 like a separate switch/hub joined to my main VLAN1 network via a patch cable)
I was expecting joining VLAN2 to VLAN1 via patch cable would work, but it doesn't. Am I understanding VLAN wrong or could that be equipment failure?
Thanks for your input...
Most switches do not like their ports connected like that. Do not do it.
As long as the ports are in separate VLANs (or broadcast domains), there's no reason why this cannot be done, if you do it with ports in the same broadcast domain, you'll end up with a broadcast storm.
QuoteYou need a router. A real one, not a NAT toy. It it probably sensible to build a 802.1q trunk to the router from the switch.
You need an IP network per VLAN, and assign the router addresses on these two networks.
Then, computers on those two networks need to get IP addresses on the corresponding network, and also a routing entry that points to where the other network is. If the router is responsible for connectivity to other networks as well, like the Internet, it's probably sufficient to point the default gateway to the router. Do keep in mind that there needs to be routes back to the network too.
This is only required if you wish to have separate networks on the VLANs and also communication between the VLANs - there are different reasons to VLAN (or segment) a network, and there are also occasions when you need to have all the VLANs (segments) on the same ip network - it all depends on what the network "designer" is trying to achieve.
VLAN1 and VLAN2 do act like two separate physical switches - except when I put a patch cable from VLAN2 to VLAN1, then VLAN2 stops working.
What do you mean by "VLAN2 stops working"?
If you have two devices communicating with each other on VLAN2, do they stop communicating when a patch cable is plugged in? Presumably you are using tcp/ip - if you are pinging host #1 from host #2, do the pings stop when the patch cord is plugged in?
Should this work?
I have a 24 ports 3com managed switch I acquired from a company closure sale. The FANs failed so other failures is possible.
- The default is all ports on VLAN1 untagged. They all worked. The switch supports 802.1Q, I just left them as default untagged.
- I assigned 6 ports (that was functioning well in VLAN1) as VLAN2 untagged, intended as an isolated environment for equipment setup. That worked - I do have that 6 ports communicating with each other but isolated from VLAN1.
- What doesn't work is when I patch cable VLAN2 to VLAN1 (using VLAN2 like a separate switch/hub joined to my main VLAN1 network via a patch cable)
I was expecting joining VLAN2 to VLAN1 via patch cable would work, but it doesn't. Am I understanding VLAN wrong or could that be equipment failure?
Thanks for your input...
Did you remove these six ports from VLAN1 or are they still members? If they are, your problem may be caused by a broadcast loop, you can usually see this on the port activity lights.
They are removed from VLAN1. The way this switch works is first to create the VLAN, then move the port(s) to it. So the removal is a certainty.
I've been employed building networks the last 20+ years, and all the people I met who've tried this trick come from it burned
Having the same IP network on different VLANs is IMNSHO counterproductive and violates "rule of least surprise". If someone tried that trick in my network, stern words would be uttered.
I've been employed building networks the last 20+ years, and all the people I met who've tried this trick come from it burned
As you've chosen to start with this, I'll pick up where you left off - we're in 2021 now, so that would put you as starting around the turn of the century, I've got another 10 years or so on you, and that is just the building network side of things, if I remember correctly the first time I connected two computer systems to one another would have been I believe in 1981 - so do forgive me if I'm not impressed - by the way - you can no longer make that statement, you've now met someone who hasn't been burned.
QuoteHaving the same IP network on different VLANs is IMNSHO counterproductive and violates "rule of least surprise". If someone tried that trick in my network, stern words would be uttered.
It's one of the easier ways to do a "multi-tenancy" connection and keep your tenants isolated - maybe you have no need for it, but, as I said, how you do what you do is dictated by what the network is needed to do - and in case you haven't realised it, with multi-tenancy, the "lack of reachability" IS the intent and not a "happy accident".
I wasn't aware that STP doesn't distinguish between VLANs, but on second thought it makes perfect sense: otherwise, you could bridge two VLANs using OP's method on two different switches and there would be a loop until one of the switches disables the port.
Another vote for "disable STP".