Bridging two VLANs together

Question

I have a connection to a network service provider with two VLANs on it.

One VLAN has the internet. The service provider has defined a default router and assigned me a subnet of IPs attached to that router for me to use.

The other VLAN is a connection to two remote sites.

(It is set up this way for historical reasons.)

What I really want to do is use the IPs assigned to me on the second VLAN.

So. Is there any reason why I can't:

untag a port on the internet VLAN
untag a port on the remote-site VLAN
turn spanning tree off on those two ports
connect them together with a crossover cable

...besides the fact that it just looks wrong?

Second part of the question.

Assuming I have a Dell PowerConnect 6224, is there a way to do this "correctly" within the switch without the wrong-looking cable?

Am I right in thinking that you want to be able to assign addresses that currently only work for physical ports tagged for VLAN1 on ports that are currently tagged only for VLAN2? Do you need any of these ports to work for both VLANs (trunked)? Also how does your suggested approach handle routing for the internet IP's when they are on your remote-site VLAN? — Helvick, Sep 14 '10 at 14:29
I have the single port that goes to the upstream provider tagged on both VLANs. If the two VLANs are bridged together, arps from VLAN 2 should be passed to VLAN 1, where the router will respond to them. Basically I want to use all of the IPs assignment from VLAN1 on devices that are only on VLAN2 (at remote sites). — David Mackintosh, Sep 14 '10 at 14:54
Where's your router that's going to route this Internet subnet going to sit, on one of the VLAN2 access ports? — gravyface, Sep 14 '10 at 15:12
I shouldn't need a router. I want all traffic on VLAN 1 to also be on VLAN 2. — David Mackintosh, Sep 14 '10 at 17:25
Well then, yes, you could use some sort of bridge, but that's still slightly more complex than patching two VLAN interfaces together. If it happens to be a "Layer 3 Switch" (the marketing name for a router with lots of ports), you could do it in the same device. — Jason Antman, Sep 16 '10 at 03:03
Also keep in mind that if you just bridge the two networks, the devices on them would need to be in the same subnet, obviously. — Jason Antman, Sep 16 '10 at 03:06

score 3 · Accepted Answer · answered Sep 17 '10 at 03:17

...and the answers, are:

1) Because it IS wrong. If you create an ethernet loop across VLANs as described, even if you have spanning tree turned off on the ports in question (or even the entire switch) -- if you have spanning tree ANYWHERE ELSE in your network, those packets will loop and flood all ports on the switch.

2) Call the service provider and ask that a /30 be set up between you and them; then have them route the /26 to you via your end of the /30, which you've assigned to one interface on your 6224. Then put the /26 on VLAN2 through another interface. Enable routing, and you are done.

..score me minus several million for having to learn this the hard way. — David Mackintosh, Sep 17 '10 at 03:17

score -2 · Answer 2 · answered Sep 14 '10 at 15:29

-2

Yes, the thing that does what you want is called a "router".

answered Sep 14 '10 at 15:29

Jason Antman

1,546
1
12
23

Ah yes, I have one built in to said Dell 6224. How do I configure it (or an abstract router) to do this? – David Mackintosh Sep 14 '10 at 17:24
Well pretty much all of my router experience has been with *nix-based ones... in which case you'd enable IP forwarding and then add appropriate firewall rules for the correct interfaces. – Jason Antman Sep 16 '10 at 03:02
yeah, it's the whole "defining appropriate interfaces" bit I had a problem with. – David Mackintosh Sep 21 '10 at 13:41

Bridging two VLANs together

2 Answers2