I have a basic doubt understanding vlan communication.
Scenario:
Let's say a single switch and has been configured with 2 vlans (vlan 100 and vlan 200). Vlan 100 connects to lets say 192.168.100.0 network. And I have a host 1 connected to it with IP address(192.168.100.2).
Question:
Now for other vlan 200,if I again connect 192.168.100.0 network and connect a host 2 to it with IP address(192.168.100.3). Will I be able to ping between host 1 and host 2.
I do understand that we don't need to have two vlan if its the same subnet, but I am curious to know how this would work. Also, to communicate between two vlan we can have router, for example in this case the router(let's say the gateway 192.168.100.1). Will this setup work?
Best Answer
No, this would not work, each VLAN is a separate broadcast domain. Each VLAN has its own MAC address table which the switch uses to forward traffic at L2 between the ports that are in the same VLAN. Each VLAN also only contains the ports that are assigned to that VLAN.
Firstly the ARP from the PC in VLAN 100 would not be forwarded to the PC in VLAN 200 (separate broadcast domain), so the PC on 192.168.100.2 would not be able to resolve the MAC address of the PC at 192.168.100.3
Secondly, even if you created a static ARP on the first PC for the second PC, VLAN 100 does not contain the MAC address of the second PC.
If you tried to create a static MAC entry in the MAC table of VLAN 100 for the second PC you could not as the port the second PC is connected to is not in VLAN 100.
In order to communicate between VLANs, you need to configure routing. This can be done on a L3 switch or router. You would of course not be able to route between two networks with the same network address (on the same router) as Cisco routers do not allow you to configure the same network on two ports in the same VRF (Juniper routers may allow two interfaces on the same network in the same VRF, but this is not the norm).
The only way to do this would be to physically connect a port from VLAN 100 into a port from VLAN 200, to bridge the two VLANs together.
Of course, you would never do any of this in real life.