«

Hello,

on my LAN, most network devices use default VLAN and have ip address
from range 10.10.1.X with subnet mask 255.255.240.0.

However, there exists several restricted VLANs with ip address range
10.10.10.X , subnet mask 255.255.255.240.
Restricted VLANs are protected by ACL, but as you can see they are
also in ip address range of default VLAN.

Is this ok thing to have? Can they be restricted enough with ACL
regardless they are in default ip address range?

Thank you.

In article <>,
Ugarchina <> wrote:

> Hello,
>
> on my LAN, most network devices use default VLAN and have ip address
> from range 10.10.1.X with subnet mask 255.255.240.0.
>
> However, there exists several restricted VLANs with ip address range
> 10.10.10.X , subnet mask 255.255.255.240.
> Restricted VLANs are protected by ACL, but as you can see they are
> also in ip address range of default VLAN.
>
> Is this ok thing to have? Can they be restricted enough with ACL
> regardless they are in default ip address range?

This seems like a confusing setup, I don't understand why they've done
it this way. But I think it should work. VLANs prevent direct
communication between the devices in the default VLAN and the restricted
VLANs, they would have to go through the routing module. Unless you
have proxy-ARP enabled on the router, the devices in the default VLAN
won't even try to use it -- they think the restricted subnets are
directly reachable.

--
Barry Margolin,
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***