Vlan Question on Cisco Switches

Home Forums Networking Cisco Routers & Switches How-to Vlan Question on Cisco Switches

This topic contains 26 replies, has 4 voices, and was last updated by Avatar BigDeesDad 10 years, 2 months ago.

Viewing 27 posts - 1 through 27 (of 27 total)
  • Author
    Posts
  • Avatar
    kevinguerreiro
    Participant
    #143225

    Hey guys, i want to ask something. Is it possible this senario:

    I jave the backoffice connected in port 2 with a vlan 2, have a server on port 3 in a vlan 3, and on port 4-10 i have vlan 4. is it possible to make vlan 3 visible and accessible to vlan 2 and 4 ?

    Kevin

    #324665

    Re: Vlan Question on Cisco Switches

    Yes you’d need to put a router inbetween them or put the required devices in the same VLAN.

    Avatar
    kevinguerreiro
    Participant
    #350444

    Re: Vlan Question on Cisco Switches

    So what you are saying i cannot have one port with assigned to 2 different vlans correct ? i will need a router for the routing ? how will i connect them with the router ? i know that each vlan should have it’s own ip range, like vlan 2 is 192.168.1.x and vlan 4 192.168.2.x is that correct ? sorry about these stupid questions but just going to start on this and want to know if it it possible when my switch gets to my hand.

    Kevin

    Avatar
    joeqwerty
    Moderator
    #302387

    Re: Vlan Question on Cisco Switches

    Typically each port would be configured as a static-access port belonging to only one VLAN. These ports will connect your hosts to the switch.

    A router would be connected to a multi-vlan port and would carry and route traffic for all VLAN’s. Each VLAN and the hosts connected to each VLAN would be configured using a different subnet (192.168.1.0/24, 192.168.2.0/24, etc.).

    Avatar
    kevinguerreiro
    Participant
    #350445

    Re: Vlan Question on Cisco Switches

    Hmm so youre saying that i have to connect from port 4 that is vlan 4, a thernet cable to a router and a ethernet cable from port 2 that is vlan 2 to the same router and make the routing on the router for each subnet ? if so does it have to be a cisco router or can be a normal router ?

    Kevin

    Avatar
    joeqwerty
    Moderator
    #302388

    Re: Vlan Question on Cisco Switches

    No, you connect only one cable to the router. The switch port that the router connects to will be configured as a multi-vlan port so it will receive traffic for all VLAN’s and route traffic for all VLAN’s. You should be able to use any router.

    Avatar
    joeqwerty
    Moderator
    #302389

    Re: Vlan Question on Cisco Switches

    Here’s a document I found that explains it. Credit to the author of course.

    Avatar
    kevinguerreiro
    Participant
    #350446

    Re: Vlan Question on Cisco Switches

    Hey Joe thx for your help and your time and thanks to scurlaruntings , but doing this, vlan 2 and vlan 4 will see themself, what i want is vlan 2 and vlan 4 to see vlan 3 but not between vlan 2 and 4. this is like i have the backoffice where i cna control the servers on vlan 2, the game servers on vlan 3, and the players on vlan 4, what i need is vlan 2 and 4 to access the game servers to play. am i explayning correctly and is it possible ?

    Kevin

    Avatar
    joeqwerty
    Moderator
    #302391

    Re: Vlan Question on Cisco Switches

    You can set up access control lists on the router to disable any traffic between VLAN’s 2 and 4.

    Avatar
    kevinguerreiro
    Participant
    #350447

    Re: Vlan Question on Cisco Switches

    In this case in the router in should not be vlan , but yes disable network acces between the subnets correct ? So in this case, Cisco switches dont have dhcp servers inclued in it, always need a router to give ip to that vlan, so for each vlan you need a dhcp router ?

    Avatar
    joeqwerty
    Moderator
    #302392

    Re: Vlan Question on Cisco Switches

    No, you’re confusing things.

    1. Having the router allows traffic to get from one VLAN to another VLAN. This allows traffic from VLAN 2 and VLAN 4 to VLAN 3.

    2. Having ACL’s on the router allows you to block certain traffic from one VLAN to another. This blocks traffic from VLAN 2 to VLAN 4.

    3. DHCP has nothing to do with the VLAN’s. You can use a server for DHCP or you can use the router for DHCP.

    Avatar
    kevinguerreiro
    Participant
    #350448

    Re: Vlan Question on Cisco Switches

    Yes Joe thx for the details, anyway how can i DHCP different subnets with 1 router? i need one DHCP server for each subnet, so i need 1 router ou 1 server for each vlan correct ?

    Avatar
    joeqwerty
    Moderator
    #302393

    Re: Vlan Question on Cisco Switches

    No. You need to configure the router as a DHCP-helper. It will take the DHCP requests from each subnet and forward them to the DHCP server.

    http://allaboutmylife.wordpress.com/2007/10/17/ip-helper-addresses-for-dhcp/

    Avatar
    kevinguerreiro
    Participant
    #350449

    Re: Vlan Question on Cisco Switches

    ok got it, and how about if you dont have a cisco router 2600, is there any cheap router to do this ? So a server for dhcp in this case could be windows server, or even a little small pc runing on usb pen linux, giving dhcp leases. Hmm starting to understand things. So there is no cisco router that can give multi subnet ip’s
    ?

    Avatar
    joeqwerty
    Moderator
    #302394

    Re: Vlan Question on Cisco Switches

    Any router that supports inter-VLAN routing should work.

    As for the router managing DHCP scopes for multiple VLAN’s, I don’t know as I’ve never configured a router as a DHCP server. If you use W2K3 or W2K8 as your DHCP server you can configure a scope for each VLAN and then configure the router as a DHCP helper and all should work fine.

    Avatar
    kevinguerreiro
    Participant
    #350451

    Re: Vlan Question on Cisco Switches

    Thx allot Big Joe for the help. I’m going to buy a 3548 Switch and a Pix-501 for security , and probably a Cisco Router 2600 to play around and learn howto setup everything. Going to implement this in a LanParty in November :mrgreen:

    Regards
    Kevin

    Avatar
    joeqwerty
    Moderator
    #302397

    Re: Vlan Question on Cisco Switches

    Glad to help. Now if you’ll just send me an invite for that party… :)

    Also, I just posted this in another post, but if you’re interested in used Cisco gear for learning purposes, I have had good success with the stuff at http://www.ciscokits.com.

    Avatar
    kevinguerreiro
    Participant
    #350452

    Re: Vlan Question on Cisco Switches

    Thx for the site, but that is in USA, and it will be dificult to pass throw the customs without paying allot of money, specialy with cisco stuff. I was trying to buy 2nd hand from ebay in the UK, because shiping is cheap and no customs problems.

    BTW you are invited, games for everyone, food and on saturday night there is strip :twisted: So dont bring your wife hahahah

    Regards
    Kevin

    Avatar
    kevinguerreiro
    Participant
    #350455

    Re: Vlan Question on Cisco Switches

    Well i have received my Cisco 3548-xl and works like a charm, tried to do the router on the stick, but i have been looking arround it is only possible with a cisco router, not any other because of the vlan configuration? someone correct me if im wrong. Still waiting for the Cisco 2621xm to play with. Hmm i readed that a layer 3 switch doesent need a router for the inter-vlan , only the layer 2 switches, is that correct?

    Kevin

    Avatar
    joeqwerty
    Moderator
    #302439

    Re: Vlan Question on Cisco Switches

    Configured correctly, a layer 3 switch can route traffic between the VLAN’s, thus avoiding the need for a router.

    Avatar
    kevinguerreiro
    Participant
    #350481

    Re: Vlan Question on Cisco Switches

    Well Starting to understand this Cisco Stuff, now next part is to know howto permit and not permit comunication between VLANS , or to not have Internet. What i want is that vlan 3 only can connect to vlan 2 throw a specific port, is that possible ? Another one, is i have my cisco switch setup as router on a stick using eth 0/1 in trunk mode with cisco router 2600 series that gives internet to vlans and makes the routing between vlans.. now i whant to block vlans3 from accessing the internet at all, is that possible ? Well i could just take out the default gateway from the dhcp pool, but i could probably give internet access one time or another for windows updates etc etc. so is ther anyway that anyone can help me with this ? I have a cisco 3500XL and a cisco router 2600.

    Regards
    Kevin Guerreiro

    Avatar
    BigDeesDad
    Member
    #366361

    Re: Vlan Question on Cisco Switches

    Just configure ACLs as per your requirements and apply them to the relevant VLANs

    Avatar
    kevinguerreiro
    Participant
    #350482

    Re: Vlan Question on Cisco Switches

    thx for the replay, how do i set that up? is there a good way to learn that ? can you give an ideia how to start ?

    Regards

    Avatar
    BigDeesDad
    Member
    #366364

    Re: Vlan Question on Cisco Switches

    A great learning route for ACLs is the CCNA Security exam becuase it is in-depth across the whole security spectrum and focuses a lot on ACLs. If you want to do the exam then you need a valid CCNA first.

    To configure VACL you can do the following:

    Create access list to allow specific traffic:
    Cat3550(config)# access-list 100 permit tcp any host 10.1.1.2 eq telnet



    Create access-map to link ACL with forwarding action:
    Cat3550(config)# vlan access-map ALLOWTELNET 10

    Cat3550(config-access-map)# match ip address 100
    Cat3550(config-access-map)# action forward
    Apply access-map to VLANs:

    Cat3550(config)# vlan filter ALLOWTELNET vlan-list 1-100

    The above configuration is an example to permit telnet traffic to 10.1.1.2 using an access-map called ALLOWTELNET with sequence number 10 and ACL 100.

    Avatar
    kevinguerreiro
    Participant
    #350483

    Re: Vlan Question on Cisco Switches

    Thank you very much for the details, nice way to start. I noticed that you were using a 3550, i have 3500 XL, does it work the same way ? because this switch doesent support intervlan, i’m using router on a stick.

    Kevin

    Avatar
    BigDeesDad
    Member
    #366367

    Re: Vlan Question on Cisco Switches

    Inter-vlan traffic will still be sent via the router being the layer 3 device.

    The VLAN access list will work on the 3500XL but you may have to upgrade your current IOS if the commands are unavailable.

    Avatar
    kevinguerreiro
    Participant
    #350487

    Re: Vlan Question on Cisco Switches

    Hi, i allready have the latest IOS for the 3500XL, and the commands are still not available. Can i use the 3550 IOS instead ? :mrgreen:

Viewing 27 posts - 1 through 27 (of 27 total)

You must be logged in to reply to this topic.