Configuring 3 seperate vlans on a single switch 2

[Rick3632]

I'm trying to configure 3 seperate vlans on a Cat 4507 switch. I've got 3 IP addresses 10.2.7.217 , xxx.xxx.175.195 , xxx.xxx.196.49. Right now interface 1 (gig input to the switch), interface 3 and interface 4 are 10.2.7.217 ; interface 5 is xxx.xxx.175.195 ; and interface 6 is xxx.xxx.196.49. For the moment I am wanting all three vlans to talk to each other as well as see the outside world (The rest of the plants internal network). Eventually I will have only 2 vlans, xxx.xxx.196.49 which can see the outside world and 10.2.7.217 that will not be able to see xxx.xxx.196.49 but will be able to see the outside world. Can this be done ? Should my gig ports be seperate from the rest of the vlans.

 

[jamin123]

Yes! But you'll need a router to communicate between VLANs. Use ip permit/deny to block/allow those ip's

 

[IPKONFIG]

The 4507 is a router...it's running Native IOS.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[gaveeve]

I think I'm a little confused on what you are saying but I'm going to give it a shot.
If you maintain one of your interfaces as a seperate vlan that communicates with your WAN(or outside world) then you can use access lists to determine who uses it. This means you will end up with three vlans. Your gig port can be included but what are you using it for? If its for a server it might be better to put it in its own vlan.

 

[Rick3632]

I'm new to Cisco so I'll try to clarify a little more. I am trying to set up this switch/router to go overseas. I've attached it via the gig port to the local network (I don't have any control over our WAN connection). I need to have the overseas address (xxx.xxx.196.49) on one vlan so the servers that are going overseas also can be set up and tested. Our plant is split up into 8 vlans itself, this switch is hanging off of one of them (10.2.7.XXX)so on the first vlan I made it's IP address 10.2.7.217. The second vlan will be one that has access to the rest of the plant xxx.171.175.195 and the third will be the overseas vlan. I need to get these to talk to each other and I need to be able to access them from the local network. I appreciate any help.

 

[IPKONFIG]

If your working with a SupIII or SupIV module in your Cat4507, then build your vlans like this:

config t
interface vlan 100 <---example only
ip address 10.2.7.xxx 255.255.255.0
no shutdown
interface vlan 200 <---again example only
ip address xxx.171.175.195 255.255.255.0 (whatever the mask is)
no shutdown
interface vlan 300
so on....

Then turn on your routing protocol that you'll be using

router rip
network 10.0.0.0 <---example only

router eigrp 1
network 10.0.0.0 <----example only

then configure your vlans

Router#vlan database <enter>
Router(vlan)#vtp server
Router(vlan)#vtp domain (enter domain name here)
Router(vlan)#vlan 100 name (name your vlan)
Router(vlan)#vlan 200 name &quot; &quot;
Router(vlan)#vlan 300 name &quot; &quot;
exit
You should see a message that states it's updating the database and then you should be able to ping from vlan to vlan.

Hope this helps.

&quot;I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it.&quot;
- Jack Handey, Deep Thoughts