Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Design question

Status
Not open for further replies.
boymarty24

boymarty24

Technical User
Joined
Aug 21, 2003
Messages
362
Location
SE
Hi,

Have an question. I have one network without any vlans, there is about 250 machines on the network. Now we have bought another company so our /24 net is not enough. So my plan was to buy a cisco L3 switch and build som vlans. The new company will install a router to one of the vlans for communication to a datacenter. I wonder how the best solution would look like.



PIX--vlan1 192.168.1.0/24
l
vlan2 192.168.20.0/24 on this vlan a router will be installed, ip 192 .168.20.1

Machines on vlan2 most have access to both vlan1 and the datacenter beyond the router. This should be possible by adding static routes in the switch. Correct? I know about the issue with pix and routes.
 
Sort by date Sort by votes
Well... You could just have the router plug into your existing vlan, and let the router do the routing. However, with 250 nodes you should probably segment your network even w/o the addition of the new company.
 
Upvote 0 Downvote
I agrea with the previous post your going to need to segment some more. Unless you switch to a larger mask which isn't really the best idea either.
If your going to use VLans get some good use out of them. With a good cisco L3 switch you can do interVlan routing without a problem. Segment into logical segments like Management Vlan, Server Vlan, Office Vlan etc. This will also allow you to implement some added security if you wanted to.
To do this you will have to look at your current switches to see if they can "do" trunking otherwise you will have to segment on purely from ports on the core switch.
 
Upvote 0 Downvote
Thx for the tips baddos and saugilsr.

I have now divided up the network in several vlans. And it works fine. I have one question concerning access-lists.

I have one vlan for guests using airportstations. And want to restrict that lan witch access-lists. Have som problems setting the list together. Do access-lists i ios work the same way as they do on the pix?
 
Upvote 0 Downvote
no they dont...

for the access-lists to work the same way you need firewall software, so you can do 'ip inspection'

some L3 switches you can do this, some you can't..

the pix actively monitors the tcp/udp sessions, where as regular access-list it just blocks/permits based on what you have defined..


Hope this helps

BuckWeet
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
499
Zero6
Zero6
Mogles49
  • Locked
  • Question Question
Firewall ACL question
Replies
1
Views
352
burtsbees
burtsbees
mkc1962
  • Locked
  • Question Question
Cisco 2602e connection question
Replies
0
Views
217
mkc1962
mkc1962
azrael2000
  • Locked
  • Question Question
quick question...re layer 3 with routing
Replies
1
Views
323
chieftan
chieftan
lwhalo
  • Locked
  • Question Question
ASA 5520 Packet Capture Question
Replies
0
Views
260
lwhalo
lwhalo

Part and Inventory Search

Sponsor

Back
Top