Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Private VLAN or dot1q and Router on a Stick ???

Status
Not open for further replies.
netadmin65

netadmin65

Technical User
Feb 14, 2003
61
US

Here's the scenario:

I wish to separate traffic between departments (users on
their own specific VLAN), then restrict where each VLAN
can go (Finance can access their own VLAN, plus the
Domain Controller and e-mail servers, and the finance
server, BUT NOT, lets say, the RESEARCH server located on
another VLAN).

How would I go about setting this up?

Router on a stick and dot1q tagging? or private VLANs
on the switch? Also, would I need an ACL to restrict
VLAN traffic? I'm quite adept at learning something
once given initial direction as to how to proceed, but
I'm unsure what to do in this case.

Router is a 2621XM, switch is a 4506 with sup2.

Any help would be appreciated. Thanks...
 
Sort by date Sort by votes


Oh, forgot to mention, 4506 with sup2 is CatOS...
If everything was IOS and layer 3 switching, I
would not have needed to ask this question.
 
Upvote 0 Downvote
In it's simpliest form, the router on a stick works pretty well. You have two VLANs on the switch created by port ports into two groups. From each group comes a cable to a etherport on a router like a 2514. The router controls the traffic. Now, this is not exactly on a stick.. more more like a vlans on a 2legged chair. It not used much because the router is used only for the vlans and routers tended to be expensive in the past. But, now a 2514 can be had for a hundred bucks.

The stick design will use something like a 2620 with a fastether port that can be configured to use trunking. On the switch make the two vlans AND a trunked port that has both VLANS. send the trunk to the router using fastethernet and 802.1q (or ISL depending on the switch) A one legged router or router on a stick.

Config examples:



MikeS


Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
You can easily use your 2621 as a router on a stick. Configure your router's fastethernet port as an ISL trunk and the port on the switch as an ISL. Make sure to configure the appropriate IP address configure on the sub interfaces on your router, and your off to the races.
 
Upvote 0 Downvote
If your going to trunk, use 802.1q.
Both router(sub-int) and switch will support it.
Newer Cisco switch IOS has dropped ISL.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
313
CPM86
CPM86
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
301
testman1
testman1
jobsp90
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
238
DavetheChef
DavetheChef
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
391
Lccarter
Lccarter
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
486
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top