That's correct. SWITCH2 is essentially our core switch where all of the other switches connect and SWITCH1 is a new switch. Also, do you know if I were to put a port on one of the other switches that is connected to the core on that VLAN would it's traffic then also be segregated? I'm just trying to make sure that I understand what could happen if someone put a port on a different switch into that same VLAN. Thanks

We might have to expound on the concept of "segregated". VLANs are logical broadcast domains. Having multiple VLANs on a switch only "logically" separates various network segments.

Remember that in trunks these VLANS oft traverse the same INTERFACE/PHYSICAL MEDIUM. And therefore lack the qualification of Physical Segregation.

For someone to put a port(s) on a VLAN(s) and have it go active, the Vlan(s) has to exist, or be reachable in some form on the Local switch, either as a VTP server, same-domain Client.

What is the issue you're trying to prevent?

A net-tech with enough privileges to configure a switchport in a VLAN of their choice, has enough priveleges to break any other VLAN logical separation you are hoping to achieve.

If ports is a single VLAN are created across several switches, they are all in the same logical network segment/broadcast domain.

As long as there's a VTP server advertising the VLAN, and VTP clients listening for advertised VLANs, you can spread a VLAN across a veritable pleothera of switches.

We have a situation where an external agency has work stations spread through-out our network, attached to 5-10 different switches. We created a VLAN for those stations and switch/route it applicably to the agency.

The real issue to watch for when spreading VLANs around, is the possible impact to STP convergence. We have mostly high-speed links 1g+ and use RPVST and don't have an unreasonable issue regarding spanning tree convergence. But again that really depends on the robustness of the overall network architecture.

Thanks for the information. I think that it is clear for me now. As for "segregation" what I am trying to do is make it so that machines that are connected to Vlan254 cannot talk to machines that are connected to Vlan253 and so forth. Our core switch is a VTP server and all of the other switches on he network are clients so they all have the same VLAN information which is what concerned me as we cannot have the machines that are plugged into the new switch (it is a learning center and the students should not have access to any of our core applications but they need to be able to access outside resources). When I brought the new switch up, I was able to access network resources that we do not want people on that switch to reach. It sounds like setting up the trunk as I described earlier will solve the issue. I really appreciate your advice and guidance on this.