I was assigned to a project that is a little out of my domain, so coming here for some help.
A client would like to setup a LAN wherein one segment is sanctioned for workgroup clients and the second segment is used for servers (DHCP, DNS, AD, etc).
They would prefer that this is done with two 2960s, in which one is split into two VLANS, and the other is used for the physical connections to the client segment.
From my knowledge, I think that this cannot be done - for example, if a client physically connects to the first 2960 (which is connected to a port set to VLAN 20 - the client VLAN), it cannot communicate with VLAN 10 (where the DHCP server resides) unless there is a router operating in a one-armed mode connected to that same 2960. My suggestion was to replace that 2960 with a layer-3 switch like the 3560, so that clients connecting to the first 2960 can communicate with the server segment. Is this a good idea?
Or, am I missing something and can you have two segments commuicating with no problems with only the use of VLANS on a single 2960?
Hopefully the questions were clear. Any advice would be appreciated, and I can answer questions to clarify my situation. Thanks.