Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1159
Views
0
Helpful
3
Replies

Cisco vlan setup w a windows 2003 dhcp server help

Go to solution
rhopkins_nci
Level 1
Level 1

‎05-13-2007 02:02 PM - edited ‎03-05-2019 04:02 PM

Can anyone give me some tips or point me to some documentation on setting up a catalyst 4500 series w vlans and a windows 2003 server w associated dhcp scopes? Just for curiosity, what is a good vlan design for a college. I was thinking a student, a staff, a faculty, and a guest and or mgmt vlan. Also, on the guest vlan how would I setup an outbound acl to only allow port 80 traffic? Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to rhopkins_nci

‎05-14-2007 06:29 AM

Hi

Yes you will need an ip helper-address on each client vlan pointing to the DHCP server.

The router knows the interface the DHCP request came in on so when it turns the broadcast from the client into a unicast to the DHCP server it uses the IP address of the vlan interface it came in on.

HTH

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-13-2007 11:02 PM

Hi

Try to limit the number of users per vlan to no more than a class C subnet if you can. We use half a class C /25 network in our offices.

If you can break up the vlans to match the different type of users then that would be a good start. It means you can further down the line apply different security policies to the different vlans which in your situation you may well want to do. Don't worry if for example you need to use 2 or 3 vlans for students it's not a problem.

Attached is a link for 4500 configuration. You need to look at the following chapters primarily

1) Configuring VLAN's VTP & VMPS.

2) Configuring Layer 3 interfaces. Look at the section on logical layer 3 SVI's.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/conf.html

On the guest vlan you would need something like (assuming guest vlan subnet range is 192.168.1.0/24

access-list 120 permit tcp 192.168.1.0 255.255.255.0 any eq www

access-list 120 deny ip 192.168.1.0 255.255.255.0 any

and apply it on the inbound vlan interface. ie. if your vlan for guest users is vlan 20

switch(config)# vlan 20

switch(config-if)# ip access-group 120 in

As for the W2003 server, not done much with windows. You will need DHCP manager which should be under admin tools. Make sure you exclude the addresses for each subnet that you allocate to the 4500 layer 3 interfaces ie

switch(config)# vlan 20

switch(config-t)# ip address 192.168.1.1 255.255.255.0

In your DHCP scope 192.168.1.1 will be the default gateway for your clients and you should exclude this from the scope.

Hope this is enough to get you started

Jon

0 Helpful

Go to solution
rhopkins_nci
Level 1
Level 1
In response to Jon Marshall

‎05-14-2007 06:23 AM

Hey Jon, thanks for all the info. Do I need an ip helper address for the various vlans to find the vlan that the dhcp server is on and the internet interface/vlan? How does the dhcp server know what ip subnet to give the nodes on the different vlans? Thanks again.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to rhopkins_nci

‎05-14-2007 06:29 AM

Hi

Yes you will need an ip helper-address on each client vlan pointing to the DHCP server.

The router knows the interface the DHCP request came in on so when it turns the broadcast from the client into a unicast to the DHCP server it uses the IP address of the vlan interface it came in on.

HTH

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card