cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1981
Views
10
Helpful
9
Replies

VLAN setup advice

JudAster2010
Level 1
Level 1

Hi all,

We have two separate networks in our office, 40 computers in the first one, and 25 in the other one. Each one has its own internet connection. Now I have to setup one Small Business Server 2008 to be the file server and Exchange for computers in both LANs. Second LAN don't have printers so I guess the normal way will be to join both LANs (switches and routers are in thge same room).

I've been thinking on what would be the best way to join this two LAN, but I need some experienced advice.

I have one Cisco 3560 to route between VLANs but I have no idea on how to do it. I thought that the configuration could be like this:

first LAN 40 computers will remail in the default VLAN1
New server and printers in the VLAN2 (the LAN2 do not have printers)
All clients in the second LAN to VLAN3

I want VLAN 1 and VLAN 3 to be able to communicate with server and printers in VLAN2, but bot between them.

I need to keep both internet connections so the gateway will be different in each VLAN. What do you think, is this possible?, is there any better way to join this two LANs?.

Can I put both LANs in the same subnet and then use something else to route/block the traffic between all the computers?

Thank you very much and have a nice day,

Jud

9 Replies 9

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi all,

We have two separate networks in our office, 40 computers in the first one, and 25 in the other one. Each one has its own internet connection. Now I have to setup one Small Business Server 2008 to be the file server and Exchange for computers in both LANs. Second LAN don't have printers so I guess the normal way will be to join both LANs (switches and routers are in thge same room).

I've been thinking on what would be the best way to join this two LAN, but I need some experienced advice.

I have one Cisco 3560 to route between VLANs but I have no idea on how to do it. I thought that the configuration could be like this:

first LAN 40 computers will remail in the default VLAN1
New server and printers in the VLAN2 (the LAN2 do not have printers)
All clients in the second LAN to VLAN3

I want VLAN 1 and VLAN 3 to be able to communicate with server and printers in VLAN2, but bot between them.

I need to keep both internet connections so the gateway will be different in each VLAN. What do you think, is this possible?, is there any better way to join this two LANs?.

Can I put both LANs in the same subnet and then use something else to route/block the traffic between all the computers?

Thank you very much and have a nice day,

Jud

Hi Jud,

Need some more detail on your existing setup:-

As you said both are having separate inetrnet connection means connected via separet routers and pure L2 switches and they dont have  any communication right now in the existing setup.

What is the ios version of cisco 3560 switch

Ganesh.H

Thank you ganeshh !

Yes, we have two totally independent networks, they don't communicate with each other, and they have its own internet connection. We use the 3560 as a L2 switch right now.

So our goal is to join this two networks, share the printers, and add one Small Business Server 2008 box to be the domain controller and also the Exchange server for the company.

We do need the two separate Internet connections.

VLAN 1 defalut GW as it is now 192.168.1.1
VLAN 3 default gateway 192.168.100.1

So the problem is to provide Internet access to VLAN 2. And here is where we'll put the Exchange server right?

Jud

Thank you ganeshh !

Yes, we have two totally independent networks, they don't communicate with each other, and they have its own internet connection. We use the 3560 as a L2 switch right now.

So our goal is to join this two networks, share the printers, and add one Small Business Server 2008 box to be the domain controller and also the Exchange server for the company.

We do need the two separate Internet connections.

VLAN 1 defalut GW as it is now 192.168.1.1
VLAN 3 default gateway 192.168.100.1

So the problem is to provide Internet access to VLAN 2. And here is where we'll put the Exchange server right?

Jud

Hi Jud,

For your setup what i would suggest to have connect two 3560 with etherchannel for redudancy purpose and create 3 vlans as well as SVI for these vlans for  vlan 1 with subnet 192.168.1.x vlan 3 192.168.100.x and vlan 2 with what ever subnet you have allotted,As 3560 is l3 switch so just enable ip routing so that all the vlans can communicate with each other without any problem.

Now for out going traffic to internet if you want only one link is sufficient then connect the router port to 3560 switch with default route pointing towards the roter interfcae to have internet access for local lan as i taking gratnetd that nattinng is in place at router so that local subnet can access the inetrnet without fail.

Check out the below link for intervlan routing in 3560 series switch

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

Hope to help !!

Ganesh.H

Remember to rate the helpful post

Hi ganessh,

We have only one 24 ports 3560, 1 x 8 ports 2960, one 24 ports 2960, and one unmanaged DLINK.

Our serup now is like this:

LAN1:

          Router

              |

          Firewall Zyxel USG200

              |

DLINK---3560 --- 2960

LAN2:

Router

    |

2960

If it's possible I'd like to be:

          Router

              |

          Firewall Zyxel USG200

              |

DLINK---3560 --- 2960 (VLAN 1 + VLAN 2)

              |
           2960 --- Router 2 (VLAN 3)
Thanks again,
Jud

Hi ganessh,

We have only one 24 ports 3560, 1 x 8 ports 2960, one 24 ports 2960, and one unmanaged DLINK.

Our serup now is like this:

LAN1:

          Router

              |

          Firewall Zyxel USG200

              |

DLINK---3560 --- 2960

LAN2:

Router

    |

2960

If it's possible I'd like to be:

          Router

              |

          Firewall Zyxel USG200

              |

DLINK---3560 --- 2960 (VLAN 1 + VLAN 2)

              |
           2960 --- Router 2 (VLAN 3)
Thanks again,
Jud

Hi Jud,

You want both the router to be connect in your new design or not, If not then you can have trunk connection between 2960 switches wit

h 3560 switch and SVI configured for three vlan with ip routing enabled on 3560 switch for inter vlan routing.

Internet traffic will be routed via 3560 pointing default route towards firewall interface and from firewall towards router local interface.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

In my previous post intervaln routing document i have shared for L3 switch.

Thanks ganeshh,

Yes I need both routers connecetd to the LAN. We need both ISPs. Can I connect both routers to the 3560 and configure the gateway in the client computer?

Thanks for the intervaln routing document

Jud

Thanks ganeshh,

Yes I need both routers connecetd to the LAN. We need both ISPs. Can I connect both routers to the 3560 and configure the gateway in the client computer?

Thanks for the intervaln routing document

Jud

Jud,

I would recomend that traffic going towards the internet should be in controlled by firewall policies,so check out any available port are there in your firewall so that you can have dual route towards the two isp or policy based routing support with your existing firewall with two routers.

The physical layout will be like this R1 and R2 are connected with zyxcel firewall with localport connected with 3560 switch where you have trunk connection with 2960 switches with intervlan routing configured in 3560.

And traffic flow will be client connected in 2960 switches will have gateway SVI configured in 3560 switch for that particular LAN and from 3560 a default route towards the firewall and you need to check the existing firewall can support policy based routing or two defaullt routes towards ISP routers and also drop a reverse route in firewall for internal vlans towards 3560 interface.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

spremkumar
Level 9
Level 9

Hi Jud

Dont make use of Vlan1 for the first set of PCs, better to start with 2,3 &4. Since 3560 is a layer 3 switch it takes care of auto intervlan routing but only thing you need to make sure is the ip routing command on the switch.

You need to create SVI (Interface vlan) for each vlans on the switch and assign an ip address to the same. You can make use of ACLs to make sure that you dont allow the communication between vlan 2 & 4 where you have set of of pcs configured.

regds

Thanks spremkumar !

I wanted to use the default VLAN1 because some computers are connected to one DLINK unmanaged switch and I thought that they would become part of the default VLAN... is this correct?

Jud

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco