How would you set this LAN up?

Unanswered Question
Jun 9th, 2010

Hi all,

I have the following network appliances to setup my network:

1 x 24p Cisco 3560

1 x 24p Cisco 2950T

1 x 8p Cisco 2960

1 x Firewall Zyxel USG300 (gateway to internet)

I have to isolate the production environment (15 Windows computers) from the rest of the LAN (20 computers between sales, staff, accounting, etc.). I have one SBS 2003, and I need to create a domain for all the network. How would you isolate these 15 computers?, do I have to use two different VLANS?, the isolated machines needs to get access to the SBS2003 to join the domain, and also to the Firewall/gateway to get internet access. We've received all the Cisco switches from a different company.

Any hint/advice would be greatly appreciated

Thanks a lot

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Leo Laohoo Wed, 06/09/2010 - 15:12

You need to configure Dot1Q Trunking in order to use inter-VLAN communication.

Configuring InterVLAN Routing and ISL/802.1Q Trunking on a Catalyst 2900XL/3500XL/2950 Switch Using an External Router

You have a 3560 which could be used as a Layer 3 router for Dot1Q Trunking.

Configuring 802.1Q Trunking Between a Catalyst 3550/3560/3750 and Catalyst Switches That Run Cisco IOS Software

Hope this helps and please don't forget to rate useful posts.  Thanks.

costasanti Wed, 06/09/2010 - 15:30

Thank you very much leolaohoo !

So where would you configure the .Q1, in the 3560 or in the router, or do I have to do it in both?

To understand it better, the dotQ1 has to be set for inter-VLAN routing right?, where do I have to configure the trunk, in one of the 3560 ports?

Thanks again !

Leo Laohoo Wed, 06/09/2010 - 15:35

If you have a router, I'd recommend that you configure Dot1Q trunking on the router (aka router-on-a-stick) using the first link.  If you don't have one, you can configure the 3560 switch (2nd link).

costasanti Wed, 06/09/2010 - 15:42

Thanks again,

I'd have to do it in the L3 switch as there is a firewall between the router and the switch.

I'll try the second option !



This Discussion

Related Content