09-20-2010 10:55 PM - edited 03-06-2019 01:05 PM
Dear friends,
I would like to share my Network diagram with you. I have seven WS-C2960-24TT-L switches and oneWS-C3560G-24TS. I would like to create the VLans for 12 Department. and I have Firewall also. We are using Micorsoft Exchange server, DHCP, DNS and Active Directory. So I would like to create the VLANs for server network. But I would get the ip address for different Vlan from DHCP server.How should l configure in Layer 3 switch. and Is there any problem with Microsoft DNS server to update DHCP IP and DNS name? I would like to get the advice from you for best design..Really thanks if you help me about it..if you would like to get Network Diagram. I am welcome to give you.My main purpose..I would like to get the sutiable and best network design for my Network...
Solved! Go to Solution.
09-22-2010 09:50 AM
No you should not need to put an address on port 24 , it is assigned to vlan 1 so that should suffice . You say you cant get to the internet . I assume there is a FW between you and the internet does that device have routes in its table for all the vlans you created that you want to get to the internet . It needs a path back into the 3560 to be routed correctly.
09-23-2010 06:27 AM
You would have to check the FW to see if ping response is even allowed , in most cases FW's block ping .
09-24-2010 05:02 AM
you probably have a default static pointing to FW for your internet . Unless the FW has a route pointing back it has no idea what to do with the packets for those subnets coming back .
09-21-2010 09:06 PM
Now I am facing one problem. I can connect between different vlans but except vlan 1 , other vlans can't go to Internet..I use Firewall upon the Layaer 3 switch. How can I troubleshoot it? Pls....
09-22-2010 03:58 AM
!
09-22-2010 03:59 AM
Hello..Pls help me...above is my Layer 3 switch configuration,...Do i need to give the ip address at uplink port in layer 3 switch? ...I connect port 24 (layer3) to firewall..Do I need to give ip address for this port?
09-22-2010 09:50 AM
No you should not need to put an address on port 24 , it is assigned to vlan 1 so that should suffice . You say you cant get to the internet . I assume there is a FW between you and the internet does that device have routes in its table for all the vlans you created that you want to get to the internet . It needs a path back into the 3560 to be routed correctly.
09-22-2010 07:18 PM
Thanks you so much for your reply and solution. You mean I need to write the static route or rip at routing table of Firewall for each vlan. Yes I will also try as your advice.Next one problem..Even I can't ping to firewall IP address from other Vlans...only Vlan 1 can ping to Firewall IP address...I have attached my current Network Diagram. Please check it and can you tell me if I am wrong anything in configuration...Really thanks for your hlep..coz..I am facing problem about it..
09-23-2010 06:27 AM
You would have to check the FW to see if ping response is even allowed , in most cases FW's block ping .
09-23-2010 07:42 PM
!
09-24-2010 05:02 AM
you probably have a default static pointing to FW for your internet . Unless the FW has a route pointing back it has no idea what to do with the packets for those subnets coming back .
09-26-2010 09:15 PM
Yes..I have default staic point to FW for Internet..For the packets from Vlan subnets, we need to wirte the static route for coming back the packets. Is it?
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml
In above example at cisco website, It don't show anything to configure at router..I don't know why.;..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: