I had a nice little LAN using 4 2924 switches to support a small office building. The switches were daisy-chained with one being the core and the others dropped off a core port. Each port was on its own VLAN, with one or two ports having the same VLAN. One port on the core was the multi-vlan having every vlan allocated. Looks like this
Router -> PIX -> 2924 -> 2924 -> 2924
Each group of users (hosts) was connected to a port or to several ports; all on the same VLAN. Port FA0/1 on the core switch has the multi-vlan to the PIX. The configuration provided:
1) Broadcast isolation - Each VLAN was isolated from all other VLANS
2) The core FA0/1 (the multi-vlan enabled port) sees ALL vlans.
3) The PIX served as the DHCP server for all 2924 connected hosts.
4) The PIX does NAT to the outside world thru the Router.
5) All IPs are assigned by the PIX 192.168.1.0/24
Life was good. Now lets upgrade the LAN to support Cisco 7960s. My experience is that POE is the only way to go. The 2924 are aging. Time to upgrade. Heres the new picture:
Router -> PIX -> 3550 -> 3524 -> 3524
The references tell me to use dot1q trunking on the ports where a phone and/or a PC may be. Also, I thought it best to ISL the switched over the Gigabit ports. Actually, I have planed to create a Fiber loop from the 3550 g0/1, looping in and out of each 3524 and back to the 3550 g0/2, but I cant get the same functionality with trunking as I have with multi-vlan.
It seems trunking is REQUIRED if you want to setup QoS with the phones and anything connected to them (the Cisco 7960 have a built-in 3 port switch; one to the uplink, one to the phone and one to downstream devices like a PC). Trunking is also required between the switches, be it dot1q or ISL. In any event, trunking IS NOT compatible with the multi-VLAN option. Cisco clearly points out that the multi-vlan stuff is a form of trunking and mutually exclusive with (the real) trunking.
I need trunking for the phones and VLANS to separate broadcast traffic between user groups. It seems the only solution is:
1) Enable IP Routing on the 3550 as its layer-3 capable.
2) Set up a VLAN for each port (or group of related ports).
3) Create a DIFFERENT sub-net for each VLAN as that seems to be the only way to IP ROUTE the VLANs to the upstream (PIX) port on the 3550.
4) Set up a DHCP server that understands Option-83 and create a unique subnet range for each VLAN.
5) Perhaps bridging or virtual bridges and InterVlan stuff??
I havent tried this configuration as it is new and complex and the IP range per VLAN may cause problems in the PIX NAT config.
Im hoping that I missed something basic and simple.