Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

4006 switch questions

Hi all,

This will be a long post, as I have a couple issues to run past everyone as I am a newbie to Cisco switches (and it shows!).

Our network is pretty basic: external 2501 router to ISP, PIX firewall, DMZ with 12 systems, and internal (token ring) network (150+/-). We also have remote sites coming in through on a frame relay and 3640 TR interface. The internal PC's route through a proxy server which is dual-homed on the DMZ.

In preparation for moving to Ethernet, we are installing a 4006 switch just behind the PIX. Management would like to put the DMZ on VLAN1 (172.16.18.0) and the internal network on VLAN2 (172.16.19.0) on the switch. The VLAN's do not need to communicate, just get out the PIX (DMZ IP) to the Internet. The remote sites will continue to use the 3640 interface. The switch ports on the module are configured to 10BaseT and half duplex. Otherwise the default configuration is in place. I assigned a DMZ IP to sc0 on the switch with the PIX as the gateway.

First: do we need L3 switching for two Vlans such as this? Do I need to add anything to the PIX configuration?

Second: I tried to put the PIX and DMZ systems on the switch last night. The DMZ systems could reach the internet, all except the Proxy server. But, the DMZ servers could not be reached from the 'outside' (which is necessary for a couple in-house applications).

A tech I talked to thought the problem is the pc's negotiating port settings. He suggested to set all of the ports to auto (do you think he meant on the switch or the pc's?). His scenario: get a link, get a ping, then try the internet. Which is all well and good, but, if I need to set the ports on the PC's to auto, how do I do this? I have never needed to do that before so am totally lost!

Any help would be greatly appreciated. I may have been a bit verbose, but I figured the more info the better.

Thanks in advance, Carolyn

3 REPLIES
New Member

Re: 4006 switch questions

1. Don't use vlan1 as you plan. add a new one and just use vlan1 for mgmt traffic.

2.Port settings refers to the switch ports. also set them for porfast on.

3.SC0 is used for management stuff, point it to an internal network address, not the pix.

yes you will need l3, since you have more than one subnet.

New Member

Re: 4006 switch questions

Thanks for the prompt reply.

If SC0 is for management (I thought ME1 did that), then what is used for the connection to the gateway (PIX)? SL0 is the only interface left.

Carolyn

New Member

Re: 4006 switch questions

Since you have 2 subnets, (vlans) they need a routed interface somewhere. For example we have vlan 10 which will include the pix connection.

On the the layer 3 interface of the switch, we would define vlan10, IP address xxx.xxx.xxx.xxx

this would give us our routing capability, on the switch, we would assign the necessary ports to that vlan. on the stations for that vlan we set the default gateway to that ip address above. as far as the sc0 interface, it is not the router interface for the switch. Its merely a means to provide remote (telnet) access to the switch .

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/inst_nts/78_10164.htm

good notes on the l3 engine for the 4000.

73
Views
0
Helpful
3
Replies