Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
8
Replies

Questions on a design

jcleary
Level 1
Level 1

‎03-08-2004 01:40 PM - edited ‎03-02-2019 02:07 PM

Ok Here goes,

I have a customer who ownes an office building. They want to give internet access to all of his tennants. What would be the best way to do this?

Im thinking maybe a 3550 with each port going to one of the suites, and each port being in a diffrent VLAN and have the 3550 routing each vlan. And maybe another vlan where there will be a PIX sending all of this to the internet. Does this sound ok? Do I want to use Private vlans for this?

Any help would be appreciated.

Labels:
0 Helpful
8 Replies 8

javierdiaz
Level 1
Level 1

‎03-08-2004 08:52 PM

Hi..

I have a customer like this...this link could be useful for your configuration.

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

Regards

FD

0 Helpful

jcleary
Level 1
Level 1
In response to javierdiaz

‎03-09-2004 10:12 AM

That was good info. But what im really looking for is these VLANS having absolutely no access to each other. Possibly using Private Vlans.

If anyone has any info on this it would be great.

Thanks

0 Helpful

jcleary
Level 1
Level 1
In response to jcleary

‎03-12-2004 12:59 PM

Does anyone have any ideas on this??

Thanks

0 Helpful

tbaranski
Level 4
Level 4
In response to jcleary

‎03-13-2004 06:34 AM

PVLANs aren't supported on the 3550. Protected Port functionality is supported, which is basically a chopped-down version of PVLANs. So that's an option -- make all the client ports Protected and they won't be able to talk to each other even though they're in the same VLAN. The PIX's port is then Unprotected so that each host can talk to it.

Separate VLANs along with ACLs are an option but this would require each VLAN be on it's own subnet, which is ugly. Protected Ports sound like a better option here.

0 Helpful

jcleary
Level 1
Level 1
In response to tbaranski

‎03-13-2004 06:22 PM

Ok thanks,

Can i do that with the 2950? Can i also place a DHCP server on a unproteced port to Give IP addresses to that vlan?

Thanks,

0 Helpful

tbaranski
Level 4
Level 4
In response to jcleary

‎03-14-2004 05:24 AM

The 2950s support Protected Ports as well. Putting a DHCP server on an unprotected port should work fine.

0 Helpful

jcleary
Level 1
Level 1
In response to tbaranski

‎03-15-2004 06:17 AM

If the pix is on an unprotected port will it forward traffic from one protected portto another protected port. I dont want this to happen

0 Helpful

tbaranski
Level 4
Level 4
In response to jcleary

‎03-15-2004 05:02 PM

I don't know if it will do so by default -- you'd have to test it. But if it does you should be able to prevent it from doing so via ACLs. For example, if all the hosts are on 10.10.0.0/16, you'd put an ACL on the PIX which blocks traffinc from 10.10.0.0/16 to 10.10.0.0/16.

0 Helpful
Customers Also Viewed These Support Documents