Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Implementation question on my topography

I have a kinda best business practice question on how I should go about configuring  a seperate network to access an internal server...

One of my clients has a new NAS on their network they want all of their outside contractors who are in their seperate on-site building to access. In turn of course all employees need to access it it. Let's say this server is 192.168.71.11 which is plugged into a SG200-50. They also have a Fortigate as their gateway. Between the employee building and the contractor building is a warehouse. In that warehouse is an SG300-10MP which is directly connected to the SG200-50 in the employee building and the NAS because this warehouse has a workstation and a VoIP phone, so same 71 subnet. Now, this contractor building also has an SG200-50P which is a 192.168.10.0 subnet.

What is the best way to configure all of this?

Normally I would have configured a port on our Fortigate so a certain port forwards straight to 71.11 however I can't in this case becacause that same cable needs to feed the SG300-10MP and the workstation/VoIP phone.

Could I perhaps configure like a VLAN pass-thru so to speak? Like program an IN and an OUT port on the SG300-10MP for the contractors .10 subnet so I can go from the contractor building SG200-50P into our SG300-10MP then right back out and then into a port on our Fortigate that I can configure and control better? Remember I have to still go thru this SG300-10MP because of the distance to the contractor building and this switch is in-between with cables already run thru underground conduit.

Thanks!

Alex

2 REPLIES
Bronze

Implementation question on my topography

Dear Alex,

Thank you for reaching the Small Business Support Community.

I suggest you to move the SG300 over to the contractors site and their SG200 to the warehouse since the SG300 has Layer3 capabilities (Administration >System Settings). Operating in Layer 3 mode, the device routes traffic between the directly attached IP subnets configured on the device ports, so no need of a static route.

I hope my suggestion helps and plesae do not hesitate to reach me back if there is anything I may assist you with.  Thank you for your time and patience.

Kind regards,

Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer

*Please rate the Post so other will know when an answer has been found.

Jeffrey Rodriguez S. .:|:.:|:. Cisco Customer Support Engineer *Please rate the Post so other will know when an answer has been found.
New Member

Implementation question on my topography

That's not an option, all of the ports on the SG200 are taken and the SG300 is only a 10-port.

By static route do you mean modifying the host file on all the PCs, or is that something I configure in the SG200?

I still an't get this to work and I think it's because I don't have a static route setup like you mention...

Thanks!

998
Views
0
Helpful
2
Replies