Hi Friends, I need some help regarding VLANs. Here is my scenarion:
A fiber connection from ISP is coming to a switch supplied by ISP, so only 1 port is active on it. That 1 port is connected to our firewall and then from firewall we have connections to our core swtiches. Now i need to hookup 2 servers outside firewall. I don't want to go via firewall by mapping public IP with private IP in firewall. I just want them outside DMZ. So i put a new cisco switch between firewall and isp switch. So that 1 active port from isp switch is now coming directly to new cisco 8 port switch ( i call it distribution switch) and then from distribution switch 1 connection is going to firewall and then from firewall to core switches.
So now i have a distribution switch between isp switch and firewall. I want to assign it a private ip so that i can access it from inside network on web interface. So i took 1 connection from our core switch port 24 and connect it to port 5 of distribution switch. Now i am stuck here. I don't know what type of vlan should i create, trunk mode or access and should the port 24 on core switch and port 5 on distribution switch be tagged or untagged and should they be forbidden in default vlan ?
You need to configure one VLAN for the DMZ with ports for the router, firewall, and the two servers. Them make a management VLAN on another port attached to the internal network and assign an IP to that VLAN.
IMPORTANT: If vans and/or STP are in use on your internal network you need to be very careful that your vans match and your root switch is configured or you will break things.
I usually set up a completly separate VLAN for all the switch management interfaces. If you do this then you would connect the new switch to the internal network with a trunk link and again just assign an IP to the management VLAN.
Why would you put your servers facing to the internet......i would cross out this approach as this is not recommended solution....why wpuld you put your servers attached to internet router/swicth...what these servers areused for whom it will cater......now if you want to do that its preety easy..........go to dis swicth and make a vlan say vlan 10...layer 2........now conectg the ISP swicth to the distribution swicth and ask the ISP guys to put that port in vlan 10 as well layer two (tif you cant do that then ues vlan 1 by default. So this is step 1 now your isp conection is woking wihout any issue (you ave to put firewall port in vlan 10or 1 as well)
now in order to do managment just make a layer 3 vlan say vlan 60 and add ip of 192.168.1.1/24 and in your firewall add a static route in your core and firewll pointing towards outside interface ..........done deal
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...