VLAN issues in planning a network

Morty3Morty3 Member Posts: 139
in CCNA & CCENT
I'm currently planning a network with a few VLANS. Unfortunatly, I've forgot how to solve this! This is what I got:
vlanissues.png

I need, as stated by the pic, for every VLAN (exept vlan 200, that is for guests) to have accessability to the servers, but not each other. So, what VLAN should I place it in? Shall I just put up some access lists to deny the VLANS to reach each other but allow them to reach the servers, or is there another (perheps better) solution?

Morty
CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
· Share on FacebookShare on Twitter

Comments

  • Morty3Morty3 Member Posts: 139
    I guess this is the way to go, lol. I dont want to sent tags over to the Server-access switch, is that possible?

    avantimelsning.png
    CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
    · Share on FacebookShare on Twitter
  • Morty3Morty3 Member Posts: 139
    Actually I want to sent the dot1Q tag aswell. No more issue, it seems like ;P
    CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
    · Share on FacebookShare on Twitter
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Why don't you just put them in their own VLAN and do the routing with that L3 switch? You need to have some L3 interaction in there somewhere.
    · Share on FacebookShare on Twitter
  • Morty3Morty3 Member Posts: 139
    How would you do it, dynamik? Server VLAN 150 and not allowing vlan 200? Please expand! :)
    CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
    · Share on FacebookShare on Twitter
  • rwwest7rwwest7 Member Posts: 300
    Morty3 wrote: »
    How would you do it, dynamik? Server VLAN 150 and not allowing vlan 200? Please expand! :)
    VLAN Pruning?
    · Share on FacebookShare on Twitter
  • ColbyGColbyG Member Posts: 1,264
    You could keep everything in a single VLAN if you were using Private VLANs. Or you could use the L3 switch as the gateway for all VLANs and configure ACLs allowing traffic to the servers only, not between clients. There are a lot of ways to accomplish what you want.
    http://blog.alwaysthenetwork.com
    · Share on FacebookShare on Twitter
  • Morty3Morty3 Member Posts: 139
    Now we are doing it as planned, with segmented LANs using a l3 switch. About the DHCP though, I was thinking about using the IP Helper Address *dhcp-server add* command on the l3-switch. Am I thinking right? Will it work? Never done this before and I dont want to catch myself failing...

    Also, where should I place that command? The l3-interface or the SVI?
    CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
    · Share on FacebookShare on Twitter
  • APAAPA Member Posts: 959
    On the SVI as it is acting as the gateway.... but you'll only need ip helper-address if the DHCP server is in a different broadcast domain from the SVI that you configure it on....

    helper-address turns certain broadcast specific traffic (i.e DHCP initial request etc) into unicast requests....
    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
    · Share on FacebookShare on Twitter
  • Morty3Morty3 Member Posts: 139
    Yeah and it is. The DHCP server is the firewall on the picture (It is an ISA) and every vlan will get a corresponding 192.168 network, ie the vlan 100 will get 192.168.100.0 and the vlan 20 will get 192.168.20.0.
    CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.