Options
VLAN issues in planning a network
Morty3
Member Posts: 139
in CCNA & CCENT
I'm currently planning a network with a few VLANS. Unfortunatly, I've forgot how to solve this! This is what I got:
I need, as stated by the pic, for every VLAN (exept vlan 200, that is for guests) to have accessability to the servers, but not each other. So, what VLAN should I place it in? Shall I just put up some access lists to deny the VLANS to reach each other but allow them to reach the servers, or is there another (perheps better) solution?
Morty
I need, as stated by the pic, for every VLAN (exept vlan 200, that is for guests) to have accessability to the servers, but not each other. So, what VLAN should I place it in? Shall I just put up some access lists to deny the VLANS to reach each other but allow them to reach the servers, or is there another (perheps better) solution?
Morty
CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
Comments
-
OptionsMorty3
Member Posts: 139
I guess this is the way to go, lol. I dont want to sent tags over to the Server-access switch, is that possible?
CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff. -
OptionsMorty3
Member Posts: 139
Actually I want to sent the dot1Q tag aswell. No more issue, it seems like ;PCCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
-
Options
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Why don't you just put them in their own VLAN and do the routing with that L3 switch? You need to have some L3 interaction in there somewhere. -
OptionsMorty3
Member Posts: 139
How would you do it, dynamik? Server VLAN 150 and not allowing vlan 200? Please expand!
CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff. -
Optionsrwwest7
Member Posts: 300
VLAN Pruning?How would you do it, dynamik? Server VLAN 150 and not allowing vlan 200? Please expand! -
Options
ColbyG
Member Posts: 1,264
You could keep everything in a single VLAN if you were using Private VLANs. Or you could use the L3 switch as the gateway for all VLANs and configure ACLs allowing traffic to the servers only, not between clients. There are a lot of ways to accomplish what you want. -
OptionsMorty3
Member Posts: 139
Now we are doing it as planned, with segmented LANs using a l3 switch. About the DHCP though, I was thinking about using the IP Helper Address *dhcp-server add* command on the l3-switch. Am I thinking right? Will it work? Never done this before and I dont want to catch myself failing...
Also, where should I place that command? The l3-interface or the SVI?CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff. -
Options
APA
Member Posts: 959
On the SVI as it is acting as the gateway.... but you'll only need ip helper-address if the DHCP server is in a different broadcast domain from the SVI that you configure it on....
helper-address turns certain broadcast specific traffic (i.e DHCP initial request etc) into unicast requests....
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
OptionsMorty3
Member Posts: 139
Yeah and it is. The DHCP server is the firewall on the picture (It is an ISA) and every vlan will get a corresponding 192.168 network, ie the vlan 100 will get 192.168.100.0 and the vlan 20 will get 192.168.20.0.CCNA, CCNA:Sec, Net+, Sonicwall Admin (fwiw). Constantly getting into new stuff.
