Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > inter-Vlan routing on a Cisco 3550

Reply
Thread Tools

inter-Vlan routing on a Cisco 3550

 
 
RJH RJH is offline
Junior Member
Join Date: Jul 2006
Location: Wichita, KS
Posts: 1
 
      07-25-2006
Setting up inter-Vlan routing on a Cisco 3550

I have two separate networks running on separate Vlans on my Cisco 3550. Is it possible to allow “limited” traffic between the two different networks while still maintaining a secure environment?

We have Vlan 601 which is the Public Access network. There is a VPN firewall attached to Fa0/24 going to Cox internet (10.22.138.1 – internal) with 4 to 6 pc’s connected to this Vlan.

Vlan 602 is our private network and connected to Fa0/1 is a Cisco 2509 (10.11.6138.1) which provides the “private” network to the staff.

We are installing PC Timing & Print management software and need to provide a way for the Public Access PC’s on Vlan 601 to communicate with the Management console/Print release station, located on Vlan 602. The software vendor says that we just need to open TCP/UDP ports 1969/1970 and TCP ports 6987 & 7383 so that the Client can talk to the Management Console and vise-versa.

The only way I have been successful in getting the two networks to talk was to set the PC’s on both networks with a Gateway address that matched the addresses assigned to the Vlans (ie – 10.22.138.250 & 10.11.138.250). This however, caused the PC’s on both networks to not be able to get to other resources because they now didn’t have a default gateway that matched the addresses in the Firewall on the Public side and the Router on the Private side.

I need a way for the two networks to communicate in a restricted way –

Here is my current config -

Ver 12.1
!
hostname Rockwell
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 602
switchport mode access
no ip address
!
interface FastEthernet0/2
switchport access vlan 602
switchport mode access
no ip address

. . . . . . . . (more)

interface FastEthernet0/23
switchport access vlan 601
switchport mode access
no ip address
!
interface FastEthernet0/24
switchport access vlan 601
switchport mode access
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan601
ip address 10.22.138.250 255.255.255.0
ip access-group 110 in
!
interface Vlan602
ip address 10.11.138.250 255.255.255.0
!
ip default-gateway 10.11.138.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.11.138.1
ip http server
!
ip access-list extended CMP-NAT-ACL
dynamic Cluster-HSRP deny ip any any
dynamic Cluster-NAT permit ip any any
!
ip classless
logging 10.11.254.16
!
access-list 110 permit icmp 10.22.138.0 0.0.0.255 any
access-list 110 permit tcp 10.22.138.0 0.0.0.255 host 10.11.138.x eq 1969
access-list 110 permit udp 10.22.138.0 0.0.0.255 host 10.11.138.x eq 1969
access-list 110 permit tcp 10.22.138.0 0.0.0.255 host 10.11.138.x eq 1970
access-list 110 permit tcp 10.22.138.0 0.0.0.255 host 10.11.138.x eq 6987
access-list 110 permit tcp 10.22.138.0 0.0.0.255 host 10.11.138.x eq 7383
access-list 110 deny ip 10.22.138.0 0.0.0.255 10.11.138.0 0.0.0.255
access-list 110 permit ip 10.22.138.0 0.0.0.255 any


But still be able to access the resources that are principal to each network.

So Internet traffic on Vlan601 needs to go out through the VPN Firewall on Vlan601 while Internet / Intranet / Email traffic on Vlan602 needs to stay on Vlan602 and still allow the PC Timing and Print Mgmt software to talk between the two Vlan’s.

Anyone have any ideas?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
integrating new 3550 with routing into existing routing structure? joeblow Cisco 3 03-14-2005 08:50 AM
Routing between Vlans on Cisco 3550 : Help Needed. Ori Cisco 12 12-04-2003 11:16 AM
Re: Differences between 3550-24-SMI and 3550-24-EMI Steinar Haug Cisco 0 10-20-2003 02:59 PM
Differences between 3550-24-SMI and 3550-24-EMI JohnNews Cisco 10 10-20-2003 12:33 PM
Catalyst 3550 EMI Upgrade Kit (CD-3550-EMI=) problem! show version = SMI desdronox Cisco 1 07-10-2003 02:08 AM



Advertisments