Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Multiple VLANS

Reply
Thread Tools

Multiple VLANS

 
 
Curt Shaffer
Guest
Posts: n/a
 
      04-07-2005
I have a Catalyst 3550 and I am trying to connect 40 different offices in
our executive suite building. They all require security so I decided to VLAN
them all. The internet will be comming into an ISP managed Cisco 2611 and
from there into a firewall. From the firewall to the 3550. The firewall does
not support trunking so I was hoping to trunk to a port on the 3550 then
uplink to the firewall. I have the VLANs set up and trunking on port 47.
Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
seems to function fine but not internet. Is my thought process wrong? Will
this not work? Will I need a firewall that supports trunking?

Thanks

Curt


 
Reply With Quote
 
 
 
 
BradReeseCom
Guest
Posts: n/a
 
      04-07-2005
Hi Curt,

You may wish to investigate Configuring VLANs for Cisco 3550s:

http://www.cisco.com/univercd/cc/td/...scg/swvlan.htm

Sincerely,

Brad Reese
BradReese.Com Cisco Resource Center
Toll Free: 877-549-2680
International: 828-277-7272
Website: http://www.BradReese.Com

 
Reply With Quote
 
 
 
 
Arnold Nipper
Guest
Posts: n/a
 
      04-07-2005
On 07.04.2005 02:58 Curt Shaffer wrote

> I have a Catalyst 3550 and I am trying to connect 40 different offices in
> our executive suite building. They all require security so I decided to VLAN
> them all. The internet will be comming into an ISP managed Cisco 2611 and
> from there into a firewall. From the firewall to the 3550. The firewall does
> not support trunking so I was hoping to trunk to a port on the 3550 then
> uplink to the firewall. I have the VLANs set up and trunking on port 47.
> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
> seems to function fine but not internet. Is my thought process wrong? Will
> this not work? Will I need a firewall that supports trunking?
>


That should work but is securitywise a really *bad* hack!



Arnold
--
Arnold Nipper, AN45
 
Reply With Quote
 
Adam KOSA
Guest
Posts: n/a
 
      04-07-2005
On Wed, 6 Apr 2005, Curt Shaffer wrote:

> uplink to the firewall. I have the VLANs set up and trunking on port 47.
> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
> seems to function fine but not internet. Is my thought process wrong? Will
> this not work? Will I need a firewall that supports trunking?
>


If the firewall does not support trunking, why not create 40+1 vlans, and
have the 3550 route between them? Than trunking between the 3550 and the
firewall is not needed. Basic layer 3/4 firewalling functions can be
achieved with ios acls.

In your current setup i don't see what is the point of trunking on port
47.

regards
Adam

A: No.
Q: Should I include quotations after my reply?


 
Reply With Quote
 
Arnold Nipper
Guest
Posts: n/a
 
      04-07-2005
On 07.04.2005 10:04 Adam KOSA wrote

> On Wed, 6 Apr 2005, Curt Shaffer wrote:
>
>> uplink to the firewall. I have the VLANs set up and trunking on port 47.
>> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
>> seems to function fine but not internet. Is my thought process wrong? Will
>> this not work? Will I need a firewall that supports trunking?
>>

>
> If the firewall does not support trunking, why not create 40+1 vlans, and
> have the 3550 route between them? Than trunking between the 3550 and the
> firewall is not needed. Basic layer 3/4 firewalling functions can be
> achieved with ios acls.
>
> In your current setup i don't see what is the point of trunking on port
> 47.
>


As already said, this is a very bad design. Compromising the switch
already compromises your whole network.

Get a better FW.



Arnold
--
Arnold Nipper, AN45
 
Reply With Quote
 
Curt Shaffer
Guest
Posts: n/a
 
      04-07-2005
That sounds like what will have to work. I do not have the EMI IOS so
inter-VLAN routing does not work right? So how would I achieve that
otherwise?


"Adam KOSA" <(E-Mail Removed)> wrote in message
news(E-Mail Removed) e.hu...
> On Wed, 6 Apr 2005, Curt Shaffer wrote:
>
>> uplink to the firewall. I have the VLANs set up and trunking on port 47.
>> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
>> seems to function fine but not internet. Is my thought process wrong?
>> Will
>> this not work? Will I need a firewall that supports trunking?
>>

>
> If the firewall does not support trunking, why not create 40+1 vlans, and
> have the 3550 route between them? Than trunking between the 3550 and the
> firewall is not needed. Basic layer 3/4 firewalling functions can be
> achieved with ios acls.
>
> In your current setup i don't see what is the point of trunking on port
> 47.
>
> regards
> Adam
>
> A: No.
> Q: Should I include quotations after my reply?
>
>



 
Reply With Quote
 
Curt Shaffer
Guest
Posts: n/a
 
      04-07-2005
I did read that doc before asking the question but I did not see any hints
as to how to perform my configuration.


"BradReeseCom" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi Curt,
>
> You may wish to investigate Configuring VLANs for Cisco 3550s:
>
> http://www.cisco.com/univercd/cc/td/...scg/swvlan.htm
>
> Sincerely,
>
> Brad Reese
> BradReese.Com Cisco Resource Center
> Toll Free: 877-549-2680
> International: 828-277-7272
> Website: http://www.BradReese.Com
>



 
Reply With Quote
 
Curt Shaffer
Guest
Posts: n/a
 
      04-07-2005
Could I possibly create 40+1 VLANs like this?

faste 0/1 vlan 1
faste 0/2 vlan 2

etc
faste 0/40 vlan 40
faste 0/41 trunk 802.1Q
faste 0/42 - 0/48 vlan 41
faste 0/42 trunk 802.1Q

So that 41 trunks to 42 and say faste 43 uplinks to the firewall?

Or am I misunderstanding. ISL trunks for inter-switch but doess 802.1Q care
as long as both sides (ports in this case) have the same encapsulation and
VTP domain?
"Curt Shaffer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> That sounds like what will have to work. I do not have the EMI IOS so
> inter-VLAN routing does not work right? So how would I achieve that
> otherwise?
>
>
> "Adam KOSA" <(E-Mail Removed)> wrote in message
> news(E-Mail Removed) e.hu...
>> On Wed, 6 Apr 2005, Curt Shaffer wrote:
>>
>>> uplink to the firewall. I have the VLANs set up and trunking on port 47.
>>> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
>>> seems to function fine but not internet. Is my thought process wrong?
>>> Will
>>> this not work? Will I need a firewall that supports trunking?
>>>

>>
>> If the firewall does not support trunking, why not create 40+1 vlans, and
>> have the 3550 route between them? Than trunking between the 3550 and the
>> firewall is not needed. Basic layer 3/4 firewalling functions can be
>> achieved with ios acls.
>>
>> In your current setup i don't see what is the point of trunking on port
>> 47.
>>
>> regards
>> Adam
>>
>> A: No.
>> Q: Should I include quotations after my reply?
>>
>>

>
>



 
Reply With Quote
 
Scooby
Guest
Posts: n/a
 
      04-07-2005
"Curt Shaffer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> That sounds like what will have to work. I do not have the EMI IOS so
> inter-VLAN routing does not work right? So how would I achieve that
> otherwise?
>
>
> "Adam KOSA" <(E-Mail Removed)> wrote in message
> news(E-Mail Removed) e.hu...
> > On Wed, 6 Apr 2005, Curt Shaffer wrote:
> >
> >> uplink to the firewall. I have the VLANs set up and trunking on port

47.
> >> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
> >> seems to function fine but not internet. Is my thought process wrong?
> >> Will
> >> this not work? Will I need a firewall that supports trunking?
> >>

> >
> > If the firewall does not support trunking, why not create 40+1 vlans,

and
> > have the 3550 route between them? Than trunking between the 3550 and

the
> > firewall is not needed. Basic layer 3/4 firewalling functions can be
> > achieved with ios acls.
> >
> > In your current setup i don't see what is the point of trunking on port
> > 47.
> >
> > regards
> > Adam
> >
> > A: No.
> > Q: Should I include quotations after my reply?
> >
> >

>
>


You don't need the EMI for routing. Just for certain routing protocols like
BGP and Eigrp. Just issue the command 'ip routing' and you will
automatically be routing between the vlans on that device.



 
Reply With Quote
 
Curt Shaffer
Guest
Posts: n/a
 
      04-07-2005
Thanks for the tip. So do you think that setup should work then?

"Scooby" <(E-Mail Removed)> wrote in message
news:uu85e.4844$(E-Mail Removed) nk.net...
> "Curt Shaffer" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> That sounds like what will have to work. I do not have the EMI IOS so
>> inter-VLAN routing does not work right? So how would I achieve that
>> otherwise?
>>
>>
>> "Adam KOSA" <(E-Mail Removed)> wrote in message
>> news(E-Mail Removed) e.hu...
>> > On Wed, 6 Apr 2005, Curt Shaffer wrote:
>> >
>> >> uplink to the firewall. I have the VLANs set up and trunking on port

> 47.
>> >> Port 48 is uplinked to the firewall. I cannot seem to get out. The
>> >> VLAN
>> >> seems to function fine but not internet. Is my thought process wrong?
>> >> Will
>> >> this not work? Will I need a firewall that supports trunking?
>> >>
>> >
>> > If the firewall does not support trunking, why not create 40+1 vlans,

> and
>> > have the 3550 route between them? Than trunking between the 3550 and

> the
>> > firewall is not needed. Basic layer 3/4 firewalling functions can be
>> > achieved with ios acls.
>> >
>> > In your current setup i don't see what is the point of trunking on port
>> > 47.
>> >
>> > regards
>> > Adam
>> >
>> > A: No.
>> > Q: Should I include quotations after my reply?
>> >
>> >

>>
>>

>
> You don't need the EMI for routing. Just for certain routing protocols
> like
> BGP and Eigrp. Just issue the command 'ip routing' and you will
> automatically be routing between the vlans on that device.
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows - Browsing across vlans and also DC's on separate vlans punisher Cisco 2 11-17-2005 03:41 PM
question about Mapping 802.1Q VLANs to ISL VLANs ilya@3ka.mipt.ru Cisco 0 01-11-2005 02:42 PM
VLAN Trunking Cisco Cat 5500 switch (multiple vlans per port) help please BG Cisco 4 09-07-2004 01:39 AM
Cisco CSS, multiple public vlans, trouble with two default static routes Gnews Cisco 0 03-03-2004 01:05 AM
NBAR os IDSM-2 to monitor multiple vlans JOE CAMPOS Cisco 0 12-10-2003 02:14 AM



Advertisments