«

Hi There,

I have the task of installing a new C3750 switch into an existing ip
network. The existing network is just running a basic layer2 switching
setup with daisy chained switches. They have a HP core switch that will
do vlan tagging but will not actually separate networks into VLANs if
that makes sense. I am tasked with installing a new L3 C3750 and
providing 3 separate VLANs (all with the same IP network (but different
masks) - otherwise it means readdressing everything!) and I need to
filter traffic out between the VLANs. Has anyone got any example
configs on how I can configure these VLANs and the router inside the
Switch? Any ACL filtering examples would be greatly appreciated! I am
new to VLANS and especially L3 Switches :-/

Thanks

Ryan

Hi Ryan,

Can you provide any current sceerion diagram to make the scenerio
clear,

Untill now i only understood that you wantto install 3750 Switch as
VLAN Tagging Server with restricted access.

Thanks,
NETADMIN

Hi,

Thanks for the super fast reply. I think I should take the HP and the
VLAN tagging out of the loop first - so ignore the HP. I need to
install a new C3750 L3 Switch.

I need to create 3 VLANs, 1x Terminal Servers (VLAN2) , 1x
Clients/Workstations (VLAN3), 1x Management (VLAN4). I need to ensure
that the Clients can only access the Terminal Servers on TCP3389 and I
need to filter out ALL other traffic for getting to the servers. The
C3750 will be L3. Can you provide a config example for this.

Also, I will need to enable portfast on the Server ports.

Sorry I am missing out the diagram as it's just a L3 Switch with 3 x
VLANS and FIltering - my first post is confusing - so I've simplifed it
a little.

* wrote:
> I need to create 3 VLANs, 1x Terminal Servers (VLAN2) , 1x
> Clients/Workstations (VLAN3), 1x Management (VLAN4). I need to ensure
> that the Clients can only access the Terminal Servers on TCP3389 and I
> need to filter out ALL other traffic for getting to the servers. The
> C3750 will be L3. Can you provide a config example for this.

....
!
interface vlan3
ip address ...
ip access-group from_clients in
!
ip access-list extended from_clients
permit tcp any any eq 3389
deny ip any any log
!

Hi Lutz - thanks a million for the reply - I was looking into VACLs and
all sorts - didn't think it was as easy as that! I am just wondering if
you could also provide an example on configuring the L3 part of the
switch?

Cheers

Ryan

Hi Lutz - thanks a million for the reply - I was looking into VACLs and
all sorts - didn't think it was as easy as that! I am just wondering if
you could also provide an example on configuring the L3 part of the
switch?


ip default-gateway gateway IP
ip classless
ip route 0.0.0.0 0.0.0.0 gatewayIP



Thanks,
NETADMIN

* NETADMIN wrote:
> Hi Lutz - thanks a million for the reply - I was looking into VACLs and
> all sorts - didn't think it was as easy as that! I am just wondering if
> you could also provide an example on configuring the L3 part of the
> switch?

You will need to consult the usual configuration guides. They are very good.

Hi Lutz..
>>Hi Lutz - thanks a million for the reply - I was looking into VACLs and
>>all sorts - didn't think it was as easy as that! I am just wondering if
>>you could also provide an example on configuring the L3 part of the
>>switch?

Is posted ryanfinne...@hotmail.com not by me

Thanks,
NETADMIN

Try command in global config mode
no ip routing
and routing between vlans will be disabled