C3750 Layer 3 Switching and VLANs

Discussion in 'Cisco' started by ryanfinnerty@hotmail.com, Feb 7, 2006.

  1. Guest

    Hi There,

    I have the task of installing a new C3750 switch into an existing ip
    network. The existing network is just running a basic layer2 switching
    setup with daisy chained switches. They have a HP core switch that will
    do vlan tagging but will not actually separate networks into VLANs if
    that makes sense. I am tasked with installing a new L3 C3750 and
    providing 3 separate VLANs (all with the same IP network (but different
    masks) - otherwise it means readdressing everything!) and I need to
    filter traffic out between the VLANs. Has anyone got any example
    configs on how I can configure these VLANs and the router inside the
    Switch? Any ACL filtering examples would be greatly appreciated! I am
    new to VLANS and especially L3 Switches :-/

    Thanks

    Ryan
     
    , Feb 7, 2006
    #1
    1. Advertising

  2. NETADMIN Guest

    Hi Ryan,

    Can you provide any current sceerion diagram to make the scenerio
    clear,

    Untill now i only understood that you wantto install 3750 Switch as
    VLAN Tagging Server with restricted access.

    Thanks,
    NETADMIN
     
    NETADMIN, Feb 7, 2006
    #2
    1. Advertising

  3. Guest

    Hi,

    Thanks for the super fast reply. I think I should take the HP and the
    VLAN tagging out of the loop first - so ignore the HP. I need to
    install a new C3750 L3 Switch.

    I need to create 3 VLANs, 1x Terminal Servers (VLAN2) , 1x
    Clients/Workstations (VLAN3), 1x Management (VLAN4). I need to ensure
    that the Clients can only access the Terminal Servers on TCP3389 and I
    need to filter out ALL other traffic for getting to the servers. The
    C3750 will be L3. Can you provide a config example for this.

    Also, I will need to enable portfast on the Server ports.

    Sorry I am missing out the diagram as it's just a L3 Switch with 3 x
    VLANS and FIltering - my first post is confusing - so I've simplifed it
    a little.
     
    , Feb 7, 2006
    #3
  4. * wrote:
    > I need to create 3 VLANs, 1x Terminal Servers (VLAN2) , 1x
    > Clients/Workstations (VLAN3), 1x Management (VLAN4). I need to ensure
    > that the Clients can only access the Terminal Servers on TCP3389 and I
    > need to filter out ALL other traffic for getting to the servers. The
    > C3750 will be L3. Can you provide a config example for this.


    ....
    !
    interface vlan3
    ip address ...
    ip access-group from_clients in
    !
    ip access-list extended from_clients
    permit tcp any any eq 3389
    deny ip any any log
    !
     
    Lutz Donnerhacke, Feb 7, 2006
    #4
  5. Guest

    Hi Lutz - thanks a million for the reply - I was looking into VACLs and
    all sorts - didn't think it was as easy as that! I am just wondering if
    you could also provide an example on configuring the L3 part of the
    switch?

    Cheers

    Ryan
     
    , Feb 7, 2006
    #5
  6. NETADMIN Guest

    Hi Lutz - thanks a million for the reply - I was looking into VACLs and
    all sorts - didn't think it was as easy as that! I am just wondering if
    you could also provide an example on configuring the L3 part of the
    switch?


    ip default-gateway gateway IP
    ip classless
    ip route 0.0.0.0 0.0.0.0 gatewayIP



    Thanks,
    NETADMIN
     
    NETADMIN, Feb 7, 2006
    #6
  7. * NETADMIN wrote:
    > Hi Lutz - thanks a million for the reply - I was looking into VACLs and
    > all sorts - didn't think it was as easy as that! I am just wondering if
    > you could also provide an example on configuring the L3 part of the
    > switch?


    You will need to consult the usual configuration guides. They are very good.
     
    Lutz Donnerhacke, Feb 7, 2006
    #7
  8. NETADMIN Guest

    Hi Lutz..
    >>Hi Lutz - thanks a million for the reply - I was looking into VACLs and
    >>all sorts - didn't think it was as easy as that! I am just wondering if
    >>you could also provide an example on configuring the L3 part of the
    >>switch?


    Is posted not by me

    Thanks,
    NETADMIN
     
    NETADMIN, Feb 8, 2006
    #8
  9. Guest

    Try command in global config mode
    no ip routing
    and routing between vlans will be disabled
     
    , Feb 8, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. praveen
    Replies:
    1
    Views:
    3,108
    Bjørn Djupvik
    Oct 22, 2003
  2. rick
    Replies:
    2
    Views:
    789
    Erik Tamminga
    Jun 26, 2004
  3. RJ45
    Replies:
    1
    Views:
    439
  4. Sied@r
    Replies:
    3
    Views:
    8,484
    Sied@r
    Oct 20, 2005
  5. BrooklynBadass
    Replies:
    10
    Views:
    14,226
    Trendkill
    Sep 12, 2007
Loading...

Share This Page