Multiple VLANS

Discussion in 'Cisco' started by Curt Shaffer, Apr 7, 2005.

  1. Curt Shaffer

    Curt Shaffer Guest

    I have a Catalyst 3550 and I am trying to connect 40 different offices in
    our executive suite building. They all require security so I decided to VLAN
    them all. The internet will be comming into an ISP managed Cisco 2611 and
    from there into a firewall. From the firewall to the 3550. The firewall does
    not support trunking so I was hoping to trunk to a port on the 3550 then
    uplink to the firewall. I have the VLANs set up and trunking on port 47.
    Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
    seems to function fine but not internet. Is my thought process wrong? Will
    this not work? Will I need a firewall that supports trunking?

    Thanks

    Curt
     
    Curt Shaffer, Apr 7, 2005
    #1
    1. Advertising

  2. Curt Shaffer

    BradReeseCom Guest

    BradReeseCom, Apr 7, 2005
    #2
    1. Advertising

  3. On 07.04.2005 02:58 Curt Shaffer wrote

    > I have a Catalyst 3550 and I am trying to connect 40 different offices in
    > our executive suite building. They all require security so I decided to VLAN
    > them all. The internet will be comming into an ISP managed Cisco 2611 and
    > from there into a firewall. From the firewall to the 3550. The firewall does
    > not support trunking so I was hoping to trunk to a port on the 3550 then
    > uplink to the firewall. I have the VLANs set up and trunking on port 47.
    > Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
    > seems to function fine but not internet. Is my thought process wrong? Will
    > this not work? Will I need a firewall that supports trunking?
    >


    That should work but is securitywise a really *bad* hack!



    Arnold
    --
    Arnold Nipper, AN45
     
    Arnold Nipper, Apr 7, 2005
    #3
  4. Curt Shaffer

    Adam KOSA Guest

    On Wed, 6 Apr 2005, Curt Shaffer wrote:

    > uplink to the firewall. I have the VLANs set up and trunking on port 47.
    > Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
    > seems to function fine but not internet. Is my thought process wrong? Will
    > this not work? Will I need a firewall that supports trunking?
    >


    If the firewall does not support trunking, why not create 40+1 vlans, and
    have the 3550 route between them? Than trunking between the 3550 and the
    firewall is not needed. Basic layer 3/4 firewalling functions can be
    achieved with ios acls.

    In your current setup i don't see what is the point of trunking on port
    47.

    regards
    Adam

    A: No.
    Q: Should I include quotations after my reply?
     
    Adam KOSA, Apr 7, 2005
    #4
  5. On 07.04.2005 10:04 Adam KOSA wrote

    > On Wed, 6 Apr 2005, Curt Shaffer wrote:
    >
    >> uplink to the firewall. I have the VLANs set up and trunking on port 47.
    >> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
    >> seems to function fine but not internet. Is my thought process wrong? Will
    >> this not work? Will I need a firewall that supports trunking?
    >>

    >
    > If the firewall does not support trunking, why not create 40+1 vlans, and
    > have the 3550 route between them? Than trunking between the 3550 and the
    > firewall is not needed. Basic layer 3/4 firewalling functions can be
    > achieved with ios acls.
    >
    > In your current setup i don't see what is the point of trunking on port
    > 47.
    >


    As already said, this is a very bad design. Compromising the switch
    already compromises your whole network.

    Get a better FW.



    Arnold
    --
    Arnold Nipper, AN45
     
    Arnold Nipper, Apr 7, 2005
    #5
  6. Curt Shaffer

    Curt Shaffer Guest

    That sounds like what will have to work. I do not have the EMI IOS so
    inter-VLAN routing does not work right? So how would I achieve that
    otherwise?


    "Adam KOSA" <> wrote in message
    news:p...
    > On Wed, 6 Apr 2005, Curt Shaffer wrote:
    >
    >> uplink to the firewall. I have the VLANs set up and trunking on port 47.
    >> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
    >> seems to function fine but not internet. Is my thought process wrong?
    >> Will
    >> this not work? Will I need a firewall that supports trunking?
    >>

    >
    > If the firewall does not support trunking, why not create 40+1 vlans, and
    > have the 3550 route between them? Than trunking between the 3550 and the
    > firewall is not needed. Basic layer 3/4 firewalling functions can be
    > achieved with ios acls.
    >
    > In your current setup i don't see what is the point of trunking on port
    > 47.
    >
    > regards
    > Adam
    >
    > A: No.
    > Q: Should I include quotations after my reply?
    >
    >
     
    Curt Shaffer, Apr 7, 2005
    #6
  7. Curt Shaffer

    Curt Shaffer Guest

    Curt Shaffer, Apr 7, 2005
    #7
  8. Curt Shaffer

    Curt Shaffer Guest

    Could I possibly create 40+1 VLANs like this?

    faste 0/1 vlan 1
    faste 0/2 vlan 2

    etc
    faste 0/40 vlan 40
    faste 0/41 trunk 802.1Q
    faste 0/42 - 0/48 vlan 41
    faste 0/42 trunk 802.1Q

    So that 41 trunks to 42 and say faste 43 uplinks to the firewall?

    Or am I misunderstanding. ISL trunks for inter-switch but doess 802.1Q care
    as long as both sides (ports in this case) have the same encapsulation and
    VTP domain?
    "Curt Shaffer" <> wrote in message
    news:...
    > That sounds like what will have to work. I do not have the EMI IOS so
    > inter-VLAN routing does not work right? So how would I achieve that
    > otherwise?
    >
    >
    > "Adam KOSA" <> wrote in message
    > news:p...
    >> On Wed, 6 Apr 2005, Curt Shaffer wrote:
    >>
    >>> uplink to the firewall. I have the VLANs set up and trunking on port 47.
    >>> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
    >>> seems to function fine but not internet. Is my thought process wrong?
    >>> Will
    >>> this not work? Will I need a firewall that supports trunking?
    >>>

    >>
    >> If the firewall does not support trunking, why not create 40+1 vlans, and
    >> have the 3550 route between them? Than trunking between the 3550 and the
    >> firewall is not needed. Basic layer 3/4 firewalling functions can be
    >> achieved with ios acls.
    >>
    >> In your current setup i don't see what is the point of trunking on port
    >> 47.
    >>
    >> regards
    >> Adam
    >>
    >> A: No.
    >> Q: Should I include quotations after my reply?
    >>
    >>

    >
    >
     
    Curt Shaffer, Apr 7, 2005
    #8
  9. Curt Shaffer

    Scooby Guest

    "Curt Shaffer" <> wrote in message
    news:...
    > That sounds like what will have to work. I do not have the EMI IOS so
    > inter-VLAN routing does not work right? So how would I achieve that
    > otherwise?
    >
    >
    > "Adam KOSA" <> wrote in message
    > news:p...
    > > On Wed, 6 Apr 2005, Curt Shaffer wrote:
    > >
    > >> uplink to the firewall. I have the VLANs set up and trunking on port

    47.
    > >> Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN
    > >> seems to function fine but not internet. Is my thought process wrong?
    > >> Will
    > >> this not work? Will I need a firewall that supports trunking?
    > >>

    > >
    > > If the firewall does not support trunking, why not create 40+1 vlans,

    and
    > > have the 3550 route between them? Than trunking between the 3550 and

    the
    > > firewall is not needed. Basic layer 3/4 firewalling functions can be
    > > achieved with ios acls.
    > >
    > > In your current setup i don't see what is the point of trunking on port
    > > 47.
    > >
    > > regards
    > > Adam
    > >
    > > A: No.
    > > Q: Should I include quotations after my reply?
    > >
    > >

    >
    >


    You don't need the EMI for routing. Just for certain routing protocols like
    BGP and Eigrp. Just issue the command 'ip routing' and you will
    automatically be routing between the vlans on that device.
     
    Scooby, Apr 7, 2005
    #9
  10. Curt Shaffer

    Curt Shaffer Guest

    Thanks for the tip. So do you think that setup should work then?

    "Scooby" <> wrote in message
    news:uu85e.4844$...
    > "Curt Shaffer" <> wrote in message
    > news:...
    >> That sounds like what will have to work. I do not have the EMI IOS so
    >> inter-VLAN routing does not work right? So how would I achieve that
    >> otherwise?
    >>
    >>
    >> "Adam KOSA" <> wrote in message
    >> news:p...
    >> > On Wed, 6 Apr 2005, Curt Shaffer wrote:
    >> >
    >> >> uplink to the firewall. I have the VLANs set up and trunking on port

    > 47.
    >> >> Port 48 is uplinked to the firewall. I cannot seem to get out. The
    >> >> VLAN
    >> >> seems to function fine but not internet. Is my thought process wrong?
    >> >> Will
    >> >> this not work? Will I need a firewall that supports trunking?
    >> >>
    >> >
    >> > If the firewall does not support trunking, why not create 40+1 vlans,

    > and
    >> > have the 3550 route between them? Than trunking between the 3550 and

    > the
    >> > firewall is not needed. Basic layer 3/4 firewalling functions can be
    >> > achieved with ios acls.
    >> >
    >> > In your current setup i don't see what is the point of trunking on port
    >> > 47.
    >> >
    >> > regards
    >> > Adam
    >> >
    >> > A: No.
    >> > Q: Should I include quotations after my reply?
    >> >
    >> >

    >>
    >>

    >
    > You don't need the EMI for routing. Just for certain routing protocols
    > like
    > BGP and Eigrp. Just issue the command 'ip routing' and you will
    > automatically be routing between the vlans on that device.
    >
    >
    >
     
    Curt Shaffer, Apr 7, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JOE CAMPOS
    Replies:
    0
    Views:
    458
    JOE CAMPOS
    Dec 10, 2003
  2. Gnews
    Replies:
    0
    Views:
    4,897
    Gnews
    Mar 3, 2004
  3. BG
    Replies:
    4
    Views:
    12,447
  4. Replies:
    0
    Views:
    576
  5. punisher
    Replies:
    2
    Views:
    2,089
    Charles Deling
    Nov 17, 2005
Loading...

Share This Page