Catalyst 2950 & multi-VLAN ports (newbie question)

Discussion in 'Cisco' started by mark, Jun 7, 2004.

  1. mark

    mark Guest

    Hi,

    I have a network configuration as follows:

    (A) DSL service coming in from a Westell 2200 DSL modem with integrated NAT
    firewall / router. Unfortunately it only has a single Ethernet port.

    (B) Secure office PC's

    (C) Publicly accessible computer lab PC's.

    I would like to set up each of the above on separate VLAN's, so that (A) can be
    seen by both (B) and (C), but (C) cannot see (B) and vice versa.

    I am considering the purchase of a 2950 24-port switch.

    However, I'm under the impression that a port can belong to only 1 VLAN, unless
    I turn on trunking. Correct? I'm not sure what the implications of trunking are
    - I'm a newbie.

    Is there a simple way to do what I want to do on a 2950?

    Thanks
     
    mark, Jun 7, 2004
    #1
    1. Advertisements

  2. The Protected Port feature is a possibility
    (http://www.cisco.com/en/US/products..._guide_chapter09186a0080212a9f.html#wp1158863),
    though this will prevent B hosts from talking to each other and C
    hosts from talking to each other -- but they could all talk to A. If
    this is acceptable, you'd make all the B and C ports protected and
    leave the A port unprotected.

    Other than that I can't think of a good way to do this with a 2950
    unless the DSL modem supports trunking.

    -Terry
     
    Terry Baranski, Jun 7, 2004
    #2
    1. Advertisements

  3. mark

    mark Guest

    Hi,

    Thanks for your reply.

    I am really surprised that the 2950 can't do multi-VLAN ports without trunking.
    I was just reading the description for the Netgear FS526T
    (http://www.netgear.com/products/prod_details.php?prodID=216), and making a port
    a member of more than one VLAN is a piece of cake.

    Unfortunately, the Westell 2200 doesn't support trunking, and the ports within
    VLANs (B) and (C) do need to talk to their peers.

    Given that the 2950 can't do this easily, you'd have to move up the line to the
    router, and tell the router that DSL port (A) can talk to the port connected to
    VLANs (B) and (C), but (B) can't talk to (C) and vice versa... right?

    I'm not that familiar with Cisco equipment. What would be the lowest end Cisco
    router that can do this?

    Thanks again...
     
    mark, Jun 8, 2004
    #3
  4. Older Cisco switches can do this -- I'm also confused as to why this
    functionality was done away with.
    This is an option. The router would have ACLs in place to prevent B
    and C from talking to each other.
    2600 series routers with 100Mbit interfaces can do trunking, and the
    10Mbit ones may be able to do it as well with recent IOS versions.
    Certain 1700 series routers may also support trunking, but I've never
    used them so I don't know. An issue to concern yourself with for this
    type of router-on-a-stick scenario is inter-vlan bandwidth
    requirements -- the router can potentially end up being a bottleneck.

    A better solution for your situation may be a layer-3 switch such as
    the 3550. You can create three VLANs (A, B, and C), and use ACLs to
    restrict traffic flowing between them as necessary. The benefits here
    are simplicity (one device instead of two), bandwidth (no router
    bottleneck), and potentially cost (depends).

    -Terry
     
    Terry Baranski, Jun 9, 2004
    #4
  5. mark

    wtown46333

    Joined:
    Oct 27, 2006
    Messages:
    2
    Likes Received:
    0
    wtown46333, Nov 28, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.