Discussion in 'Cisco' started by swsw, Oct 18, 2005.

  swsw

    swsw Guest

    I am going to implement a Cisco LAN. These are the specifications:

    Main Server Room: Two Catalyst 3750G24T, two Catalyst 3750 48PS/PoE,
    and servers

    Second IT Room: two Catalyst 3750 48PS/PoE

    Aironet 1100 Access point (2 in each floor, 16 in total)

    Requirement: WLAN users should only have Internet access. Server access
    (DB and File Server) should not be available to WLAN users. LAN users
    should have both internet access and access to the server.

    I know I need to use two VLANs. How can I configure VLANs across
    multiple switches? Is it possible to restrict server access through
    VLAN and at the same time offer Internet access to WLAN users? Any
    configuration suggestions, case studies on similar requirement are
    highly appreciated.

    Many thanks in advance.
    swsw, Oct 18, 2005
  swsw

    Merv Guest

    1. VLANS across multiple switches is implemented using trunking -
    suggest 802.1Q trunking be implemented.

    2. Use policy-based routing to ensure the WLAN users only have Internet
    Merv, Oct 18, 2005
  swsw

    ESM Guest

    In addition to MERV's post, you'll need to create the VLAN's on all your
    switches, or use VTP. If you use VTP, make sure you use a dedicated domain
    for this series of switches. You don't want an accident where a VTP
    broadcast occurs across some trunked linked and the next think you know
    you're loosing VLAN's. It happened to me when I braught up a trunked SNLAN
    connection and had 2 sites set as servers and 1 told the other to drop 20
    VLAN's. It was a stupid beginner mistake, but it happens. It's one of the
    reasons many people don't like to use VTP.
    ESM, Oct 18, 2005
  swsw

    swsw Guest

    Thanks for your help.

    1) The switch uses Stackwise technology, should I still uss trunking in
    that case?

    2) Any detailed suggestions on policy-based routing? where should it be
    implemented? And configuration example would be highly appreciated.

    Thanks again.
    swsw, Oct 19, 2005
  swsw

    Make Guest

    1) The switch uses Stackwise technology, should I still uss trunking in
    If you have 3750 switches in same rack, use stack. But if the distance
    between the switches is longer, use something else.
    interface Vlan1
    ip address
    interface Vlan2
    ip address
    ip policy route-map pbr
    interface Vlan3
    ip address
    ip route
    ip classless
    ip http server
    access-list 10 permit
    route-map pbr permit 10
    match ip address 10
    set ip next-hop
    Make, Oct 19, 2005
