    We are considering using the above for our shared services backbone switch
    within the building approx. 100 low key users (not all the same compnay

    The proposed config will be:

    VLAN1 - Shared central server running Microsoft Small Business Server for
    file store & email & other servers

    VLAN2 - Telephone voicemail system & PABX logging

    VLAN3 - Building managment system

    VLAN4 onwards - each company within building will have their own VLAN.

    There will be a default gateway setup for shared internet access.

    Bearing the proposed config will the 3550 suffice doing the routing between
    VLANs with sufficient bandwidth?

    There will be various tennants within the building all will be sharing the
    server & internet facilities, basically the VLAN's are there to seperate
    everyone obviously for secruity reasons.

    Any other suggestions or things I should be aware of??


  2. 3550 will route wire-speed, but with SMI image, You'll have only static and
    RIP dynamic routing. It should suffice, as all logical interfaces (VLANs)
    will be added to route table when You define them ("connected" in Cisco
    terminology), and You'll need only to add a static default route.
    Establish good security policy, add ACLs filtering all typical trash
    at the borders of the VLANs, maybe rate-limit ICMP (possibly UDP also)
    to some real numbers (1/2/3Mbit/s should sound sane for typical
    Internet access).
    A 3550 is quirky for ACLs - the hardware fitering space (in TCAM) is
    limited, individual access terms use unpredictable amounts of space and
    when the TCAM overflows it happens asynchonously - you apply an ACL and
    then you have to wait a few and look in the log to see if it
    overflowed. I've only used the EMI version so I don't know if there
    are other issues with the SMI in this area.

  4. Yes, as always, to be fully prepared, You have to read and understand:
    Apart from 3550-12G/3550-12T, all other models can run both SMI and EMI,
    and they share the same hardware. EMI just adds some features, but doesn't
    remove any hardware limitations.
    I've only used the EMI version so I don't know if there are other

    I also think that the SMI software doesnt have access to the
    'access-group' command, so you cannot apply the access-list to an

    I had to get round it by using vlan-maps to control access between
    VLANs on the 3550.
    That document will tell you in principle why your ACL isn't compiling
    but doesn't give very much advice except "make your ACL smaller". At
    one point colleagues here using the pre-12.1(9)EA1 merge algorithm
    (sorry folks, if you don't understand you'll have to read the document)
    had a one-line ACL that overflowed the TCAM. It seems to be almost
    impossible to give any useful advice to avoid that kind of thing

    I never managed to get ACL's working correctly on a 3550. YMMV.

    Another datapoint - one of our Schools uses a 3550-12something as their
    central routing hub and firewall. They needed the performance and the
    ACL support is, um, sufficient. It can be done.

