At present I work for a company that has a WAN that comprises of Managed routers. Each office has a Cisco router that is managed by a large Telecomunications provider. I've finally managed to get the company to start implementing VLANs. Now normally I would just jump into the router and create a sub-interfaces for each VLAN and run dot1q trunking however since I can't gain access to the managed router I would have to submit a request for each vlan change.....painful. So my question is, with the topology below is there a way I can implement VLANs without needing to go through the service provider all the time. Users -> CoreSwitch -> WAN Router -> Firewall Server-> All systems have the WAN Router as the default gateway, it's default gatway is the firewall. My initial thoughts were to make the CoreSwitch (4510R) the default gateway and do the InterVLAN routing inside the switch and publish the routes to the WAN Router and via RIPv2. Is this a good idea and would it enable the all office to the relevant VLANs, is there a better way to do this? Thanks in adavance.