Basic VLAN ?

[qweasdzxcqweasdzxc]

I want to segment my subnet into three different vlans but they all must share the same servers and default gateway. I am only using a single cisco switch...I plan on simply placing each vlan on a single port on the catalyst and then attaching a prexisting already in operation unmanaged switch to each vlan configured port. What commands do I need in order to allow server and gateway access to all vlans?

 

[vipergg]

It won't work with what you want to do without having a router or a l2/l3 switch to route between them . If you making separate vlans then they cannot have the same default gateway , each subnet would have its own gateway and would route to the other subnets . A vlan is a separate subnet with different address ranges so it has to be routed . If you separate them onto separate switches then you will have to route between the vlans to have them talk . Separate vlans also means readdressing all devices within that vlan along with new gateways. Is your existing switch a layer 3 switch ? if so that makes the conversion a lot easier . Examples of l3 switches are 3550,2650,3750 or 4500's with a SupII+ or higher supervisor card.

 

[vipergg]

PS in previous note I listed a 2650 as a layer 3 switch that is supposed to be a 3650 switch...

 

[qweasdzxcqweasdzxc]

I have an extra router I can use but it only has one LAN port (it's a 1700 series router). What if I tried using some type of primary/secondary vlan configuration with the router? I need the vlan's to share the same servers and internet router cause they are in the same domain, I just want the hosts to only broadcast to the servers. The support team at cisco suggested I implement a vlan....So, is there a way to do this with the extra router I have (and the 2900 catalyst) while keeping my current ip address allocation (I dont want to have to adjust acl's for my internet router, firewall, and VPN concentrator that would be to much work).

 

[vipergg]

To be honest I don't know of a way to make multiple vlans and still have them in the same subnet . A vlan is basically a segmented subnet . If the 1700 can do trunking you could trunk from the router down to the 2900 (this would have to be a 8 meg 2900 to work ) and then break out the subnets from there but I don't of anyway to keep the addresses the same on all the subnets , at very least you would have to break the current subnet into smaller pieces and change the subnet mask . Maybe someone else will chime in , but I don't see a way of doing this . why do you feel you have to vlan the subnet ???

 

[qweasdzxcqweasdzxc]

I have about sixty computers on the same subnet and as they are supposed to, they do alot of norml broadcasting throughout the day. One of my users got a virus from file sharing, it got past updated symantec scanners, and it took down my entire network! I called cisco for support and together we dropped in some packet sniffers to check out what was goin on....Afer evaluating the LAN cisco suggested that I implement a vlan in order to keep a situation like this from taking out the entire LAN again.
So I figure this: If I put the computer labs in one vlan, administration in another, and all of the other users in the third vlan, if one of them were to begin broadcasting all kinds of wacky icmp data over the week end again (or something similar) I wouldnt have to worry as much about the entire network being effected (and possibly being offline on monday morning.).

 

[vipergg]

Sure that is correct you are limiting your broadcast domain by breaking it up but you would have to readdress or break up your current subnet into 3 smaller pieces which involve readdressing and using a different subnet mask , instead of say a /24 mask you could use a /26 mask which would give you 62 addresses per subnet. There really no way around it either you would have to give everyone there own subnet or break up your current existing subnet into 3 pieces. . Vlans do break up a broadcast domain but you have to have a way to route between them .