Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple secure lans sharing one ISP

Status
Not open for further replies.
virek

virek

Programmer
Jun 5, 2001
16
FR
Scenario:

I have a client that needs multiple lans that are isolated and can't communicate with each other, but each lan may use the common internet access for mail and web.

My idea:

Use VLANs 1 to x and then 'somehow' route each VLAN to the internet router.

My Question:

I'm guessing its possible, but what (CISCO) equipement can do this and what are the restrictions in this idea, for example can I restrict a VLAN only to have SMTP outgoing access for example?

Thanks in advance

Matthew

-=+ I'm like Ma Bell I got the ill communications +=-
 
Sort by date Sort by votes
This should not be difficult, and any layer3 capable switch should be able to do it for you. How many ports/hosts do you need?
 
Upvote 0 Downvote
chipk,

Thanks for the response.

OK here's the thing, on each VLAN I don't know how many posts/hosts are needed, that could change at any time too, so the question is, can I then on each VLAN put a dummy switch downstream for all the hosts with the uplink going into ONE of the ports on the L3 switch. I'm sure its ok, just wanted to check.

I'm also assuming by that logic I can group several ports on the L3 switch for several downstream switches should I need to for the SAME VLAN.

I was looking at something like 3750 as the L3 switch. What do I need to ensure that I can route from each VLAN to an external router/firewall (they have a 1721 already) and keep the inter-VLAN traffic separate?

Thanks in advance

Matthew

-=+ I'm like Ma Bell I got the ill communications +=-
 
Upvote 0 Downvote
You should be able to do this . A 3750 would work , but I would get the ipservices image . Basically you would setup your layer3 interfaces then use ACL's on each of those SVI's that controls those vlans to control what traffic you want to let in or out . Could be as simple as "permit lan address range to go to internet address and block everything else " . Yes you can hook switches off any port witht hat vlan applied on the 3750 . If you are going to try dummy unmanaged switches I would be very careful as these normally do not runn spanning tree and you will be very vulnerable to any layer 2 loops introduced into the network and you will have a heck of a time finding it with unmanaged switches .
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
172
iggsterman
iggsterman
DrB0b
  • Locked
  • Question
Moving LAG from one switch to another, hopefully w/o downtime 1
Replies
2
Views
99
DrB0b
DrB0b
evr72
  • Locked
  • Question
multiple devices multiple networks best practices help 1
Replies
1
Views
65
Speedline
Speedline
netguy2000
  • Locked
  • Question
C2960TTL multiple Trunk ports with same VLAN
Replies
1
Views
90
chieftan
chieftan
StaplesMan
  • Locked
  • Question
IPv6 ISP with Cisco 1841 router
Replies
1
Views
83
StaplesMan
StaplesMan

Part and Inventory Search

Sponsor

Back
Top