Need advice on how to divide this switch.. please?

[Prizmm]

I am starting to build a small data center and I have the following situation (also see attached diagram). I have two separate businesses that I want to share the same switch. I want to bring their servers from their offices and put them in my data center. The most important thing here is to keep the traffic %100 separated from each other.

My concern is that each business currently is using Vlan1 as there data network even though they are using different subnets. I was thinking that I would create say Vlan 100 for business 1 and vlan 200 for business 2 and tag the switchports appropriately for the servers?? But then would I have to go to each business and change their data vlan to 100 and 200?

Am I way off?

Thanks a million in advance for any help on this.

 

[Quadratic]

Make the ports facing the two company switches into access ports for vlan 100 and 200 respectively, and have the two companies' switches set them as access ports for vlan 1. Set up bpdu filtering too, but it's perfectly fine to have that kind of vlan mismatch between access ports since they don't advertise vlan numbers in that case.

That's one solution, but really they shouldn't be using vlan 1 at all.

CCNP, CCDP

 

[kcbell]

My suggestion is to create two layer 2 VLAN since they are two separate companies and not suppose to "touch" each other. I assume they have their own gateway. With layer 2 VLAN, you don't care about the VLAN #, you don't need to change the IP on both companies. You are merely using you switch like two hubs.

 

[Prizmm]

Thanks. Each of those locations has other vlans within their organizations (ie voip vlan, wlan vlan, etc). I normally would not use vlan 1 at all, but Im trying to do this with as little overhaul as possible.

Yes, each company has their own gateway at their respective location. I also want to build this for scalability. i hope to bring on a 3rd and 4th company in the near future.

So I should turn off BPDU filtering? Is that within STP? Thanks again.

 

[Quadratic]

bpdu filtering would be an interface-level command, "spanning-tree bpdufilter enable". This is basically to keep your switch's STP domain separate from theirs.

The overall idea here is to treat your switch as a separate, service-provider network. There are a few possible solutions other than what I suggested there, such as PVLANs (private vlans), or dot1q tunneling (you can tunnel tagged ethernet traffic between two of their switches, letting them form a trunk between their two switches through yours). That would allow them to control their own vlan structure, adding a voice or wlan vlan to their trunks without needing to change anything on your provider switch, for example.

If they need QoS consideration through your switch, the situation becomes a little more difficult but not impossible. You could extend the trust boundary and trust their CoS markings, but usually you'd only do that if you can also manage their switches. Do you need end-to-end QoS?

CCNP, CCDP

 

[Prizmm]

Perfect thanks. Since there will only be servers at my end, im not going to try and make it too complex to begin with. The Wlan, VOIP, etc vlans wont need to traverse this switch. I was thinking about PVlans because I read an article about how hotels utilize pvlans in similar situations to keep each room separate from one another. Again, I want to start slow and work my way there maybe sometime... Thanks