We currently have a flat LAN. I do not want to convert the whole network to VLAN. We have all cisco switches all throughout the company. If I need to plug in one device to one of the ports to control access via access list, do I need to convert the whole netowrk to VLAN? I just want to make 1 port on 1 switch to be on a serparte vlan. Any ideas or suggestions? Initally I was just going to get a small cisco router such as 850 model and restrict the device that way.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VLAN
- Thread starter dannyyo
- Start date
imbadatthis
Technical User
if you aren't using vlans, that means all your devices are on vlan 1.
put the 'new' device on vlan 2, giving a diff subnet and you should be OK...
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
put the 'new' device on vlan 2, giving a diff subnet and you should be OK...
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
- Thread starter
- #3
- Thread starter
- #5
we have Cicso Catalyst 3750G. There's 2 locations connected via T3 lines going into a Adtran's Netvanta 5305 routers. Behind the routers are the 3750G switches adjacent to the Netvanta router and further out connected via fiber are more 3750g switches. I just need to add one device to the far 3750g switch and be able to create ACL for the connection to that port. I want to know if I can get away with just creating a vlan 2 for example for that just one port. But my concern is that I'd have to make a lot of modifications to configiuration on the Adtran router as well as the 3570G, since I'd have to enable routing somewhere to let VLAN2 to be able to talk to VLAN1.
yes, modifications will be required if you want inter-VLAN communication. you have quite a few 3750G's, you could easily configure IP routing (assuming you have the ipbase image) without needing to put another router on the network. Unless you have a routing protocol running, you're going to need static routes on any L3 device on your network back to the VLAN2 subnet
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
Layer 3 switch?
interface vlan 12
ip address x.x.x.x 255.x.x.x
no shut
!
interface fa0/1
switchport
switchport mode access
switchport access vlan 12
and on and on with multiple vlans...
same with a layer 2 switch, but only one SVI. On a layer 3 switch, you can also assign an ip address to the port the way it is by default. If it has ever been a switchport, then...
interface fa0/1
no switchport
ip address x.x.x.x 255.x.x.x
shazaaaayim!
/
tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
interface vlan 12
ip address x.x.x.x 255.x.x.x
no shut
!
interface fa0/1
switchport
switchport mode access
switchport access vlan 12
and on and on with multiple vlans...
same with a layer 2 switch, but only one SVI. On a layer 3 switch, you can also assign an ip address to the port the way it is by default. If it has ever been a switchport, then...
interface fa0/1
no switchport
ip address x.x.x.x 255.x.x.x
shazaaaayim!
/
tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
- Status