Vlaning Scenario 1

[Ciscon]

I have 2 Cisco 3550s and have connected them via Gbit.

The network environment here is made up of 3 seperate companies, all on 1 subnet using a common set of servers.

Example: There are 2 AD servers and 1 File/Print Server for use by all three companies. Then each company has a few workstations.

I wish to create 3 vlans.
vlan1 is for use by company1
vlan2 is for use by company2
vlan3 is for use by company3

How can I set the configuration of certain ports on the 3550s to be a member of all 3 vlans?

Is it best to make both switches vtp servers, or should one be client and the other server?

Cheers,
Ciscon

 

[baddos]

Make both switches VTP servers. It is possible to make a host member of all 3 vlans, but it would require setting the port to be a 802.1q trunk and the host's card would have to be capable on multiple vlans over 802.1q link (intel server cards do this).

Setup gig0/1 as a trunk

vlan database
add vlan 2 name company2
add vlan 3 name company3
apply
exit
configure terminal
ip routing
interface gig0/1
switchport mode trunk
interface vlan1
ip address 1.1.1.1 255.255.255.0
interface vlan2
ip address 2.2.2.1 255.255.255.0
interface vlan3
ip address 3.3.3.1 255.255.255.0

 

[gaveeve]

What vlan are you putting the servers on? You might consider putting that on a seperate vlan (#4) and also another seperate vlan for the connection to the internet(#5).

 

[firestormsp1]

You wont really want to use vlan 1 for your clients. This is the default management vlan for the cisco kit and clients on the same vlan will be on the same subnet and can lead to hacking attempts.



Life sucks, just dont swallow it!!

 

[Ciscon]

If I put my servers on a different Vlan, will the servers in the server vlan be able to communicate with the workstations in companyX vlans?

 

[Ciscon]

I found a much simplier solution to my problem. I call it poor man's Vlan.

My biggest problem is that I am on 1 subnet, and want to vlan each company off from each other. But some of the servers that I have are common servers. Because of the logistics of this network, reIPing is not a workable choice.

So, I found "switchport protected" and applied it to each interface of the Cisco 3550 that connects each company's 3COM switch. Switchport protected basically says that a port set in protected mode cannot talk to another port in protected mode.

Voila, Company A workstations don't talk to Company B or C's workstations. But they can all talk to the common set of servers. See my crude ASCII picture below.


Common Server
|
------------------------Cisco 3550-----------------------
| | |
3COM-A 3COM-B 3COM-C

 

[baddos]

Your right. Good Job!

 

[gaveeve]

Sounds like a solution but I thought I would answer your question anyway. Yes, the servers would be able to communicate with the other vlans. The advantage of doing it that way would be your ability to filter who could and couldn't access each other with access-lists. This would also apply to the Internet if you put that on a seperate vlan.