defore
asked on
VLANS with cisco 2900 Switches
Where can I find some information about this? And also is there a way to set each port on a switch as its own VLan?
Thanks
Thanks
ASKER
My company owns a couple of hotels, and I'm looking for solutions to give the rooms internet access.
Why not stick all the rooms on the same VLAN? You can isolate the traffic that way. You create a very complicated routing scenario with individual VLANs per port.
ASKER
I don't want the guy in one room to get to a guy in another room. Besides using switches is there any other alternative?
If it was a girl in the room would you then let the guy get to that room??
just wondering...
jbuda
just wondering...
jbuda
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i wouldn't worry about people "getting to each other" on a 2900 switch. each port on a L2 switch has its own collision domain, meaning packets and traffic designated for port 0/2 for example will only be sent to that port (after the originating device sends a broadcast to that subnet to find the arp match), so its hard to sniff a switch. if you're that concerned about hotel guests sniffing packets - i don't personally think business men/vacationers are going to sit in their rooms and set up packet sniffers to find out the guy in room 2190's hotmail password is :) - then put a "anti-sniffer" on each segment of the network. VLAN's are designed to segment traffic, similar to what you want, and in theory you could put every single port on a diff. vlan, but i know of no company that has ever done this. Its not efficient, and it really wouldn't make that much difference to a hacker in that if he is good enough to do what you said, then he'll be good enough to catch the packets at the trunked port on the router where all the VLAN's come together to pass through the physical input/output port. thats just my opinion anyway.
also, switches are your best option. the only other option for a LAN is hubs, which are basically, and unsecure switch, in which it is very easy to sniff packets on the local segment.
also, switches are your best option. the only other option for a LAN is hubs, which are basically, and unsecure switch, in which it is very easy to sniff packets on the local segment.
plug the 2900's into a 5505 and use trunking, it will work great, I love VLANS... www.cisco.com has several tools available on their site to get you started, we call them cook books...
defore,
lrmoore's solution is really the best one. The product is specifically designed to do exactly what you want it to.
lrmoore's solution is really the best one. The product is specifically designed to do exactly what you want it to.
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc/sc/swgvlans.htm