Dilan77
asked on
Cisco router/ VLAN question
Hi All,
Our network is currently contained in one subnet, 192.168.1.0/24, across one site. We have an ISP managed Cisco 2500 router, then a PIX 506e Firewall, then 4 3Com 4228G switches which are connected to the patch panel/servers.
We have contractors and visitors to the office who sometimes need access to a printer and the internet (e.g. to check their OWA). We need to replace some of the 3Com switches anyway, so I was thinking of purchasing some Cisco 2950 switches and creating a seperate VLAN on 192.168.2.0/24 for these contractors. Couple of questions -
i) If I wanted to enable inter-VLAN routing, are there any recommendations to what router I should purchased? We have only about 40 workstations in the office, so it wouldn't need to be heavy use.
ii) For visitors' printing, I could either add a printer to the visitors VLAN or allow them access to the print server on 192.168.1.1. If I went with the second option and enabled inter-VLAN routing, to deny access to all other machines I was thinking of using access lists on the inter-VLAN router to allow only communications to the print server. Can you use access lists between VLAN's, or only between networks?
iii)We'll still keep about 2 of our existing 3Com switches for the time being. All hosts on the visitors VLAN will be connected to one 2950 only, so all ports on the 3Coms will be in the same (default) VLAN. But, are there any known issues between 3Com/ Cisco switches (autonegotiation etc)?
Many thanks in advance.
Our network is currently contained in one subnet, 192.168.1.0/24, across one site. We have an ISP managed Cisco 2500 router, then a PIX 506e Firewall, then 4 3Com 4228G switches which are connected to the patch panel/servers.
We have contractors and visitors to the office who sometimes need access to a printer and the internet (e.g. to check their OWA). We need to replace some of the 3Com switches anyway, so I was thinking of purchasing some Cisco 2950 switches and creating a seperate VLAN on 192.168.2.0/24 for these contractors. Couple of questions -
i) If I wanted to enable inter-VLAN routing, are there any recommendations to what router I should purchased? We have only about 40 workstations in the office, so it wouldn't need to be heavy use.
ii) For visitors' printing, I could either add a printer to the visitors VLAN or allow them access to the print server on 192.168.1.1. If I went with the second option and enabled inter-VLAN routing, to deny access to all other machines I was thinking of using access lists on the inter-VLAN router to allow only communications to the print server. Can you use access lists between VLAN's, or only between networks?
iii)We'll still keep about 2 of our existing 3Com switches for the time being. All hosts on the visitors VLAN will be connected to one 2950 only, so all ports on the 3Coms will be in the same (default) VLAN. But, are there any known issues between 3Com/ Cisco switches (autonegotiation etc)?
Many thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Three 2950's and one 3550 would work fine.
That's how I would do it.
-Don
That's how I would do it.
-Don
ASKER
Thanks guys...appreciated the help.
ASKER
I can see myself having headaches keeping a mixed 3Com/ Cisco switched network, so may just replace everything with Cisco kit.
At the moment, we have 4 3Com switches. If I was to replace these with 3 2950's and one 3550 (or 3750, 3650 etc), could I still have inter-VLAN routing, or do either all the switches have to be 3550s or all 2950's and one 'real' Cisco router?
Thx.