Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1116
  • Last Modified:

VLAN Question

Hello,

  I want to configure a VLAN on my switch.  The switch is not a Catalyst so i do not have Cisco IOS.  
I am working with a Cisco SG 300-52.  The main issue I have is that i want to seperate some users in a vlan on my switch.  
However, I still want them to be able to access my servers for storage, dhcp, etc.  We are a small shop so I only have the one switch.
I have left the default VLAN 1 in place and that is where all of my machines are sitting.  Then I created VLAN 2 and added the machines i want seperated form the other traffic.
I am facing 2 issues.  First, the switch I have is not running Cisco IOS, so the configuration is actually more confusing to me with the GUI.  
Second, I don't have a spare card in my router (Cisco 1841) to be able to do Router-on-a-stick.

Is there a way to achieve this on the model switch i am using?  
Am I going to have to purchase an Ethernet WIC for my router?


Any help would be appreciated.  :)  
0
RHSelf
Asked:
RHSelf
1 Solution
 
JoshuaJECommented:
Are you sure it's not running IOS?

I've never run into a cisco switch that wasn't running IOS, unless it was running CatOS instead...

try going to a dos prompt and telnetting into it.
0
 
JoshuaJECommented:
Huh, I just looked it up and I found no mention of IOS for it... intereresting.
0
 
JoshuaJECommented:
If you want to seperate traffic from some users to other users in the same VLAN, I would recommend creating a VLAN ACL... but somehow I doubt you can do that.

You could also create some mac ACLs... basically the point is all you need to do is fiilter traffic, you don't need to create two seperate networks. :)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
JoshuaJECommented:
The only other options would be to create two networks/vlans as you mentioned, and create SVIs (VLAN interfaces) to act as a gateway for each VLAN: interVLAN routing.

If you can't configure that on your switch, then you will need the ethernet module for  your router so you can perform interVLAN routing (router on a stick) using the external router.
0
 
JoshuaJECommented:
The last thing I said about the ethernet module is me assuming that your router has only 1 ethernet port...
0
 
Marius GunnerudSenior Systems EngineerCommented:
for a reference for configureing your switch have a look at this link: http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

When you say you don't have a spare card on your router so you can't do a router on a stick, do you mean port? If this is the only switch in your setup isn't it already connected to the router? all you need to do is trunk that connection.
0
 
JoshuaJECommented:
Well,

Assuming (there I go assuming again) that he knows what router on a stick is, his router must have any ethernet ports...

If your router has 1 ethernet port, you can perform interVLAN routing (router on a stick).  If that's all you need router router for, then great.

Most router have at least 1 ethernet port though, so I'm assuming you are already using it, and that is why you need another ethernet module.
0
 
JoshuaJECommented:
The easiest thing for you to do would be to create some MAC ACLs
0
 
JoshuaJECommented:
Keep in mind, if you make two distinct networks, all hosts will still be able to talk to each other, and you will still have to configure filters
0
 
RHSelfAuthor Commented:
Well I was wondering that too.  If establishing a VLAN for a couple of computers that i want to be inaccessible from other machines was overkill.  I could just use the MAC ACL's and allow traffic from my servers set., but deny traffice from other machines?
0
 
JoshuaJECommented:
actually you would deny traffic first

and then permit everything else
0
 
JoshuaJECommented:
Here's a snippit from your switch manual, just for creating and configuring MAC ACLs.  You may need to download it to see it clearly.


 MAC_ACL_INSTRUCTIONS
0
 
TekyguyCommented:
Easy way to do this is to create 3 vlans - Example:

- Server/servers go in Vlan 1
- user group A goes in Vlan 2
- User group B goes in Valn 3

1. Setup inter Vlan Routing from Vlan 2 to Vlan 1 giving users group A access to the server
2. SEtup inter vlan router from Vlan 3 into Vlan 1 giving users in group B access to the server
3. Don't setup vlan routing between vlan 2 and 3

you may need to use more vlans then are shown in this example, but this should get you headed in the right direction.

0
 
JoshuaJECommented:
Please don't listen to Tekyguy, as we already went over this, thanks.

No offence Tekyguy, but you should read the entire thread before posting, thanks.
0
 
TekyguyCommented:
No offence JoshuaJE, but noone can read your tiny writing.
0
 
JoshuaJECommented:
Tekyguy,

I would never recommend to someone a solution that involves incomplete configuration.

That's why filters were created, to not only filter, but to also document what is being done within the configuration.

You are bound to run into problems in the future by not completing your routing configuration, if someone else looks at it they will think you messed up.

At least with ACLs it's straight forward.

So you see, your proposed solution isn't really a solution at all, anyone who looked at it would think you don't know what you are doing, even though it may actually work...  It's kind of like destroying the Golden Gate Bridge instead of constructing a toll booth to filter out those who can't pay...

Not only that, you have to also understand that he does not need to create multiple VLANs, and doing so would be a waste of time... all he wants to do is filter a few hosts from eaching certain areas.

If you read my post with the embedded image, you will see that I said you should download it to read it.  Good day, SIR! LOL
0
 
JoshuaJECommented:
Come to think of it, you wouldn't even be able configure this "broken bridge" approach anyway, as connected routes are automatically generated anyway when a L3 interface is configured and brought up.

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now