[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How can I set up this VLAN?

Posted on 2011-04-26
8
Medium Priority
?
228 Views
Last Modified: 2012-05-11
I would like to simulate the installation of a VLAN in case this comes up at a future job I may get a contract for.  As I understand it, VLANs allow you to separate individual LANs on a single switch without the need for a router in between each one.  

The job I'm bidding on is a law firm with 30 or so networking devices whose cables culminate into a single server room.  They also have 8 - 10 connections that belong to rooms that are being subleased to other small companies and entrepreneurs.   These connections cannot be allowed access to the Law Firm's computers or servers but, as part of the sublease, they are allowed to use devices like the network printers and scanners.

The equipment they currently have is three 2960 Catalyst switches which each have 24 10/100 ports and 2x Gigabit ports.  They also have an Internet connection.

Is it possible to do this with what the company has?  I don't need the actual IOS commands to run, just a brief overview of how to set it up (ie, 1 VLAN for the law office computers and servers, 1 VLAN for each sublease).
0
Comment
Question by:epichero22
8 Comments
 
LVL 17

Accepted Solution

by:
sweetfa2 earned 1000 total points
ID: 35471882
1. Setup up separate VLAN's as you suggest
2. Also add a separate VLAN for network printers and scanners
3. You also need to setup firewall routing to prevent routing between the vlans that you don't want access to be available to.  ie. grant access to the network printers and scanners, but deny access to everything else except it's own vlan.
0
 
LVL 11

Author Comment

by:epichero22
ID: 35472002
Do I need extra equipment for #3?
0
 
LVL 17

Expert Comment

by:sweetfa2
ID: 35472095
I believe the catalust switches you mentioned have that capability
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
LVL 11

Author Comment

by:epichero22
ID: 35472425
What about communication between the switches and uplink to the Internet?  How should I setup trunking?
0
 
LVL 17

Expert Comment

by:sweetfa2
ID: 35472573
You can set up ports on different switches as part of a VLAN.  That will depend on your network topology on how trunking is configured.

If all systems get internet access then include it in your printers vlan.
0
 
LVL 3

Assisted Solution

by:LinuxNinja
LinuxNinja earned 1000 total points
ID: 35472694
The switches may be setup with an access-list to control what traffic can go where.
The Internet will be through a router, which would normally connect to a dedicated VLAN just for that purpose. Each business would be on their own VLAN, with the shared resources on a sort of DMZ VLAN.

Our office has a somewhat similar configuration. Trunking is typically used only for inter-switch communication and management. Each department is on their own VLAN, but our servers are on a VLAN accessible from all the others. Our engineering team has access to the trunk, as well as devices that are multi-VLAN, such as our Cisco WAPs.
0
 
LVL 11

Author Comment

by:epichero22
ID: 35477653
Thanks for the info so far.  

But wanted to also ask, if I'm sharing printers across two VLANs, should the VLANs be on the same subnet or different?
0
 
LVL 2

Expert Comment

by:MaximR
ID: 35486362
You can keep the same subnet for every vlan but the management is more simple if you use something like:
network: 172.16.0.0 255.255.0.0
vlan 10 = 172.16.10.0 255.255.0.0
vlan 20 = 172.16.20.0 255.255.0.0
and so on...
The official documentation from cisco is there:
http://serverfault.com/questions/247763/cisco-catalyst-3550-switch-vlan-acl-question

and you should take a look at this site. It will answer lots of question you could have about private vlan.
http://lostintransit.se/2011/03/07/private-vlans/
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question