looking for technical solution

Hello experts,

I am not a good networker and your assistance will be highly appreciated here.

I configured the core with the SVIs. I need to configure switch 1 fa0/1 to connection to the router R0 using interface fa0/0. The router out side interface will connect to the server vlan 200: 10.1.2.3.
I am assuming this server is connected to another network and hence that is why that IP is in vlan 200. The issue here is that vlan 20 is also using the same ip range in vlan 20.

Part 2 of the question is users in vlan 20 do want to access that server but the server should not access any resources or devices on the core switch or vlan 20.

I know this issue is complicated but i would like to know the solution. Please if someone will comment can you out the configuration as well.
topology-assist.JPG
LVL 4
Habib ZakariaNetwork Solutions ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
Really need some more information (the configs of the switches and routers, for example) to answer with any certainty.

The issue here is that vlan 20 is also using the same ip range in vlan 20.
I'm guessing one of those "20's" should be a 200?  That may or may not be problem.  It depends on where these VLAN's exist.  If they exist on the same switch, then it's a problem that most likely require changing some IP addresses or VLANs.

Part 2 of the question is users in vlan 20 do want to access that server but the server should not access any resources or devices on the core switch or vlan 20.
That's not too difficult to do. It just requires an ACL to block outgoing requests or incoming responses.
0
Habib ZakariaNetwork Solutions ArchitectAuthor Commented:
As per the topology the VLAN 200 is not a vlan in the core and it is behind the router shown. But it is using the same range / IP addressing scheme as vlan 20. I want to know how to best configure the link between that server in vlan 200 with IP 10.1.2.3 and provide access to users in vlan 20. Also at some point I want vlan 200 server from accessing the network in the core.

any suggestions please. I forgot to save the config file in packet tracer and lost the topology after I posted it but it is straight forward topology and I can rebuild it.

Thanks,
0
Habib ZakariaNetwork Solutions ArchitectAuthor Commented:
The router has no config yet. That why I put this scenario so I can ask for assistance and configure the router.

Thanks,
0
Don JohnstonInstructorCommented:
Okay, so here's something to keep in mind:  VLAN's are a switching feature.  Routers don't really care about VLAN's. Sure, they can be made to be "VLAN aware".  But routers primarily only care about layer 3 addresses.

There are a number of different ways to accomplish what you want. All of them are correct, all of them have pros, and all of them have cons.  The bottom line is there is no "right" answer (with the information provided).

So you could do:

1.

Make Router0 VLAN aware and have interfaces for every network letting it route between the VLANs.

2.

Let the 2960 do the inter-VLAN routing.

3.

Let the 3560 do the inter-VLAN routing.
Or you could do 1 and 2. Or 1 and 3. Or 1, 2 and 3.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Habib ZakariaNetwork Solutions ArchitectAuthor Commented:
Hi Don,

That is good. Things have changed now in this topology and I will put a new one which is an actual work i will do onsite. I will post a similar topology tonight i need your assistance.
Thanks,
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.