VLAN Configuration help

niteshkumarkalal · ‎02-24-2012

Hi Friends ,

I wanted to create a vlan in my office network

Where Vlan 10 name Marketing 192.168.5.0

vlan 20 ERP User 192.168.6.0

vlan 30 HR 192.168.7.0

I have 20 ( 24 Port Linksys SRW 2024) Switches ,

1800 Router (We are not using it anymore ),

checkpoint Firewall .

IN vlan 20 there is some printer & mail server . I want every one can access this printer and server .

Kindly let me known how to configure this .

Thanks

NItesh

John Blakley · ‎02-24-2012

Nitesh,

Reading your post sounds like you won't be using Cisco equipment anymore (other than the Linksys switches). If that's the case, no one on this forum will be able to help with your firewall. You have to be able to route between vlans and the only piece of equipment that you've stated that would do that is the 1800 router, but also say you're not using it. Are you using the router still?

John

HTH, John *** Please rate all useful posts ***

niteshkumarkalal · ‎02-25-2012

We are not using this but if we use that router than what need to be configure .

Jan Hrnko · ‎02-25-2012

Hi Nitesh,

What about a solution, where you configure the cisco 1800 router as a Router-On-A-Stick? So the vlans could be interconnected with each other and you will also get to the printers from other networks.

On the router, you will need to configure subinterfaces and it should be something like this:

R(config)# interface fa 0/0
R(config-if)# no shutdown
R(config)# interface fa 0/0.10
R(config-if)# description marketing VLAN 10
R(config-if)# encapsulation dot1q 10
R(config-if)# ip address 192.168.5.1 255.255.255.0

R(config)# interface fa 0/0.20
R(config-if)# description ERP VLAN 20
R(config-if)# encapsulation dot1q 20
R(config-if)# ip address 192.168.6.1 255.255.255.0

R(config)# interface fa 0/0.30 
R(config-if)# description HR VLAN 30 
R(config-if)# encapsulation dot1q 30 
R(config-if)# ip address 192.168.7.1 255.255.255.0

The ip add address for each subinterface is default gateway you will need to configure on your hosts (manually or through dhcp).

The fa0/0 (or some other port) link must be connected to an switch through a trunk link.

You can also use access-list if you want to disbale communication between vlan 10 and 30 for example.

Hope this is what you've been looking for. This is maybe not the best or great idea, it is just a solution known to me if you haven't got multilayer switches. The main dissadvantage of this solution could be a single point of failure, congestion on a link to router and the main dissadvantage is the speed of such a process because the router needs to do software routing decisions.

Best regards,

Jan

niteshkumarkalal · ‎02-26-2012

HI Jan ,

Thanks Its Worked . Now if want internet on all machine what will be be my next process . I have checkpoint firewall . How would i route the internet traffic to my firewall . what next configuration needs to be done on Router 1800 & checkpoint .

Best Regards

Nitesh

cadet alain · ‎02-27-2012

Hi,

on the Cisco router you need a default route pointing to the Checkpoint and on the Checkpoint you need a default route going towards your ISP next-hop.You'll also need to NAT on the Checkpoint for all VLANs you won't the capability to go on the internet.

Regards.

Alain

Don't forget to rate helpful posts.