VLAN Issues
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by Newbie72 on September 22, 2005, 4:18 pm
Please log in for more thread options Here is my dilemma. We have about 16 switches that are located across 4 floors in 4 seperate closets. The switches on the floor are connected to each switch within its respective closet via cross-over cables.Then there is a switch in each closet that has a gbic module with fiber that run back to a fiber module on a 6506 in our data center. The 6506 has vlans 1-7 on it and are trunking isl via the fiber for each of the closets. The 6506 is also the VTP server VTP Domain brooks. Vlan 2 goes out to our radiology dept. Vlan3 is our wireless network. Vlan4 is our Fiber connection to our ISP. VLAN 5 is to our Cisco Pix 515. Vlan 6 is our Pix inside. Vlan 1,2,3,6 connect from the 6506 to a Cisco 3640 router and are plugged into ethernet ports where they are then routed. VLAN 7 is a new VLAN that I am trying to create for the following reason. The hospital wants practicing doctors that are not residents in the hospital to have access to webmail so they can access their outside email, such as yahoo and hotmail. I do not want any outside email on the network for obvious reasons. I have been tasked by my Director to create a seperate VLAN that the doctors can access outside email on without being able to connect to the rest of our network. I am the new Network Admin who did not design this network and have only been here for about 1.5 months.I have made VLAN 7 on the 6506 and i have checked the switches in the closets to make sure it has propigated to the switches. I have assigned switchport access vlan 7 on port fa0/13 on a cisco 3524 that is in one of the closets on the floor(my end host connects to that port). I do not have any more free ethernet ports on the 3640 to plug into from the 6506 to route the traffic to pix and out to the internet. the reason the traffic is routed I believe is because the person who built this network laid out the network as follows. Pix inside is 128.6.0.254/16, Pix DMX 192.168.0.1/24, 3640 ethernet 0/0(Vlan1)128.1.0.101, e0/1(vlan2)128.2.0.1, e1/0(vlan3)128.3.0.1, e1/1(vlan6)128.6.0.1. The question is how do I get 3 desktop machines all on seperate floors of the hospital all internet access via VLAN 7 without being able to access any of the other vlans and all of them on a subnet that is not part of the rest of my network. Any help would be greatly appreciated. Steven Johnson Network Administrator Brooks Memorial Hospital sjohnson@brookshospital.org | |||||||||||||
|
Posted by Merv on September 22, 2005, 4:44 pm
Please log in for more thread options You could use policy-based routing (PBR) to route all traffic from VLAN 7 to you Internet interface. See PBR examples on cisco CCO site. If it is not clear then send me private email at mhrabi@rogers.com | |||||||||||||
|
Posted by Merv on September 22, 2005, 4:46 pm
Please log in for more thread options
You could use policy-based routing (PBR) to route all traffic from VLAN 7 to you Internet interface. See PBR examples on cisco CCO site. If it is not clear then send me private email at mhrabi@rogers.com | |||||||||||||
| Similar Threads | Posted |
| VLAN Issues | September 22, 2005, 4:18 pm |
| Issues with Private VLAN | September 19, 2005, 1:35 pm |
| Pix 515 VLAN NAT0 issues | March 16, 2006, 9:58 am |
| PIX 506e Vlan DMZ issues | March 21, 2006, 11:03 pm |
| vlan issues kicking my | November 17, 2006, 3:54 pm |
| VLAN and Routing performance issues | December 18, 2006, 8:35 pm |
| Cisco Softphone Vlan Versus Preexisting Hardphone Voice Vlan | September 23, 2005, 7:43 am |
| VLAN Security vs. Inter-VLAN Routing | December 18, 2007, 4:26 pm |
| 503 dmz+vpn issues | December 14, 2005, 11:19 am |
| 503 dmz+vpn issues | December 14, 2005, 11:19 am |
| NAT issues | March 12, 2007, 9:29 pm |
| VPN Issues on 837 | March 23, 2007, 9:08 am |
| ASA OS QA issues?? | May 30, 2007, 1:18 pm |
| BGP issues | June 27, 2008, 3:59 pm |
| Cisco VPN issues | August 2, 2005, 6:30 pm |