In article , Jack Taugher wrote: :I have an environment that has two Cisco 2950 Switches and a Wireless
:What I'd like to do is create another subnet for a division of our :company which needs to be separate from ours. So with this, I'd like :to have a 192.168.100.x network on say VLAN 5 and 192.168.208.x on say :VLAN 6.
:One of the questions is, the Tranzeo Wireless Bridge on each side -- do :the ports that it plugs into receive 2 VLAN memberships, because :traffic at the 124thSt Building will have two-users on the :192.168.208.x network, and will connect to a server in the 126th St :building.
Yes. And it will need to be a trunk port.
:And the remainder of the 45+ users in both buildings must :stay on the 192.168.100.x and not see the .208 network. Or, does the :Cisco Catalyst do some magic and encapsulate the traffic from the .208 :network into the .100 bridge and decapsulate it back into the .208 :network?
I do not recall offhand whether the 2950 supports Cisco's "private vlan" feature; if it does, the wireless link still ends up needing to carry 802.1Q tags (i.e., be a trunk port.)
The mechanisms needed depend upon your security model. If (as you hint) the two networks must not be able to interchange data, then you need VLAN trunking over the link. If the possibility of a slipped packet here and there is not such a big thing, then you could do without the trunking, provided you had a router on each end to split the traffic apart (though there are port- flapping risks associated with that arrangement.) Possibly you could use the ACLs on the 2950 to block intra-vlan traffic.