Help on VLAN configuration: Catalyst 3750

I am going to implement a Cisco LAN. These are the specifications:

Main Server Room: Two Catalyst 3750G24T, two Catalyst 3750 48PS/PoE, and servers

Second IT Room: two Catalyst 3750 48PS/PoE

Aironet 1100 Access point (2 in each floor, 16 in total)

Requirement: WLAN users should only have Internet access. Server access (DB and File Server) should not be available to WLAN users. LAN users should have both internet access and access to the server.

I know I need to use two VLANs. How can I configure VLANs across multiple switches? Is it possible to restrict server access through VLAN and at the same time offer Internet access to WLAN users? Any configuration suggestions, case studies on similar requirement are highly appreciated.

Many thanks in advance.

Reply to
swsw
Loading thread data ...
  1. VLANS across multiple switches is implemented using trunking - suggest 802.1Q trunking be implemented.

  1. Use policy-based routing to ensure the WLAN users only have Internet access.

Reply to
Merv

In addition to MERV's post, you'll need to create the VLAN's on all your switches, or use VTP. If you use VTP, make sure you use a dedicated domain for this series of switches. You don't want an accident where a VTP broadcast occurs across some trunked linked and the next think you know you're loosing VLAN's. It happened to me when I braught up a trunked SNLAN connection and had 2 sites set as servers and 1 told the other to drop 20 VLAN's. It was a stupid beginner mistake, but it happens. It's one of the reasons many people don't like to use VTP.

Reply to
ESM

Thanks for your help.

1) The switch uses Stackwise technology, should I still uss trunking in that case?

2) Any detailed suggestions on policy-based routing? where should it be implemented? And configuration example would be highly appreciated.

Thanks again.

Reply to
swsw

If you have 3750 switches in same rack, use stack. But if the distance between the switches is longer, use something else.

ip address 10.10.10.1 255.255.255.0 ! interface Vlan2 ip address 20.20.20.1 255.255.255.0 ip policy route-map pbr ! interface Vlan3 ip address 30.30.30.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.10.10.2 ip classless ip http server ! ! access-list 10 permit 20.20.20.0 0.0.0.255 route-map pbr permit 10 match ip address 10 set ip next-hop 30.30.30.2 ! . ! end

Reply to
Make

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.