1. Home
  2. Cisco Systems
  3. Multiple VLANS

Multiple VLANS

I have a Catalyst 3550 and I am trying to connect 40 different offices in our executive suite building. They all require security so I decided to VLAN them all. The internet will be comming into an ISP managed Cisco 2611 and from there into a firewall. From the firewall to the 3550. The firewall does not support trunking so I was hoping to trunk to a port on the 3550 then uplink to the firewall. I have the VLANs set up and trunking on port 47. Port 48 is uplinked to the firewall. I cannot seem to get out. The VLAN seems to function fine but not internet. Is my thought process wrong? Will this not work? Will I need a firewall that supports trunking?

Thanks

Curt

Reply to
Curt Shaffer
Loading thread data ...

Hi Curt,

You may wish to investigate Configuring VLANs for Cisco 3550s:

formatting link
Sincerely,

Brad Reese BradReese.Com Cisco Resource Center Toll Free: 877-549-2680 International: 828-277-7272 Website:

formatting link

Reply to
BradReeseCom

On 07.04.2005 02:58 Curt Shaffer wrote

That should work but is securitywise a really *bad* hack!

Arnold

Reply to
Arnold Nipper

If the firewall does not support trunking, why not create 40+1 vlans, and have the 3550 route between them? Than trunking between the 3550 and the firewall is not needed. Basic layer 3/4 firewalling functions can be achieved with ios acls.

In your current setup i don't see what is the point of trunking on port

  2. regards Adam

A: No. Q: Should I include quotations after my reply?

Reply to
Adam KOSA

On 07.04.2005 10:04 Adam KOSA wrote

As already said, this is a very bad design. Compromising the switch already compromises your whole network.

Get a better FW.

Arnold

Reply to
Arnold Nipper

That sounds like what will have to work. I do not have the EMI IOS so inter-VLAN routing does not work right? So how would I achieve that otherwise?

Reply to
Curt Shaffer

I did read that doc before asking the question but I did not see any hints as to how to perform my configuration.

formatting link

Reply to
Curt Shaffer

Could I possibly create 40+1 VLANs like this?

faste 0/1 vlan 1 faste 0/2 vlan 2

etc faste 0/40 vlan 40 faste 0/41 trunk 802.1Q faste 0/42 - 0/48 vlan 41 faste 0/42 trunk 802.1Q

So that 41 trunks to 42 and say faste 43 uplinks to the firewall?

Reply to
Curt Shaffer

You don't need the EMI for routing. Just for certain routing protocols like BGP and Eigrp. Just issue the command 'ip routing' and you will automatically be routing between the vlans on that device.

Reply to
Scooby

Thanks for the tip. So do you think that setup should work then?

Reply to
Curt Shaffer

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.