Re: Switch w/ VLANs at the Edge Question

On Feb 20, 2:52 am, Trendkill <jpma...@xxxxxxxxx> wrote:
On Feb 20, 12:16 am, tman <naves....@xxxxxxxxx> wrote:





On Feb 19, 3:16 pm, Trendkill <jpma...@xxxxxxxxx> wrote:

On Feb 19, 5:02 pm, tman <naves....@xxxxxxxxx> wrote:

On Feb 19, 11:57 am, Trendkill <jpma...@xxxxxxxxx> wrote:

On Feb 19, 12:56 pm, tman <naves....@xxxxxxxxx> wrote:

I have several switches in my public network each connecting two or
three devices on seperate networks.  I thought it would be a good idea
to consolidate them into one switch with a VLAN for each network with
no interVLAN routing.  I can't find any information that I can
understand.  I was wondering if anyone does this and how to make it
secure.

Thanks.

Essentially you are talking about creating the vlans centrally, using
VTP to propagate out the VLANs, using your existing routers to service
those networks (or perhaps consolidate those as well to a central l3
switch or router).  This isn't that difficult, and it depends if you
are consolidating onto a catalyst or ios based switch for config
references.  You also would need to control 'security' at the
routers.  If you don't want traffic between subnets, you'll need to
ensure that you aren't advertising the networks between you routers,
or you have access-control lists if you are routing centrally.

My plan is to use one switch that has one VLAN to connect every pair
of devices.  Each pair of devices is in on a separate network.  Each
port will be configured as an access port e.g. switchport mode
access.  There will be no connections from this switch to any other
switches, thus no need for trunks.  I am replacing several small
switches.  The switch is a Catalyst switch with IOS.

Your comments will be welcomed.

Thanks

Well, you can't use one vlan to merge layer 3 networks.  I guess
technically you can have one vlan, and the boxes will only be able to
talk to other boxes in the same layer 3 address range, but all boxes
would see broadcasts, etc, and it would be very bad practice.
Additionally, if you ever need to route externally, this could get
very very nasty.  Perhaps I misunderstood your requirements, but I
would connect all boxes to the switch, create vlans for each subnet,
and lets the router(s) control security via ACLs.

If this is indeed not routing anywhere else, you can look into vlan
security, and use things like private vlans.  Generally this is for
nodes that are all in the same layer 3 network, but you want to
protect them from one another and only allow communications within a
group or with the gateway.  Here is a link.

http://www.informit.com/articles/article.aspx?p=29803&seqNum=6-Hidequoted text -

- Show quoted text -

This is a simplified view of what I have now:

Three Seperate Networks, three separate switches:

Router1 ----- Switch1 ------ Router2

Router3 ----- Switch2 ------ Router4

Router5 ----- Switch3 ------ Router6

What I Would Like to do if it is a good idea:

Three separate networks, one switch with three vlans that do not
communicate with each other..

Router1 ----- Switch1, vlan1 ------ Router2

Router3 ----- Switch1, vlan2 ------ Router4

Router5 ----- Switch1, vlan3 ------ Router6

Thus replacing three separate switches with one switch

There are no routing protocols.  The routers do not know about one
another.

Is this feasable?  Is it secure?

Thanks

Yes, that works fine.  Provided you do not have routing turned up, and
there will be no connections between the vlans, and the routers will
not connect to multiple vlans and advertise networks, that will work
absolutely fine.  No traffic will cross vlans/networks with that
configuration.- Hide quoted text -

- Show quoted text -

Thanks for your help. I was having difficulty in describing what I
wanted to do. Thanks for hanging in.
.

Relevant Pages

  • Re: qwest optical ethernet
    ... you have a direct ethernet between the two sites. ... L3 switches are much faster than routers for routing between ethernets ... and then at the hub were that line comes in .....throw in a L3 switch ... comming in (say there are 5...would i need 5 VLANs running as the ...
    (comp.dcom.sys.cisco)
  • Re: Help me understand VLAN Technology
    ... subnets, or segments, you choice of words). ... and hardware built into the switch (i.e. multiple virtual "routers" built into ... VLANs break up broadcast domains and switches break up collision ...
    (microsoft.public.windows.server.networking)
  • Re: What does "bridge" mean?
    ... "days gone by" were effectively a regular Switch with only two ports,...now ... In the case of two networks separated by a distance,...a Router is used to ... the same subnet then a Bridge is used instead. ... Routers switch packets at the Layer3 level. ...
    (microsoft.public.win2000.networking)
  • Re: Switch w/ VLANs at the Edge Question
    ... three devices on seperate networks. ... VTP to propagate out the VLANs, using your existing routers to service ... switch or router). ...
    (comp.dcom.sys.cisco)
  • Re: Switch w/ VLANs at the Edge Question
    ... three devices on seperate networks. ... VTP to propagate out the VLANs, using your existing routers to service ... those networks (or perhaps consolidate those as well to a central l3 ... switch or router). ...
    (comp.dcom.sys.cisco)