Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
531
Views
0
Helpful
3
Replies

Access to more than 1 VLAN simultaneously

wagner
Level 1
Level 1

‎11-15-2004 01:04 PM - edited ‎03-02-2019 07:58 PM

We have approx. 7 VLANs configured on our network using Catalyst 3550 switches and would like to allow multiple VLAN access for a few machines.

Example: client is on the 10.25.21.0/24 VLAN while a server is on the 10.25.130.x/24 VLAN. We would like the client to be able to access data on the native VLAN (10.25.21.x) while also have access to the 10.25.130.x VLAN.

Is this possible and if so, how would I configure my ports?

Many thanks . . .

Dan

Labels:
0 Helpful
3 Replies 3

amitsin
Cisco Employee
Cisco Employee

‎11-15-2004 01:54 PM

I think the best way would be enable the IP routing on the 3550 and then use either the MAC ACL or IP ACL to deny or allow the clients access.

Hope this helps.

0 Helpful

vincent-n
Level 3
Level 3

‎11-15-2004 09:20 PM

May be you might want to turn the NIC on the server into a trunk interface and configure the appropriate VLAN to be allowed on that trunk. Doing it this way would mean that you don't have to do anything on the router (3550) but you'll have to make sure that your server is configured with the appropriate VLAN sub-interface and the appropriate IP addresses. This is very similar to configuring trunk and sub-interfaces on your Cisco router except that you're doing it on a server. Also note that there is a limitation on which VLAN can a NIC process. For instance, I can be a member of VLAN1 and only VLAN1. I however can be member of ALL other VLANs just as long as those VLANs do not include VLAN1. This limitation is what I've noticed on many different type of NICs (Intel, HP Broadcom). To be able to do this, you'll have to make sure that you're using the proprietary software that came with the NIC.

0 Helpful

milan.kulik
Level 10
Level 10
In response to vincent-n

‎11-16-2004 02:06 AM

I wouldn't recommend this solution.

a) You need to configure a new IP address on the server for each VLAN conatining any user wanting to connect to the server. Users will have to use different target IP addresses (per VLAN) to connect to the same server and will be confused.

b) Users will have access only to one VLAN - unless you configure trunks to user PCs - not recommended.

c) Most serious - security. Servers are usually administered by other people then switches. What happens if somebody turns on routing on the server?

There will be an uncontrolled routing between your VLANs!!!

IMHO, configuring standard IP routing on your 3550 is much more simple, scalable and secure.

Regards,

Milan

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card