Solved: Re: C3550-24-SMI Config

evosloo · ‎12-03-2003

Our Plant runs 3 ethernet LAN's, 2 for plant processing control(DCS) and 1 business applcations LAN. We have a requirement to connect certain hosts (+- 5) on the Bus. LAN to either of the DCS lans. Each LAN has it's own IP address :

DCS1 = 192.101.101.0/24 (10 hosts via hubs)

DCS2 = 192.101.102.0/24 (10 hosts via hubs)

Bus. = 10.2.0.0/16 (130 hosts via hubs).

Due to network traffic, the LANS must be segregated from each other. We have a C3550-24-SMI switch and we initially thought we could use VLANS with routing between them to do this but we think we may need another router to do this. If anyone has suggestions on the best way to configure the switch (we have limited experience here) it would be greatly appreciated. We have an Internet connection that is defined as the default gateway for all the bus. lan hosts.

b.go · ‎12-08-2003

hi evosloo, i'm glad to hear that.

You can use ACL to apply access restriction for your access between those LANs.

e.g:

router-config#access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 any

this should allow any kind of services from 192.168.0.0/24 to 192.168.1.0/24 (or can be used to allow only certain hosts, just modify using host.ip.add.here netmask 255.255.255.255 )

and then you can apply this to (for example) in interface with 192.168.0.1/24.

router-config-if# access-group 101 in

this ACLs will inspect any traffic directing to router's applied interface (incoming).

hope this will help, good luck.

regards,

-b.go-

View solution in original post

b.go · ‎12-03-2003

hi evosloo,

i'm assuming that you're using this C3550-24-smi as core switch to each LAN hubs.

you can change the switching mode on a port (e.g: fast ethernet 0/0) to act as a router.

switch ena

switch# config term

switch(config)#int fast ethernet 0/0

switch(config-if)# no switchport mode -> to disable layer 2 switch mode

switch(config-if)#ip address 192.101.101.1 255.255.255.0 -> this should be your DCS1 gateway address.

switch(config)#ip routing -> to enable ip routing

configure and assign other port as well for other LANs. Thanks...

good luck,

-b.go-

evosloo · ‎12-04-2003

Hi b.go,

Thank you for the info. I am configuring a test environemnt right now with a few hosts to represent each LAN and will try it out. Really appreciate your comments.

evosloo · ‎12-05-2003

I have done some testing based on your info B.go and it seems to be working great, so thanks again. How do I control traffic between the Lans, is this through ACL's for each port limiting them to specific IP host adresses or is there some other mechanism available ?

Thanks again.

b.go · ‎12-08-2003

hi evosloo, i'm glad to hear that.

You can use ACL to apply access restriction for your access between those LANs.

e.g:

router-config#access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 any

this should allow any kind of services from 192.168.0.0/24 to 192.168.1.0/24 (or can be used to allow only certain hosts, just modify using host.ip.add.here netmask 255.255.255.255 )

and then you can apply this to (for example) in interface with 192.168.0.1/24.

router-config-if# access-group 101 in

this ACLs will inspect any traffic directing to router's applied interface (incoming).

hope this will help, good luck.

regards,

-b.go-