03-08-2004 01:40 PM - edited 03-02-2019 02:07 PM
Ok Here goes,
I have a customer who ownes an office building. They want to give internet access to all of his tennants. What would be the best way to do this?
Im thinking maybe a 3550 with each port going to one of the suites, and each port being in a diffrent VLAN and have the 3550 routing each vlan. And maybe another vlan where there will be a PIX sending all of this to the internet. Does this sound ok? Do I want to use Private vlans for this?
Any help would be appreciated.
03-08-2004 08:52 PM
Hi..
I have a customer like this...this link could be useful for your configuration.
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml
Regards
FD
03-09-2004 10:12 AM
That was good info. But what im really looking for is these VLANS having absolutely no access to each other. Possibly using Private Vlans.
If anyone has any info on this it would be great.
Thanks
03-12-2004 12:59 PM
Does anyone have any ideas on this??
Thanks
03-13-2004 06:34 AM
PVLANs aren't supported on the 3550. Protected Port functionality is supported, which is basically a chopped-down version of PVLANs. So that's an option -- make all the client ports Protected and they won't be able to talk to each other even though they're in the same VLAN. The PIX's port is then Unprotected so that each host can talk to it.
Separate VLANs along with ACLs are an option but this would require each VLAN be on it's own subnet, which is ugly. Protected Ports sound like a better option here.
03-13-2004 06:22 PM
Ok thanks,
Can i do that with the 2950? Can i also place a DHCP server on a unproteced port to Give IP addresses to that vlan?
Thanks,
03-14-2004 05:24 AM
The 2950s support Protected Ports as well. Putting a DHCP server on an unprotected port should work fine.
03-15-2004 06:17 AM
If the pix is on an unprotected port will it forward traffic from one protected portto another protected port. I dont want this to happen
03-15-2004 05:02 PM
I don't know if it will do so by default -- you'd have to test it. But if it does you should be able to prevent it from doing so via ACLs. For example, if all the hosts are on 10.10.0.0/16, you'd put an ACL on the PIX which blocks traffinc from 10.10.0.0/16 to 10.10.0.0/16.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide