03-27-2018 07:12 AM - edited 03-05-2019 10:10 AM
dear all may i have your idea about configuration on below layout diagram i have a new office and this is the infrastructure :
note: the Cisco switch is L2 functionality and firewall has L3 functionality
please check the attached file
thanks in andvance
03-27-2018 11:39 AM
Hi
You could create the gateways for each VLAN using sub-interfaces or VLANs on the firewall then creating a trunk on a switch where the VLANs are going to be created for the end users.
It should be like a router-in-a-stick scheme.
:-)
03-28-2018 01:44 AM
thanks alot for helping
if u have free time when ever u want just can u show me the configurations for firewall and core switch (L2 functions) ?
should i ask u about :
on switch what should i dot?
- create vlans
- assign the associated switch port to the specified vlans with mentioning the kind of ports (access and trunk mode)
on firewall 5516-x :
- create sub interfaces (as inside ) with specified gateways for each vlan (all sub interfaces should has nameif and security level should be same (100) )?
- assign each sub interface to specified vlan
- configure sub interface for outside port and assign the vlan to it
- configure default route outside
- configure static route inside
- configure nat by creating object network and subnet for each vlan
- also about dhcpd and dns server creation? should i create for each vlan a specified dhcpd and dns
- what about this command ( same-security-traffic permit intra-interface ) because we have on one interfarce a multiple sub-interface to let the network traffic passing between them ? correct ?
what kind of configuration should i have or should i dont have ?
please configrm the step that i mentioned and help me on show me the step of configurations commands
thanks
04-02-2018 05:35 AM
can somebody help on configurations of attached diagram
04-02-2018 06:34 AM - edited 04-02-2018 06:43 AM
Hi,
Apologies for the late response, for example in order to configure this scheme as router-in-a-stick but using a firewall, an example could be:
Imagine:
Vlan 10 - IT - 192.168.10.0/24
Vlan 20 - Accounting - 192.168.20.0/24
Vlan 30 - Executive - 192.168.30.0/24
Firewall
same-security-traffic permit intra-interface
interface g0/0
no shut
interface g0/0.10
vlan 10
ip address 192.168.10.1 255.255.255.0
nameif IT-DEPARTMENT
security-level 100
no shutdown
interface g0/0.20
vlan 20
ip address 192.168.20.1 255.255.255.0
nameif ACCOUNTING-DEPARTMENT
security-level 100
no shutdown
interface g0/0.30
vlan 30
ip address 192.168.30.1 255.255.255.0
nameif EXECUTIVE-TEAM
security-level 100
no shutdown
interface g0/1
no shutdown
nameif OUTSIDE
security-level 0
ip address x.x.x.x y.y.y.y <--- Subnet used to connect with the ISP.
Switch
vlan 10
name IT-DEPARTMENT
vlan 20
name ACCOUNTING-DEPARTMENT
vlan 30
name EXECUTIVE-TEAM
interface g1/1/1
description TRUNK-TO-FIREWALL
switchport mode trunk
switchport trunk allowed vlan 10,20,30
no shutdown
The configuration above will enable the communication between switch and firewall then you must configure the firewall with ACLs, NAT, default route in order to provide Internet access to the users.
Hope it is useful
:-)
04-03-2018 07:54 AM
dear thanks alot for answering
i need to ask you on the network diagram ..on l2 switch i have many vlan and some devices are connected to multiple vlans so i can assign same port of switch to more than one vlan
on the diagram i have the following and correct me if im wrong:
wirelss controller vlan250 -vlan 22 - vlan 2
access point vlan 2
dhcp server ,users vlan 2
printers vlan 9
wan transit vlan 60
is that correct and how to configure it on switch ?
thanks and sorry for bothering u
04-03-2018 11:41 AM - edited 04-03-2018 11:42 AM
Hi
Basically the Switch is connected to the Firewall through 8021q Trunk, then all the devices are connected to the switch using specific VLANs.
The Diagram should be something like:
Firewall --- trunk --- Switch --- PC
| |
WLC |
Other devices
04-04-2018 03:53 AM
should i assign the specific ports on switch to specific vlans like for example:
int range g0/1-9
switchport mode access
switchport access vlan10
and also can i assign same ports or port to multiple vlans like :
int g0/12
switchport mode access
switchport access vlan10
switchport access vlan20
???
thanks
because in diagram it seems wlc connected to more than one vlans (250 - 22-2 ) , correct ?
04-04-2018 09:45 AM
Hi,
Unfortunately you cannot assing more than 1 VLAN on access ports, unless you want the voice vlan.
int g0/12
switchport mode access
switchport access vlan10
switchport voice vlan20
The reason because you see more than 1 VLAN on the WLC is because the port is configured as trunk in order to pass more than VLAN, it is common but specific for certain tasks, so your port should be configured as:
int g0/12
switchport
switchport mode trunk
or
int g0/12
switchport
switchport mode trunk
switchport trunk allow vlan 2,22,250 <-- it will allow just the specific VLANs only by security.
Hope it is useful
:-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide