need help on below network diagram configuration

amralrazzaz · ‎03-27-2018

dear all may i have your idea about configuration on below layout diagram i have a new office and this is the infrastructure :

note: the Cisco switch is L2 functionality and firewall has L3 functionality

please check the attached file

thanks in andvance

amr alrazzaz

Julio E. Moisa · ‎03-27-2018

Hi

You could create the gateways for each VLAN using sub-interfaces or VLANs on the firewall then creating a trunk on a switch where the VLANs are going to be created for the end users.

It should be like a router-in-a-stick scheme.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

amralrazzaz · ‎03-28-2018

thanks alot for helping

if u have free time when ever u want just can u show me the configurations for firewall and core switch (L2 functions) ?

should i ask u about :

on switch what should i dot?

- create vlans

- assign the associated switch port to the specified vlans with mentioning the kind of ports (access and trunk mode)

on firewall 5516-x :

- create sub interfaces (as inside ) with specified gateways for each vlan (all sub interfaces should has nameif and security level should be same (100) )?

- assign each sub interface to specified vlan

- configure sub interface for outside port and assign the vlan to it

- configure default route outside

- configure static route inside

- configure nat by creating object network and subnet for each vlan

- also about dhcpd and dns server creation? should i create for each vlan a specified dhcpd and dns

- what about this command ( same-security-traffic permit intra-interface ) because we have on one interfarce a multiple sub-interface to let the network traffic passing between them ? correct ?

what kind of configuration should i have or should i dont have ?

please configrm the step that i mentioned and help me on show me the step of configurations commands

thanks

amr alrazzaz

amralrazzaz · ‎04-02-2018

can somebody help on configurations of attached diagram

amr alrazzaz

Julio E. Moisa · ‎04-02-2018

Hi,

Apologies for the late response, for example in order to configure this scheme as router-in-a-stick but using a firewall, an example could be:

Imagine:

Vlan 10 - IT - 192.168.10.0/24

Vlan 20 - Accounting - 192.168.20.0/24

Vlan 30 - Executive - 192.168.30.0/24

Firewall

same-security-traffic permit intra-interface

interface g0/0

no shut

interface g0/0.10

vlan 10

ip address 192.168.10.1 255.255.255.0

nameif IT-DEPARTMENT

security-level 100

no shutdown

interface g0/0.20

vlan 20

ip address 192.168.20.1 255.255.255.0

nameif ACCOUNTING-DEPARTMENT

security-level 100

no shutdown

interface g0/0.30

vlan 30

ip address 192.168.30.1 255.255.255.0

nameif EXECUTIVE-TEAM

security-level 100

no shutdown

interface g0/1

no shutdown

nameif OUTSIDE

security-level 0

ip address x.x.x.x y.y.y.y <--- Subnet used to connect with the ISP.

Switch

vlan 10

name IT-DEPARTMENT

vlan 20

name ACCOUNTING-DEPARTMENT

vlan 30

name EXECUTIVE-TEAM

interface g1/1/1

description TRUNK-TO-FIREWALL

switchport mode trunk

switchport trunk allowed vlan 10,20,30

no shutdown

The configuration above will enable the communication between switch and firewall then you must configure the firewall with ACLs, NAT, default route in order to provide Internet access to the users.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

amralrazzaz · ‎04-03-2018

dear thanks alot for answering

i need to ask you on the network diagram ..on l2 switch i have many vlan and some devices are connected to multiple vlans so i can assign same port of switch to more than one vlan

on the diagram i have the following and correct me if im wrong:

wirelss controller vlan250 -vlan 22 - vlan 2

access point vlan 2

dhcp server ,users vlan 2

printers vlan 9

wan transit vlan 60

is that correct and how to configure it on switch ?

thanks and sorry for bothering u

amr alrazzaz

Julio E. Moisa · ‎04-03-2018

Hi

Basically the Switch is connected to the Firewall through 8021q Trunk, then all the devices are connected to the switch using specific VLANs.

The Diagram should be something like:

Firewall --- trunk --- Switch --- PC

| |

WLC |

Other devices

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

amralrazzaz · ‎04-04-2018

should i assign the specific ports on switch to specific vlans like for example:

int range g0/1-9

switchport mode access

switchport access vlan10

and also can i assign same ports or port to multiple vlans like :

int g0/12

switchport mode access

switchport access vlan10

switchport access vlan20

???

thanks

because in diagram it seems wlc connected to more than one vlans (250 - 22-2 ) , correct ?

amr alrazzaz

Julio E. Moisa · ‎04-04-2018

Hi,

Unfortunately you cannot assing more than 1 VLAN on access ports, unless you want the voice vlan.

int g0/12

switchport mode access

switchport access vlan10

switchport voice vlan20

The reason because you see more than 1 VLAN on the WLC is because the port is configured as trunk in order to pass more than VLAN, it is common but specific for certain tasks, so your port should be configured as:

int g0/12

switchport

switchport mode trunk

or

int g0/12

switchport

switchport mode trunk

switchport trunk allow vlan 2,22,250 <-- it will allow just the specific VLANs only by security.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<