cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Need advice with network segmentation

StaismanS
Beginner
Beginner

Right now we have around 50 users in our workplace, here is a mess right now, I dont even know how it still in working condition. For 50 users we are using 5 switches and I have no idea why, I just came to this place and I want to re-organize whole network. We just recently bought a cisco switch SF 300 with 24 ports, which I wanna use as a main switch. As I said we have 4 other switches which are not manageable, so here are my thoughts.

I wanna connect all servers, two gateways and IT group (only 2 pc), direct to the Cisco switch and put them in VLAN1.

Separate all other switches and use each switch with one or two departments on it, then connect these switches to the G1 to G4 gigabit ports on the CISCO and separate them with VLANS, (VLAN2, VLAN3, VLAN4 and VLAN5).

All VILANs (from 2 to 5) gonna be untagged and VLAN1 will be tagged to the all of them.

What do you think my setup will work or not? Maybe you have better ideas, please share them. I don't think the company will spend money for another Cisco switches to do everything right, so I have to play with whatever I have here to increase a performance.

6 REPLIES 6

David Hornstein
Rising star
Rising star

Hi Stanislav,

Firstly , new software came out for your switch today.. really interesting featureset including a supported LCLI.

http://www.cisco.com/cisco/software/navigator.html?mdfid=283009439&i=rp

You suggestion seems very sound, but I guess that since all these unmanaged switches will be connected to this managed switch, you want all these vlans to communicate with eachother ?

If so, your suggestion to  make the ports G1 - G4  untagged in the vlan is correct.

But first, before you configure vlans, please;

step 1. upgrade firmware

step 2   enable Layer 3 switching between vlans check out the Admin guide on how to set the switch into layer 3 mode.

This mode is not enabled by default, the switch is in layer 2 mode by default..

However changing to layer 3 mode uis done via the console or telnet . change the switches mode to Layer 3 mode to allow for Layer 3 switching between vlans.  ( doing this will reset the switch back to factory defaults).

Step 3  You next need to add the vlans  and assign IP addresses for the new vlans.  These IP addresses will act as gateways for IP hosts on the vlan.

Sounds simple..yep...but still takes a bit of practice. 

You can't wreck the switches by playig with the GUI, so have fun, and remember to save changes.

Thank you for your purchase and again have fun with this product.

regards Dave

Hey David, thank you for your response.

I don't want all VLANS communicate with each other, but I want each of them to be able communicate only with VLAN1 which includes servers.

I played little bit with port to VLAN. 

When I tried to create VLAN with two PC's, and made it tagged to the ports where PC's connected, I could not ping each other. So I put those ports, in the same VLAN, as untagged ports, then I could ping each other.

Maybe there is some other way to do?, cause you are talking about IP settings to each VLANS which I could not find yet.

All computers have static IP's and I am not planning to change them, so it will be hard to me to assign a range of IP's for each VLAN because here is a mess with IP's and each department have random IP's in range from 0 to 255. That's why I think to assign VLANs to the physical ports (G1-G4).

P.S>

Switch was updated and changed to the layer 3 mode.

Can anyone conferm that I am on the right direction? Please answer my questions above.

David Carr
Frequent Contributor
Frequent Contributor

Stanislav,

If you have the switch in layer 3 mode put an ip addresses on all vlans on the switch.  Then make the ports access ports and plug pc's into the port for its respected vlan you have assigned to that port.  At this point all the vlans will be able to communicate to each other. 

Now you will have to create access rules denying traffic from vlans 2 to 3, 2 to 4, 2 to 5 and allow any any as the final rule.  Make this a rule for vlan 2 and apply it to access ports vlan 2.  Repeat the same rule but change the it and make it 3 to 2, 3 to 4 and 3 to 5 and do a allow any any as the final rule and do the same as above, just apply it to access ports 3.  Repeat the steps for vlans 4 and 5 then they should all have access to vlan 1 and denied to the other vlans.

Now I have even more questions.......

Why should I assign IP addresses to the VLANs? What IP's should I use?. Should I use same IP range as my computers have? Can I use different IP range? What if we don't use public IP's and we don't have free left? All computers in the network use static IPs and connected to the switches (4) which I want to connect to the manageable cisco switch into separate VLANs.

Thank you.

Also I don't know why, but when I tried to assign an IP to the VLAN X (not 1) my router stopped to comunicate with me, can't ping, can't login to it, and only reset helps

Everything is working good now, I figured it out. Thanks everybody for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: