Hey group, looking for your input on what I am attempting to implement on the the Cisco equipment we have purchased for a small shop. I know the value of implementing VLANs to seperate network traffic and confine traffic to it so I am trying to expand my knowledge of such. So I have a few questions and looking for the experts input on what I have missed, messed up or overlooked. Our layout currently:
SA540 --> 172.16.8.1
Cisco Switch --> 172.16.8.2 (Linked to LAN Port 1 on SA540 and SFP to SG300-20, Operational Gateway 172.16.8.1)
Cisco Switch SG300-20 --> 172.16.8.5 (Operational Gateway 172.16.8.1 Uplinked through 172.16.8.2 SFP to SA540)
Based on an exercise I saw online I am working to duplicate the setup.
VLAN 1 --> 172.16.8.x/24
VLAN 2 --> 10.0.2.x/24 Workstations
VLAN12 --> 10.0.12.x/24 Management
VLAN13 --> 10.0.13.x/24 Servers
VLAN14 --> 10.0.14.x/24 Servers
VLAN15--> 10.0.15.x/24 DMZ
I have put these VLANs into the SA540 and enabled InterVAN routing.
My understanding currently:
Tagged Ports = packets are tagged with VLAN information when running multiple VLANs through the same port. 802.1Q
Untagged = only the default VLAN or one VLAN's traffic pass through the port. By default all traffic is untagged because all running out of the gate on VLAN1.
Access Port: untagged / Default VLAN traffic / one VLAN passing through only.
Trunk: Port tagged with multiple VLAN traffic passing through such as the port I am using to uplink to the other switch.
General: ??? I'm unclear on this one.
Guest: ??? Ditto on unclear
PVID: Port VLAN Id: Assigns an access port or trunk port to a designated default VLAN ID when one isn't defined "tagged"?. Also a trunk port is assigned to a default VLAN if a VLAN isn't tagged on it.
So based on this my question. I have created the VLANS inside the SA540 and enabled InterVLAN routing. Do the routes only become active when a device is sitting on that segment?
Do I still need to put static routes in the router or will the "InterVLAN" routing establish those routes when they become active?
I have created the VLAN routes inside the switch as well, how do I tell the switch to forward the packets to the router? I didn't' see an option to make the router the next hop on the journey. As it stands I have not added the routes to the upstream switch that sits between the SG300-20 and the SA540. Does it simply pass through one switch or does every switch need to be aware of the static routes?
Currently on the SA540 under Port to VLAN (Port 1) the mode is "Access", PVID =1 and VLAN Membership =1. I assume Port 1 needs to go to "Trunk" PVID=1 and VLAN Membership would be 1,2,12,13,14,15.
Thanks guys I know it's alot but this helps my understanding. Apprecitate the time and the feedback.
A consumer router may support a virtual private network (VPN) connection, but that's a far cry from the network and security capabilities that a business-class router can provide. All it takes is some IT talent and know-how to set one up. You're hear...
Cisco RV340 Series Secure Router
Security License Features and Performance
Today, secure networking is imperative for every business, even the smallest one. The RV340 series security routers provides business users with advanced connectivity and...
Recorded Live at SpiceWorld 2018!With the increasing complexity of technology lengthy configurations, dealing with multiple vendors, constant updates and maintenance –it can feel like you are navigating an unruly IT jungle. Join Cisco's Amy Blanchard as s...