You said three weeks ago
My questions:
What configuration do I use for ports e7 and e8, where I have IP cameras that should be on VLAN 6. VLAN 5 and 4 should be blocked from accessing the cameras.
E7 and E8 will be untagged in VLAN6.
You can have a access list in the switch to block access from vlan5 and 4 IP networks to VLAN6 IP cameras host addresses and have an allow for all other addresses on VLAN 6 and apply the list to associated ports. Below is an example of me blocking access to 10.1.1.11 from the 192.168.20.0 network. But I could still ping other Hosts in the 10.1.1.0 network. Just remember that the ACL has to be bound to interfaces so that it can pattern match the ingressing IP packets.
The NVR recording server is on the second gigabit interface, g2. It should be able to talk to the cameras over VLAN 6, as well as computers on VLAN 1 and of course out over the wan connection on the 1721 router.
What is the proper config for ports with a Cisco 7940 IP phone plugged in and a PC connected to the phone for VLAN 1? I turned on the Voice VLAN stuff but I'm not sure how else to set the port, in Catalyst land that's an access or trunk port with the voice VLAN detected by the phone, but this seems different.
Why not use the voice vlan functionality, but the switch trust DSCP by default, so hopefully QOS should not be a issue.
I do have the switch set in Layer 3 mode because I don't want the weak 1721 router doing all the inter-VLAN routing when the switch should be much more adept. Once I get my brain wrapped around how these switches work I'm sure they're great, but it sure is tough when you're used to the CLI....
These should have a supported CLI by the end of MAY
Hope everyone has a good weekend.
