11-18-2011 04:50 AM
We have been set the task of securing a small managed office system which is currently set up with a standard switch allowing each of the offices (containing different companies) to see each other, and in some cases, access each others documents across the network.
Obviously this is a far from adequate set up and our aim is to isolate each office using VLAN's but share a common internet connection provided by the managed offices. We have two Cisco SGE2000-G5 layer 3 switches but we are new to Cisco equipment and VLAN's so we are not quite sure on how to implement this. DHCP would need to be provided by a Router, there is no Server. We are open to suggestions on the Router as we have yet to purchase one.
I hope someone can be of assistance.
Many thanks,
Jim
Solved! Go to Solution.
11-18-2011 07:42 AM
Hi Jim,
The SGE2000 switches you are using should be able to handle that with no problem. What type of router are you using? As long as you have a router that will support vlans/multiple subnets, it should be a simple setup.
Here is a quick run down of the steps to set this up. (using vlan1 and vlan2)
On the router, create a 2nd vlan/subnet and set the port connecting to your switch to be trunked with both vlans 1 and 2. (one will be untagged, two will be tagged)
On the switch, create vlan2 and do the same for the port connected to the router. (untagged vlan1 and tagged vlan2)
Now for each port on the switch you want to assign the port to be access and either vlan1 or vlan2. (this vlan will be untagged)
If your router allows it, disable inter-vlan routing. If not, you will have to create some rules blocking traffic from one network to the other.
All of this is going under the assumption that your router can support vlans and can also do DHCP for these vlans.
Hope this information helps
11-18-2011 07:42 AM
Hi Jim,
The SGE2000 switches you are using should be able to handle that with no problem. What type of router are you using? As long as you have a router that will support vlans/multiple subnets, it should be a simple setup.
Here is a quick run down of the steps to set this up. (using vlan1 and vlan2)
On the router, create a 2nd vlan/subnet and set the port connecting to your switch to be trunked with both vlans 1 and 2. (one will be untagged, two will be tagged)
On the switch, create vlan2 and do the same for the port connected to the router. (untagged vlan1 and tagged vlan2)
Now for each port on the switch you want to assign the port to be access and either vlan1 or vlan2. (this vlan will be untagged)
If your router allows it, disable inter-vlan routing. If not, you will have to create some rules blocking traffic from one network to the other.
All of this is going under the assumption that your router can support vlans and can also do DHCP for these vlans.
Hope this information helps
11-18-2011 08:16 AM
Many thanks Robert,
We don't have a router yet so probably won't be able to test this configuration until we obtain one. Do you have any suggestions as to a model (ideally with GUI as we are no Cisco command line experts) that will enable us to link this all together?
Looks like the set up will be quite straight forward.
Many thanks and I look forward to your reply.
Jim
11-18-2011 08:49 AM
There are many options for routers in the small business line. All routers support vlans, VPNs and are webGUI based.
For wireless routers
RV120W - good feature set wireless
WRVS4400N - has gigabit speed ports as well as simplied webGUI
RV220W - most features with gigabit spped ports
For wired routers
RV042 - dual WAN with port-based vlans
RVS4000 - Gigabit speed ports
11-18-2011 09:07 AM
Many thanks Robert.
I'm assuming these are not ADSL Routers? It would be handy to have one box instead of a router and modem. Are there any ADSL Routers that will also do the job? Do all of these have the inter-vlan routing option to save us having to make those rules? We like things as simple as possible!
Many thanks,
Jim
11-18-2011 09:37 AM
We do offer ADSL routers. We do not often get inquires about them and I have not had a chance to sit down and work on one so my information is limited.
The SRP526 and SRP527 both have connections for DSL.
As for the inter-vlan routing options, all of the routers but the RV042 have a simple enable/disable feature.
11-18-2011 01:48 PM
Many thanks Robert, your info has been most helpful. We will get our hands on one of the routers you mention and have a play. No doubt we will be back on this topic if we hit a brick wall.
Thanks for your prompt attention.
Jim
11-21-2011 04:19 AM
Hi Robert,
I've been having a look at those Routers you suggest but they seem to only support 4 VLAN's. We will require one VLAN for each of the 16 offices. Will the Routers you have suggested manage this or do we need to look at an alternative?
Many thanks,
Jim
11-21-2011 06:09 AM
Hi Jim,
Unfortunately most of the routers in the small business line only support up to 4 vlans. As an alternative, you could use a layer 3 switch which supports multiple vlans with one of those routers. The limitation of this would be that you have to have a DHCP server for each vlan or a DHCP server that supports Option 82/DHCP relay.
Another option would be to use multiple routers. This would work, however the cost could be restrictive.
11-21-2011 06:15 AM
We will be using the SGE2000-G5 switch which supports Layer3. You suggested the following routers the other day, do these support Option 82?
wireless
RV120W - good feature set wireless
WRVS4400N - has gigabit speed ports as well as simplied webGUI
RV220W - most features with gigabit spped ports
wired
RV042 - dual WAN with port-based vlans
RVS4000 - Gigabit speed ports
Thanks,
Jim
11-21-2011 06:22 AM
You could definately use the switch you have already, in layer 3. Unfortunately the routers only have simple DHCP servers built in. The only other option would be to set static IP addresses. This would work, but would grow hard to manage with network growth.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide