Solved: Setting up two separate networks with access to shared resources

tom.tuffin · ‎01-20-2013

Hi all,

We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:

ESW-520 will host Company A's network. Workstations, servers etc
SG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers.
The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating.
The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300.

Will this be possible with these two switches? Would this be the best way to go about it?

Appreciate any recommendations you can provide.

Thanks,

Tom

Tom Watts · ‎01-20-2013

Hi Tom, yes the ESW can be either an access port to vlan 2, untagged or you can set up the trunk to host devices on both subnets on the ESW, your choice. When the SX300 is in L3 it will locally handle the intervlan routing when you assign IP addresses to the vlan interfaces.

The default gateways will be the SX300 SVIs (vlan interfaces). There will always be a route set up between the subnets if assign each vlan an IP address.

You'll see ARP of course across the subnets of course. Not sure about the DHCP ack, etc.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

Tom Watts · ‎01-20-2013

Hi Tom, this will work fine, the SG300 will need to be set in layer 3 mode to accomplish this unless your UNIX gateway will manage the LAN traffic routing.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

tom.tuffin · ‎01-20-2013

Hi Tom,

Thanks for confirming that. The SG-300 will be set in layer 3 mode. In regards to the ESW-520, will this just connect to one of the VLAN2 ports on the SG-300?

The default gateway for devices in Company A's network will be the ESW-520, which will have a static route to the VLAN2 subnet.

The default gateway for devices in Company B's network will be VLAN2 IP on the SG-300.

Does this sound correct?

Also as long as there are no routes setup between Company A and Company B's subnets, there won't be any traffic passing through such as DHCP acks etc?

Thanks again,

Tom

Tom Watts · ‎01-20-2013

Hi Tom, yes the ESW can be either an access port to vlan 2, untagged or you can set up the trunk to host devices on both subnets on the ESW, your choice. When the SX300 is in L3 it will locally handle the intervlan routing when you assign IP addresses to the vlan interfaces.

The default gateways will be the SX300 SVIs (vlan interfaces). There will always be a route set up between the subnets if assign each vlan an IP address.

You'll see ARP of course across the subnets of course. Not sure about the DHCP ack, etc.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

tom.tuffin · ‎01-20-2013

Great. Thanks Tom.