Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1243
Views
37
Helpful
17
Replies

4503 vlan design

Go to solution
rhopkins_nci
Level 1
Level 1

‎09-24-2007 09:56 AM - edited ‎03-05-2019 06:40 PM

Ok, this is alot of info attached. Not that I want a person to show me step by step on what to do. I would just like some of the questions answered. This switch was configured before I came on board. I guess I want to make sure this is a good design and that I am knowledgeable about the logic. Thanks in advance.

Labels:
Preview file
5 KB
0 Helpful
17 Replies 17

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to rhopkins_nci

‎09-27-2007 08:14 AM

Hi

Apologies for delay in replying, been a bit busy.

1) the pix needs to know how to route back to your vlans on the 4500. So using your drawing the pix is connected to the 4500 via a point to point link. Pix end 10.10.99.2, 4500 end 10.10.99.1. So on pix

route (inside) 10.10.11.0 255.255.255.0 10.10.99.1

route (inside) 10.10.12.0 255.255.255.0 10.10.99.1

etc... for all vlans on 4500 switch.

2) nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

says to NAT any inside private address to the public IP address of the outside interface so yes if you want all inside clients to be able to access the Internet you need this.

3) 3560. You need one vlan for all the devices you are connecting in ie.

ISP inside interface

pix outside interface

vid units

Remember that this switch will not connect back to the 4500 switch so you can use any vlan you like. Do not use vlan 1.

4) Because wireless is less secure i would recommend having a separate vlan for these. So i would have at a minimum

i) server vlan

ii) wireless ap vlan

iii) client vlan(s) - depends how many clients you have.

I would only use vlan 99 for connecting pix to 4500 so don't put any other devices on this vlan.

5) You need to put ip helper-addresses on any vlan with clients that use DHCP to get an address. So assuming you have a DHCP server on your server vlan you will need to add the ip helper-address under each client vlan interface.

Don't worry about asking questions that's what NetPro is for and you'll find a lot of knowledgeable people on these forums.

Jon

0 Helpful

Go to solution
rhopkins_nci
Level 1
Level 1
In response to Jon Marshall

‎09-27-2007 10:42 AM

Awesome, thanks for the great advice and steps Jon. Maybe I'll get the hang of it so I can help others out on netpro. Anyway, send me an invoice, lol. RT.

0 Helpful

Go to solution
rhopkins_nci
Level 1
Level 1
In response to Jon Marshall

‎09-25-2007 12:38 PM

Now when you say delete the L3 svi, is that the public ip address. So I would add my "link to internet" port on the 4503 as the isp rtr int? And give my vid units public ip's, would I use the isp router as the default gateway? Now I did just purchase a cat3560_8pc, could I use this as the outside switch? If so, how would this change things? I surely appreciate all the help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card