Hello @Tahree,
Greetings,
According to your diagram, as well as what you have mentioned in your post, I would recommend for you this configuration solution (keeping in mind that it depends on what I have understood from the given info.)
1-For the 4 servers that should be accessed by all the users, I would create for them a separate vlan, let's say Vlan 10 and name it for example Servers_Farm, then I would assign the 4 ports that are connecting the servers to the switch to be access ports:
The configuration:
#vlan 10
#name Server_Farm
#exit
#interface range f0/1-4
#switchport mode access
#switchport access vlan 10
#exit
2- For users, network printers and access points that are directly connected to the main Cisco Switch,
if all of them should communicate to each other, it means that we can create another vlan for them, but if you want to group them to 2 or 3 or ... groups, so you will need to create several vlans, and assign each port as an access port to the specific vlan. For example, we will create vlan 11 and name it Sales, and vlan 12 and name it Marketing.
The configuration:
#vlan 11
#name Sales
#vlan 12
#name Marketing
#exit
#interface range f0/5-7
#switchport mode access
#switchport access vlan 11
#interface range f0/8-10
#switchport mode access
#switchport access vlan 12
#exit
3- For tp-link switches, if they are unmanaged switches (which means that I can not be configured) so It will be treated as same as users (like step 2). But if they are managed, so, you will need to configure the Cisco switch port to trunk (tag) the vlans that would be allowed to pass to this switch, for example, let's say that users that will be connected to the tp-link switch will use vlan 11 only.
The Configuration:
#interface f0/11
#switchport trunk encapsulation
#switchport mode trunk
#switchport trunk allowed vlan 11
#exit
4- But according to the previously mentioned 3 steps, the users and hosts in the different vlans will never communicate with each other or even with the servers, in order to make not only vlans but also users to access each others and/or access the servers, you will need to (I am assuming that your Cisco Switch is a Layer 3 switch)
A- configure an ip address for each SVI:
#interface vlan 10
#ip address 10.1.10.1 255.255.255.0
#no shutdown
#interface vlan 11
#ip address 10.1.11.1 255.255.255.0
#no shutdown
#interface vlan 12
#ip address 10.1.12.1 255.255.255.0
#no shutdown
#exit
Note, that every host within each vlan should take an IP address from the same range of it's vlan SVI, and the SVI IP address should be configured as a gateway to each user as well!
B- issue the following command, which is enabling the routing:
#ip routing
Now, all users can ping each others even if they are in different vlans, but what about if you want all vlans to communicate with the server farm except vlan 11, it's simple and easy, you just will need to configure an access list:
# access-list 110 deny ip 10.1.11.0 0.0.0.255 10.1.10.0 0.0.0.255
# access-list 110 permit ip 10.1.11.0 0.0.0.255 any
#int vlan 11
#ip access-group 110 in
#exit
5- For the connection to the ISP modem, I would connect it to (for example) port 48, and here would be the configuration:
#interface f0/48
#no switchport
#ip address 192.168.1.2 255.255.255.0
#no shutdown
(considering that the modem has the IP address 192.168.1.1 and it has Nat to the public network "like the home modems")
Then configure a default route:
#ip route 0.0.0.0 0.0.0.0 192.168.1.1
#do write (for saving configuration)
That's it!
Please, don't hesitate to contact me if you have any inquiry!
Happy to support you!
Also please, don't forget to rate any helpful response and to make solutions!
Bst Rgds,
Andrew Khalil
