cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2695
Views
25
Helpful
16
Replies

Best config for the required environment

Tahree
Level 1
Level 1

i have a cisco switch 48 port and 2 are gb ports and I have 4 servers and most of the ports are directly connected to the users i.e access port and some are going to the tp link switches(then to the users) and some are going to the printers and some are going to access points modems/router so whats the best config recomended for best possible result?

3 Accepted Solutions

Accepted Solutions

Here to go with basic vlans configuration

 

https://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/switch_module_swcg/cgr-esm-configuration/config_vlans.pdf

 

BR

Tayyab - www.tayyabmunir.com

 

*** Please rate if response helpful *** 

*** Please rate all helpful responses and mark solutions***

View solution in original post

Hello @Tahree,

Greetings,

 

According to your diagram, as well as what you have mentioned in your post, I would recommend for you this configuration solution (keeping in mind that it depends on what I have understood from the given info.)

 

1-For the 4 servers that should be accessed by all the users, I would create for them a separate vlan, let's say Vlan 10 and name it for example Servers_Farm, then I would assign the 4 ports that are connecting the servers to the switch to be access ports:

The configuration:

#vlan 10

#name Server_Farm

#exit

#interface range f0/1-4

#switchport mode access

#switchport access vlan 10

#exit

 

2- For users, network printers and access points that are directly connected to the main Cisco Switch,

if all of them should communicate to each other, it means that we can create another vlan for them, but if you want to group them to 2 or 3 or ... groups, so you will need to create several vlans, and assign each port as an access port to the specific vlan. For example, we will create vlan 11 and name it Sales, and vlan 12 and name it Marketing.

The configuration:

#vlan 11

#name Sales

#vlan 12

#name Marketing

#exit

#interface range f0/5-7

#switchport mode access

#switchport access vlan 11

#interface range f0/8-10

#switchport mode access

#switchport access vlan 12

#exit

 

3- For tp-link switches, if they are unmanaged switches (which means that I can not be configured) so It will be treated as same as users (like step 2). But if they are managed, so, you will need to configure the Cisco switch port to trunk (tag) the vlans that would be allowed to pass to this switch, for example, let's say that users that will be connected to the tp-link switch will use vlan 11 only.

The Configuration:

#interface f0/11

#switchport trunk encapsulation

#switchport mode trunk

#switchport trunk allowed vlan 11

#exit

 

4- But according to the previously mentioned 3 steps, the users and hosts in the different vlans will never communicate with each other or even with the servers, in order to make not only vlans but also users to access each others and/or access the servers, you will need to (I am assuming that your Cisco Switch is a Layer 3 switch)

A- configure an ip address for each SVI:

#interface vlan 10

#ip address 10.1.10.1 255.255.255.0

#no shutdown

#interface vlan 11

#ip address 10.1.11.1 255.255.255.0

#no shutdown

#interface vlan 12 

#ip address 10.1.12.1 255.255.255.0

#no shutdown

#exit

 

Note, that every host within each vlan should take an IP address from the same range of it's vlan SVI, and the SVI IP address should be configured as a gateway to each user as well!

 

B- issue the following command, which is enabling the routing:

#ip routing

 

Now, all users can ping each others even if they are in different vlans, but what about if you want all vlans to communicate with the server farm except vlan 11, it's simple and easy, you just will need to configure an access list:

# access-list 110 deny   ip 10.1.11.0 0.0.0.255 10.1.10.0 0.0.0.255

# access-list 110 permit   ip 10.1.11.0 0.0.0.255 any

#int vlan 11

#ip access-group 110 in

#exit

 

5- For the connection to the ISP modem, I would connect it to (for example) port 48, and here would be the configuration:

#interface f0/48

#no switchport

#ip address 192.168.1.2 255.255.255.0

#no shutdown

(considering that the modem has the IP address 192.168.1.1 and it has Nat to the public network "like the home modems")

Then configure a default route:

#ip route 0.0.0.0 0.0.0.0 192.168.1.1

#do write       (for saving configuration)

 

That's it!

 

Please, don't hesitate to contact me if you have any inquiry!

Happy to support you!

 

Also please, don't forget to rate any helpful response and to make solutions!

Bst Rgds,

Andrew Khalil

View solution in original post

@MUHAMMAD TAYYAB MUNIR greetings,

I agree with you that the diagram is not clear and the info is not sufficient enough to give the advice, that's why it was my first reply, BUT we should expect that such a post is not from an expert as well as not for an expert! 

That's why we are taking a part in the community so that we can support beginners and gain knowledge from the experts! 

@Tahree, I hope we can give you the support you would like and to be helpful enough! 

 

Please don't forget to rate all helpful responses and mark solutions!

Bst Rgds,

Andrew Khalil

 

View solution in original post

16 Replies 16

Hi Tahree,

 

Would you answer below in order to understand;

1) The switch is already in production or new installation

2) as my understanding you have only available two gig ports and your going to connect 4 servers cascaded with  TP-Link switch

3) Please share the switch "show version" output

4) Share the running config in order to provide you with the solution.

 

Regards 

Tayyab  - www.tayyabmunir.com

*** rate pleases ***

*** Please rate all helpful responses and mark solutions***

I have installed this new switch a week before replacing a 3 tp link switches.

The file server and my accounts server(that are mainly used) will be connected at the GB rest 2 servers will be connected to the 100mbps

 

What is the model of switch? and please share the "show version" 

*** Please rate all helpful responses and mark solutions***

balaji.bandi
Hall of Fame
Hall of Fame

Easy way to do this, better put them each one seperate VLAN, and create and SVI interface inside switch.

So in case if you like to control with ACL for the Servers or printers you can achieve this in simple manner.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

its a layer 2 sw how can I create SVI

Here to go with basic vlans configuration

 

https://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/switch_module_swcg/cgr-esm-configuration/config_vlans.pdf

 

BR

Tayyab - www.tayyabmunir.com

 

*** Please rate if response helpful *** 

*** Please rate all helpful responses and mark solutions***

Joseph W. Doherty
Hall of Fame
Hall of Fame
". . . whats the best config recomended for best possible result?"

Depends on what you consider the best possible result. Could you clarify what you believe that might be?

the best possible results means the best possible configurations and any amendments if suggests in the design.

Hello @Tahree,

Greetings,

 

According to your diagram, as well as what you have mentioned in your post, I would recommend for you this configuration solution (keeping in mind that it depends on what I have understood from the given info.)

 

1-For the 4 servers that should be accessed by all the users, I would create for them a separate vlan, let's say Vlan 10 and name it for example Servers_Farm, then I would assign the 4 ports that are connecting the servers to the switch to be access ports:

The configuration:

#vlan 10

#name Server_Farm

#exit

#interface range f0/1-4

#switchport mode access

#switchport access vlan 10

#exit

 

2- For users, network printers and access points that are directly connected to the main Cisco Switch,

if all of them should communicate to each other, it means that we can create another vlan for them, but if you want to group them to 2 or 3 or ... groups, so you will need to create several vlans, and assign each port as an access port to the specific vlan. For example, we will create vlan 11 and name it Sales, and vlan 12 and name it Marketing.

The configuration:

#vlan 11

#name Sales

#vlan 12

#name Marketing

#exit

#interface range f0/5-7

#switchport mode access

#switchport access vlan 11

#interface range f0/8-10

#switchport mode access

#switchport access vlan 12

#exit

 

3- For tp-link switches, if they are unmanaged switches (which means that I can not be configured) so It will be treated as same as users (like step 2). But if they are managed, so, you will need to configure the Cisco switch port to trunk (tag) the vlans that would be allowed to pass to this switch, for example, let's say that users that will be connected to the tp-link switch will use vlan 11 only.

The Configuration:

#interface f0/11

#switchport trunk encapsulation

#switchport mode trunk

#switchport trunk allowed vlan 11

#exit

 

4- But according to the previously mentioned 3 steps, the users and hosts in the different vlans will never communicate with each other or even with the servers, in order to make not only vlans but also users to access each others and/or access the servers, you will need to (I am assuming that your Cisco Switch is a Layer 3 switch)

A- configure an ip address for each SVI:

#interface vlan 10

#ip address 10.1.10.1 255.255.255.0

#no shutdown

#interface vlan 11

#ip address 10.1.11.1 255.255.255.0

#no shutdown

#interface vlan 12 

#ip address 10.1.12.1 255.255.255.0

#no shutdown

#exit

 

Note, that every host within each vlan should take an IP address from the same range of it's vlan SVI, and the SVI IP address should be configured as a gateway to each user as well!

 

B- issue the following command, which is enabling the routing:

#ip routing

 

Now, all users can ping each others even if they are in different vlans, but what about if you want all vlans to communicate with the server farm except vlan 11, it's simple and easy, you just will need to configure an access list:

# access-list 110 deny   ip 10.1.11.0 0.0.0.255 10.1.10.0 0.0.0.255

# access-list 110 permit   ip 10.1.11.0 0.0.0.255 any

#int vlan 11

#ip access-group 110 in

#exit

 

5- For the connection to the ISP modem, I would connect it to (for example) port 48, and here would be the configuration:

#interface f0/48

#no switchport

#ip address 192.168.1.2 255.255.255.0

#no shutdown

(considering that the modem has the IP address 192.168.1.1 and it has Nat to the public network "like the home modems")

Then configure a default route:

#ip route 0.0.0.0 0.0.0.0 192.168.1.1

#do write       (for saving configuration)

 

That's it!

 

Please, don't hesitate to contact me if you have any inquiry!

Happy to support you!

 

Also please, don't forget to rate any helpful response and to make solutions!

Bst Rgds,

Andrew Khalil

Sir Thank you v much for ur detail answer... really appreciated.

Ah, that really doesn't help. Network design and supporting configurations' "best" depends on your goals/requirements.

For example, one design might have all your hosts in one VLAN while another might have every host connected to a PVLAN while even another (unlikely though) design might have every host in its own VLAN. Again, without knowing your goals/requirements, no way to say which of the forgoing, or something else, might be "best".

 

Diagram doesn't look good and not easy to understand from the attached picture, Switch configuration is very easy. 

 

Please answer the following questions;

1) How many types of devices do you want to connect to the switch? 

2) Do you want to have reachability between all the devices connected on the switch?

3) Do you have a DHCP server in your network or not if yes please provide details?

4) Switch uplink connectivity with DSL router or you have a separate fiber link?

5) How many switches and router do you have in the network?

 

BR,

Tayyab

*** Please rate all helpful responses and mark solutions***

@MUHAMMAD TAYYAB MUNIR greetings,

I agree with you that the diagram is not clear and the info is not sufficient enough to give the advice, that's why it was my first reply, BUT we should expect that such a post is not from an expert as well as not for an expert! 

That's why we are taking a part in the community so that we can support beginners and gain knowledge from the experts! 

@Tahree, I hope we can give you the support you would like and to be helpful enough! 

 

Please don't forget to rate all helpful responses and mark solutions!

Bst Rgds,

Andrew Khalil

 

1) To the main cisco sw end users, tp link routers, Dlink switches are connected
2)I want the reachability b/w the server and the users not b/w the user and the user.
3)I have DHCP configured. from ISP i provide a link to TP link Router which is acting as a DHCP and from this DHCP to the SW
4) 1 48 port cisco 2950, 6 Dlink switches, 5 routers for wireless connectivity.
Review Cisco Networking for a $25 gift card