Solved: CISCO SMB NETWORK PROJECT

I-TECH · ‎01-25-2020

Good Afternoon All-

We are working on a new networking project, the client has very limited funding resources.

REQUIREMENTS:

Separate VLANS for VOICE | DATA | SECURITY SYSTEMS | WIRELESS.

But, Need to Maintain Connections to Domain Resources for DNS and DHCP Server Access connected on SW1.

CURRENT HARDWARE:

FW1 | CISCO ASA5520 | Routing Mode

SW1 | CISCO SG300-28 | L3 Routing Mode | DOMAIN SERVERS | MANAGED

SW2 | CISCO SG300-28 | L3 Routing Mode | SECURITY SYSTEMS & WIRELESS | MANAGED

SW3 | CISCO SG300-28 | PoE | VOICE PHONES | UN-MANAGED

SW1 -> SW3 | PORTS: 24 -> 28 | TRUNKS

VLANS:

VLAN 1 DEFAULT | x.x.1.0 | ALL PORTS | UN-TAGGED

VLAN 10 DATA | x.x.10.0 |ALL PORTS | TAGGED

VLAN 20 VOICE | x.x.20.0 | ALL PORTS | TAGGED

VLAN 30 WIRELESS | x.x.30.0 | ALL PORTS | TAGGED

VLAN 40 SECURITY | x.x.40.0 | ALL PORTS | TAGGED

All Devices are configured with their respective VLAN IP Addresses.

All Workstations are connected to the network via the Cisco IP Phones...

How can we configure VOICE to work and still get Domain Resource Access?

Thanks...

NinjaPirate · ‎01-25-2020

(config)#voice vlan id 20
(config)#voice vlan state auto-enabled
(config)#interface range fa1-23
(config-if-range)#switchport trunk native vlan 10
(config-if-range)#switchport trunk allowed vlan add 20

View solution in original post

balaji.bandi · ‎02-03-2020

A good way to do it is to understanding the setup and giving the right direction.

Your information not given detailed which IP address going to be where? since its L3 where is the Gateways and SVI configured?

The main issue is separating the traffic on SW1 and SW2 BUT Allowing VOICE TRAFFIC to SW3 which is a Cisco Non-Managed Switch.

BB -A couple of ways to do it is - Segment the network or handover to FW as gateway make FW rules.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎01-25-2020

Draw a simple network diagram to understand the network Flow. So you can implement ACL / FW Rules to meet your requirements.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I-TECH · ‎02-02-2020

@bb
Thanks for your reply...
However, this response is not detailed enough...
ACL's are already set on the ASA for the VLANS.
The main issue is separating the traffic on SW1 and SW2 BUT Allowing VOICE TRAFFIC to SW3 which is a Cisco Non-Managed Switch.
The Cisco IP Phones Live Here!
Workstations's are connected to the IP Phone PC Port #2
Workstations will need access to Domain Resources for DNS, DHCP, Etc...

Awaiting Responses...
Thanks Again.

balaji.bandi · ‎02-03-2020

A good way to do it is to understanding the setup and giving the right direction.

Your information not given detailed which IP address going to be where? since its L3 where is the Gateways and SVI configured?

The main issue is separating the traffic on SW1 and SW2 BUT Allowing VOICE TRAFFIC to SW3 which is a Cisco Non-Managed Switch.

BB -A couple of ways to do it is - Segment the network or handover to FW as gateway make FW rules.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NinjaPirate · ‎01-25-2020

(config)#voice vlan id 20
(config)#voice vlan state auto-enabled
(config)#interface range fa1-23
(config-if-range)#switchport trunk native vlan 10
(config-if-range)#switchport trunk allowed vlan add 20

I-TECH · ‎02-02-2020

CISCO SMB NETWORK PROJECT

Secure Access: Network Tunnel Groupの接続におけるFTDのECMP設定例

Network Services Orchestrator (NSO) - How To

Cisco Project

Help with school project

🚀 Cisco Live 2025 Recap: AI-ready workplaces with Cisco Networking