Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2647
Views
0
Helpful
4
Replies

Network segregation

Go to solution
christopher_hall
Level 1
Level 1

‎07-07-2011 12:14 PM - edited ‎03-07-2019 01:07 AM

We are in the process of splitting our servers, printers and workstations into two networks and I would like to hear your thoughts.

Currently, our prinmary network is 10.20.102.0/24. We would like to keep our servers and printers on this network and move workstations to 10.20.104.0/24. As I understand it, I should be able to create a new VLAN with an IP such as 10.20.104.1, create a new DHCP scope on our windows server, then force the workstations to update their IPs. We have a layer 3 switch (Catylst 3560) that would handle routing the traffic between VLANs. Switchports with workstations connected would be configured with "switchport access vlan <104>". In my current knowledge on routing/switching, if you have a device on LAN A with an IP of 10.20.102.55 trying to communicate with a device on LAN B with an IP of 10.20.104.25, it would go to the gateway, since the device isn't on the same LAN, which would then route it to the next hop. What if these LANs are on the same physical network? How would these devices communicate? Also, how will the workstations get IPs from a server on a different network?

Network equipment:

Core Router == Cisco 2811 Router

Switches == 4 Cisco Catalyst 3560

Server:

IBM xSeries running Windows 2003

Workstations:

Windows XP

VLANS:

VLAN 10 == Data (10.20.102.1 -- all printers/workstations/servers)

VLAN 172 == Voice (172.20.102.1 -- phones, phone equipment)

Let me know if you need other information

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Antonio Knox
Level 7
Level 7

‎07-07-2011 01:06 PM

Let's use your example.  If your Vlan interfaces are configured on the 3560:

interface Vlan10

description LAN A

ip address 10.20.102.1 255.255.255.0

interface Vlan 104

description LAN B

ip address 10.20.104.1 255.255.255.0

Device A has his default gateway set to 10.20.102.1 (interface Vlan10) and device B has his default gateway configured to 10.20.104.1 (interface Vlan104). If device A (10.20.102.55) wants to talk to device B (10.20.104.25), the traffic would have been routed on the 3560 between Vlans 102 and 104.

As for DHCP, if there is a server on a separate network (let's give the DHCP server an ip: 192.168.2.15) you would configure an 'ip helper-address' on each vlan, which will forward each DHCP Discover broadcast to the DHCP server as a unicast packet.  This is done because by default the router (3560) will not forward broadcasts.

interface Vlan10

description LAN A

ip address 10.20.102.1 255.255.255.0

ip helper-address 192.168.2.15

interface Vlan 104

description LAN B

ip address 10.20.104.1 255.255.255.0

ip helper-address 192.168.2.15

Hope this makes sense.

Message was edited by: Antonio Knox

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Antonio Knox
Level 7
Level 7

‎07-07-2011 01:06 PM

Let's use your example.  If your Vlan interfaces are configured on the 3560:

interface Vlan10

description LAN A

ip address 10.20.102.1 255.255.255.0

interface Vlan 104

description LAN B

ip address 10.20.104.1 255.255.255.0

Device A has his default gateway set to 10.20.102.1 (interface Vlan10) and device B has his default gateway configured to 10.20.104.1 (interface Vlan104). If device A (10.20.102.55) wants to talk to device B (10.20.104.25), the traffic would have been routed on the 3560 between Vlans 102 and 104.

As for DHCP, if there is a server on a separate network (let's give the DHCP server an ip: 192.168.2.15) you would configure an 'ip helper-address' on each vlan, which will forward each DHCP Discover broadcast to the DHCP server as a unicast packet.  This is done because by default the router (3560) will not forward broadcasts.

interface Vlan10

description LAN A

ip address 10.20.102.1 255.255.255.0

ip helper-address 192.168.2.15

interface Vlan 104

description LAN B

ip address 10.20.104.1 255.255.255.0

ip helper-address 192.168.2.15

Hope this makes sense.

Message was edited by: Antonio Knox

0 Helpful

Go to solution
christopher_hall
Level 1
Level 1
In response to Antonio Knox

‎07-08-2011 06:03 AM

Antonio, Thank you much for your reply! I had asked this previously and have finally gotten the word to move this project forward. The DHCP server is actually on the 10.20.102.0 network. So the 3560 handles forwarding because it's a layer 3 switch, huh? If it wasn't a layer 3, what would happen to these packets? Dropped?

0 Helpful

Go to solution
christopher_hall
Level 1
Level 1
In response to Antonio Knox

‎07-08-2011 06:12 AM

One more follow-up question: the interfaces that the workstations are connected to, they should be configured with SWITCHPORT MODE ACCESS, correct?

0 Helpful

Go to solution
Antonio Knox
Level 7
Level 7
In response to christopher_hall

‎07-21-2011 07:15 AM

Sorry for the late response, but you are correct.  Workstation ports should be configured with 'switchport mode access'.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card