Ok we have a switch, all ports are on VLAN1, it was used to extend a VLAN from another location, from the Telus internet switch.
So this is how it works, we have a Guest network that people can use, it has its own vlan and we have contractors with their own VLANs that we create on our switch fabric.
Most will bring a firewall/router in, we will plug their outside interface into our internet switch (VLAN1), give them an outside IP and plug the inside interface into their VLAN we created for their network. Their router is located in our data room with the internet switch.
We have some contractors that don’t want to use our VLAN and switch fabric for security reasons, they only want an outside IP. The problem is, that switch is only in our data room and I’m not sure how to extend it across the network to are other switches. It’s not apart of our VTP domain and I’m assuming the Telus switch it’s plugged into is on VLAN1.
I’m setting up a lab to test things now, I was thinking I could create them a vlan on our switches and plug it into vlan 1 but there will be a vlan mismatch, if I create an external vlan for vendor A ID VLAN 6 and plug it into VLAN1 will it cause issues or even work? Then another vendor I would create VLAN7 and plug them into the same internet switch into a vlan1 port. Can you think of anything that would work?
Also I know that we're still using our switch fabric for their outside connection so their "security" policies really are still being broken.
Vlan tagging are done inside the switch. means, if the frame are out of the switch, its basically a normal ethernet frame. so what happen if you plugging vlan5 from switch A to vlan1 at the switch B? as long as you have the client in the same layer 3 address (the same network id) then it will connect, disregard the vlan diffrences.
and for your current situation, perhaps providing a rough network diagram will help.
Thanks, I don't have a diagram done up at the moment. But basically this is how it will work.
I would have this setup for a few companies who need an external connection, they would all be on the same subnet with almost the same external internet addresses. Basically all I want to do is get that INTERNET_SWITCH with all of it's ports on VLAN1 extended across to where their equipment is going to be.
what kind of connnection is it between INTERNET_SWITCH_VLAN1 to SWITCH_VLAN5 ? do you configure trunk?
so those companies gonna have their own public ip which has diffrent network id to the other company?
The switch which has VLAN5 is configured and available across our network. I was going to plug an access port into an access port, so VLAN5 plug into VLAN1 on the internet switch.
Right now I have the companies rack their routers in my data room so I just plug them directly into the internet switch which is like a hub all on VLAN1. Then I give them an outside internet IP to assign to their router, they usually setup a VPN back to their companies main shop.
So for company A I would give them VLAN5, company B I would give them VLAN6, they would plug their outside interface of their routers into a switchport on their outside vlan, then in my IT room I would plug my internet switch into each VLAN as well, all layer 2. The companies don't need to talk to each other, I just need that them to be able to plug into the internet switch from across my site. I can't extend the VLAN1 across because that is what we use for management.