Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
5
Helpful
3
Replies

Port Protection or Equivlant?

jo2jo1518
Level 1
Level 1

‎01-21-2007 03:19 PM - edited ‎03-05-2019 01:54 PM

I have a set of 3 cisco 1900s switches all uplinked to cisco 2900XL which is uplinked to a router, and then the internet...all works great all the time.. i just have everyone plugged into the 1900s on the same 192.168.5.0/24 network via DHCP addresses.

I want to isolate all broadcast traffic to each port (idealy) or to each switch (if more reliable). I'm trying to keep people on the same switch from espesically non IP intra switch communications.

I was thinking per port VLANs or per switch VLANs...or if more, smaller subnets for just IP traffic.. but im not really sure.

any ideas or suggestions?

tks

Labels:
0 Helpful
3 Replies 3

sachinraja
Level 9
Level 9

‎01-21-2007 03:28 PM

Hello jojo,

Yeah.. you need to create VLANs to reduce the broadcast domain on your network.. Ideally, you can define VLANs, based on the department, floors , switch etc... for eg:

VLAN 10 - admin

VLAN 11 - finance

VLAN 12 - Production

VLAN 20 - Testing

VLAN 30 - Server VLAN

Once you define these parameters, you need to allocate different subnets for each of these VLAN. You can configure dot1q or ISL trunking between the switches to carry all the VLAN information across switches.

All these are fine, but the main thing you will be missing is a layer 3 switch.. for all communication between VLANs, you will require a layer 3 component.. routers can be used for this, but i would suggest a layer 3 switch, throug which u will have more control.. without layer 3 switch, it not advicible to go to a VLAN based network...

Hope this helps.. all the best.. rate replies if found useful..

Raj

jo2jo1518
Level 1
Level 1

‎01-21-2007 06:12 PM

raj,

Thanks for the quick reply, i will add points.

GOAL: I'm trying to do a low cost, simple, private IP wired solution for a appartment complex...about 100 ports.

The router i'm using is a Mikrotik, routerboard and it does NOT support the VLAN tags of 2900s or 1900s (it does for late model cisco switches though)...My router must remain mikrotik.

QUESTION: 1) would i only need one layer3 swtich to interconnect the 5 x cat1900s? then uplink the non vlan tag router into that?

2) OR is there a way to ONLY allow protocol IP trafic across the switch? if so i can restrict broadcasts by doing proper small subneted networks since all the clients get there ip via DHCP.

thanks again,

jo

0 Helpful

sachinraja
Level 9
Level 9
In response to jo2jo1518

‎01-21-2007 06:31 PM

Hello Jo,

1) would i only need one layer3 swtich to interconnect the 5 x cat1900s? then uplink the non vlan tag router into that?

Ans - One L3 will be a minimum requirement. if you want high availability, then you can go for 2, just to configure it as Active/standby types.. what is the uplink u want to use from cat 1900 ?? copper or fiber ? normally most of the low end L3 switches come with 4 port fiber uplink modules. If u need more than 4, we might need to look at a slightly higher option !!!

2) Ans - are the 100 ports in the same floor ? 100 PCs in a VLAN is fine, unless the customer wants security and scalability in future.. you can put them on different VLANs only if required... There will be only IP protocol traffic flowing thro the switch. Are there any other protocols on your network ??

Hope this helps.. all the best..

Raj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card