msobier123 wrote:
Hi,
There is no attach file, and your describtion is not quite clear.
Could you please elaborate more on your objective?
Regards,
Mohamed

Oops, sorry Mohammed, i read the first line of your answer and skipped the 2nd so i have kind of repeated your post.

It is confusing as to what is trying to be achieved.

Jon

Thanks guys for your response.
The diagram is attached.

The aim is pc behind 2950 need to talk to outside.

before there was a firewall in path as in diagram . and now i want to remove the firewall , So i am using the same ip which was configured for FW to 3560 switch one interface (routed interface )  so that i can given the same ip as default gateway for the users .

So the idea is we should not make any changes on 2950 . as users should not feel the firewall is removed is that possible , or do i need to make any changes in 2950 ?

Please advice and let me know if you need more information

Thanks in advance

Hi,

It should work this way without any change but your 3560 won't replace a fw like PIX or ASA or even a zbf firewall.

Why were you having a fw between 2950 and 4500?

Regards.

Hi cadetalain

Thanks for your quick response

yes thats okay i dont need a FW feature now .

now could you please clarify me these doupts to understand it better

1.Will it matter that 2950 is vlan 1 and 3560 is in different vlan if not that how the communication happens, is there any doc i can refer to

2.How the communication happens between a router port (3560 fa0/5 ) L3 and 2950  fa 0/24 L2

3.can you also please tell me what would be the interface config on 2950 fa0/24

do i need make 2950 fa0/24  as access switch port mode access

do i need assigne 2950 fa0/24 to vlan 1 / vlan 777  ?is the default-ip command requied ?

Thanks in advance

Hi,

1) no but to communicate with Vlan777 you'll have to create int vlan777 and give it an ip address on your 3560

2) if you want to communicate with your 2950 then the routed port on 3560 is on same subnet as  int vlan1 on 2950 and so

   communication is ok

From your PCs perspective all they need is a default gw to communicate with vlan777

3) ip default-gateway on 2950 is needed if you want to communicate between int vlan1 outside of vlan1( for administration )

But you could leave switchport on 3560 create int vlan1 with ip add 10.0.0.1 and put the link between 2950 and 3560 as access port in vlan 1

and then also create vlan777 on 3560.

Hi ,

Thanks a lot , Hope i cam not confusing you

Currently Vlan 777 on 3560 is on diff subnet 10.1.0.0/24

Routed interface fa0/5 on 3550 is on a diff subnet 10.0.0.1/24 (2850 is on this subnet )

No the pc will have a gateway of Routed interface fa0/5 ip address .

so in this set up will the pc be able to communicate with vlan 777 network which is my aim

For machines in vlan777 to communicate with machines in vlan1 you must have int vlan 1 on your 2950, int vlan777 on 3560.

def gw for vlan 1 is int vlan1 and for vlan 777 is int vlan777.

Regards.

Regarding your statement

so if I understand it correctly

3650#

interface vlan 777

ip address

2950

interface vlan 1

ip adddress

and default gate way respectivly.

.So now could you please help me to provide a good doc when i can read more about this communication

just want to know when the packet from 2950 with vlan 1 tag comes to 3650 routed interface what happend how actuall the vlan1 tag change to vlan 777.

Thanks in advance

Hi

And in addition if i configure ip helpper address(for DHCP) on the routed interface of 3560,

Hope I dont have to make any further change ,All config which you said will remain the same ?

Thanks

I would configure ip-helper on interface vlan1.

Regards.

Hi cadetalain and glen.grant

Thank you so much  for clarifying my doupts on this . I may implement this configuration by end of jan 11 . So I will update you the status on this .

Thanks again for your valuable time on this.