Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
749
Views
0
Helpful
5
Replies

Routing Question - Inter Vlans

krillin21
Level 1
Level 1

ā€Ž08-21-2016 01:34 PM - edited ā€Ž03-08-2019 07:05 AM

Hi All,


I've been handed the task of managing a few switches and Firewalls. I seem to be a tad bit confused as how to tackle a specific problem with Vlan routing. I know some basics, as I have CCENT and I've worked with the switches and ASA's for the past 2 years or so.


I've attached the basic Diagram for clarification, but in essence, we have a Voip solution, running through a 2900 router, connected to a ASA5505, which connects into our LAN by means of a 3750 layer 3 Switch which does the routing. The access switches are 2950s.


The Data Vlan is 15 and the Voice Vlan is 20. The issue that I have is that our company has branched off into 2 separate companies, however still would like to stay on the same VoIP system. We are using Cisco 7942 IP Phones.


A separate internet link has been installed for the new company, and they will be using a single 2950  connected to a Cheap DSL router. A single Cable will be used to connect the 2950 to the Layer 3 3750 switch for the phone system. We can configure a trunk between the 3750 and the 2950. But I'm a bit confused as to how to get the routing working for phones as well as the data. The data will go via the DSL router and the Phones will go via the original Voice Vlan. The DSL router will handle the DHCP for this company as there are only about 15 users.


In my mind, I see this working, I'm just struggling to figure out what needs to be configured where.

What I cant seem to understand so well, is that what layer 3 device will do what routing. and how do I get the VoIP Router to hand out DHCP for the Phones and the DSL router to hand out DHCP for the Data, without the other DHCP server interfering with the data.

Will this work? or does anyone have any other suggestions. Each company has its own internet connection.


1 person had this problem
Labels:
Preview file
51 KB
0 Helpful
5 Replies 5

Prabath Godevithanage
Level 4
Level 4

ā€Ž08-21-2016 04:12 PM

Hi,

I dont have a clear understanding of the business requirement hence would give you an answer from what i can see

If the business 2 is under a different administration I would put it behind a firewall,having said that i don't think the asa5505 can do this for you given that it only would have one outside and inside interface(thinks may be different now with latest versions)

To directly answer your questions,with the topology shown.

you simply can extend your voice vlan 20 from 3750 to 2950 and add a ACL on 3750 voice SVI to block everything else for new business.on 2950 host ports you advertise your auxiliary vlan which your vlan and the new data vlan which going to create with the next setp 

As the for the internet connectivity for new business you can create a new datavlan on 2950 and plug the new DSL connectivity and have the DSL router configured to issue DHCP for that section

above would work if your new business wouldn't need to access anything else from the old business except voice.

if your new business required to access other services from the old business then you need a L3 device at the new business side. 

Cheers

Prabath

***Please rate all the useful posts***
-Prabath
0 Helpful

krillin21
Level 1
Level 1
In response to Prabath Godevithanage

ā€Ž08-21-2016 09:33 PM

Thanks for the response. correct as stated, the new business only needs access to the Voice. Would I need to create a route on the DSL router pointing the Voice Range to the 3750? This is where I was a bit confused. Would the DSL Router also need to be configured with the Voice Vlan? Or would the 2950 automatically forward traffic destined for the voice range to the 3750, this is where my mind went a bit wonky.

0 Helpful

Prabath Godevithanage
Level 4
Level 4
In response to krillin21

ā€Ž08-21-2016 10:57 PM

if you are extending your voice vlan to 2950 you don't need any routes back to 3750 as it'll be L2 connectivity and no changes required on the dsl router. technically that would work but not a design i would implement.

if it is a separate business I'd rather separate the networks in security perspective and grant appropriate access as required.Will also have a separate layer 3 domain for the new business

***Please rate all the useful posts***
-Prabath
0 Helpful

krillin21
Level 1
Level 1
In response to Prabath Godevithanage

ā€Ž08-25-2016 05:17 AM

I am busy with this today, and was wondering if this work, please let me know, instead of having to do additional access rules. On new company switch, Ive stated that switchport voice vlan is 20, like it is on the old company LAN. and then on the L3 switch the port that connects to the 2950, Ive made it an access port, and said switchport access vlan 20. 

Before I plug anything and and break something, would this work, and when the phones get plugged in, they will look for DHCP on vlan 20, and the PCs will look for the DHCP on Vlan 11 which is the data Vlan for the new company? I have configured Vlan 11 on the DSL router. Should I even have to configure a data vlan on the new company or will they by default go to the DSL router??

Are the switches intelligent enough to know that for DHCP for the voice it should jump to the L3 switch? or would this not work?

This is a bit of new territory for me.

0 Helpful

krillin21
Level 1
Level 1
In response to Prabath Godevithanage

ā€Ž08-25-2016 08:10 AM

..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card