Same network, different vlan tags between switches??

rkallas · ‎02-24-2012

I have a Perimeter DMZ VLAN that I'm trying to extend to a VM enclosure. The path is:

Perim Sw------->FW---------->Core SW------->Agg SW------------>EnclosureSW---->VM

Cat3350 PIX Cat6509 Cat6509 Cat4948

ON the perimeter switches, the VLAN is 50. This is a /27 network, and the VM in the Enclosure has an IP address for this network.

On the Agg switch, VLAN 50 was assigned to a different network (by a previous engineer), and the Perimeter network is VLAN 53.

So is there a way for me to strip and retag or translate the VM device from VLAN 53 to VLAN 50 and get it extended over to the Perimeter DMZ?

Ray

Jeff Van Houten · ‎02-25-2012

isn't the firewall routing? If so the vlans don't connect between perimeter and core in your diagram.

Sent from Cisco Technical Support iPad App

rkallas · ‎02-29-2012

So sorry, I've out ill for a few days. Yes you are correct about the FW doing the routing. My diagram is a bit misleading I think.

It should be this:

I think what I need to do is create another Vlan on the Core sw, let's say 950, and extend it across to the Edge switch. However, I think I have to map VLAN 950 to VLAN 50 at some point, but I'm not sure.

Jason Dance · ‎02-25-2012

In my environment I kept the Perimeter and internal interfaces completely seperate on the VM environment. Do you have a spare interface on your VM enclosure to connect to your 3550?