Re: Switch Configurations

ndaneluk · ‎03-27-2019

Good day, I am a bit confused on how to configure my switch. My topology consists of three switches connected together. One switch will be a distribution switch then the other two will be access switches. I have three servers connected to the switches, general personnel, and accounts. Then I also have three pcs connected to the same switch. I have a router connected to my switch for DHCP purposes. I have the router connected through the gigabit port and then its pushing addresses out to the pcs. What I am currently trying to configure is that one pc called IT support should only be able to access the accounts server. and the next PC called accounts should only be able to access the accounts server. But I don't know exactly what I would put in place to block the other pc's from gaining access to the servers they aren't supposed to.

Richard Burts · ‎03-27-2019

You have told us a little but not enough for us to be able to give you good advice. You mention a distribution switch and 2 access switches. But you do not indicate whether these are layer 2 only or are layer 3/layer 2. You do not tell us whether all the network is in a single vlan/single subnet or whether there are multiple vlans/multiple subnets.If there are multiple subnets you have not told us which device is providing routing between the subnets. If you can give us better information we may be able to give you better advice.

HTH

Rick

HTH

Rick

ndaneluk · ‎03-27-2019

My mistake, The switches are layer two. Throughout the whole network, there is four VLANs and four subnets. I have a router providing routing between the whole network.

Richard Burts · ‎03-27-2019

Thank you for the clarification that the switches are layer 2 switches. So am I correct in assuming that routing between vlans/subnets is provided by the router you mention? It is good to know that your network has 4 vlans and 4 subnets. You mention 2 PCs that should only be able to access the accounts server. Does that mean that they have no other access at all (no Internet, etc)? Can you clarify the assignment of the PCs and the server for vlan and for subnet?

HTH

Rick

HTH

Rick

Richard Burts · ‎03-27-2019

Thank you for posting the drawing. It shows a topology more complex that what was described in the original post. Would I be correct in assuming that this discussion deals with the part of that network on the left side of the drawing?

The drawing does show devices identifying their names and the ports on which they are connected. But it does not supply information about their vlan assignment or the subnetting/IP assignment. Can you provide clarification on this?

HTH

Rick

HTH

Rick

ndaneluk · ‎03-27-2019

@Richard Burts This is the network with the addresses.

Leo Laohoo · ‎03-27-2019

@Richard Burts wrote:

Thank you for posting the drawing.

Rick,

I've seen this drawing before. It was for a schoolwork/homework.

Richard Burts · ‎03-28-2019

Leo

I had wondered about that. Thanks for confirming.

HTH

Rick

HTH

Rick

ndaneluk · ‎03-27-2019

If you look at the photo I summited down below, I have the It support Pc on the one access switch, then I have the three servers. What I want to happen is I want the IT support to have full access throughout the whole network. Then the Accounts PC on the other access switch that pc should only be able to access the accounts server. I currently don't have any VLANs in place because I'm still trying to figure out if they are needed or not. Back to the PCs I want the Personnel PC to only have access to the Personnel server. All the pcs should have access to the internet and such. I'm just trying to get some guidance on if I need VLANs to make this work or what. Really confused at this point.

luis_cordova · ‎03-27-2019

Hi @ndaneluk ,

Effectively, to be able to make connectivity filters you must segment the network through vlan and subinterfaces in the router.
This is because all the devices (PCs and Servers) are in the same vlan, the packets are propagated by layer 2, without the possibility of applying filters.

Regards

ndaneluk · ‎03-27-2019

Here is the Packet Tracer. @luis_cordova

luis_cordova · ‎03-27-2019

Hi @ndaneluk ,

I attached the exercise with the following filters:

-PC Support has ping to all devices
-PC Personal only access the Personal server
-PC Accounts only access the Accounts server

Obviously, check the ACL that I configured (each ACL has a marked description)

Anyway, I recommend you to reinforce your knowledge of Vlan, Routing Protocols, Router-on-a-stick method.

As always, if you have any questions or concerns, you should only post it in the community and we will try to help you.

Regards

paul driver · ‎03-27-2019

Hello

@ndaneluk wrote:
I currently don't have any VLANs in place because I'm still trying to figure out if they are needed or not

Your topology is rather convoluted, I am correct in saying this isnt a production network you have simulated here?

The 5 routers you have , do they have any configuration on them as they show in their description has "empty"

Looks like you currently have 4 subnets running so going forward you would like 4 vlans related to those subnets, is so the next the question I guess is can this topology be redesigned to include just 1 rtr and the 4 switches?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ndaneluk · ‎03-27-2019

The design has to stay as I have it.

Richard Burts · ‎03-27-2019

I am still not clear about some aspects of your design. But one thing is extremely clear. As Luis indicated in a previous response if you want to enforce restrictions on what PCs can access what servers then you need to have multiple vlans (and multiple subnets) in your design. If PCs and servers are in the same vlan/same subnet it is extremely difficult to control who accesses what.

HTH

Rick

HTH

Rick