No. Servers are connected to unmanaged switch.

I confgured two VLANs and assigned one port to each VLAN. These VLANs work(not communicating to each other) when there is no unmanaged switch in the picture. But as soon as when I connect unmanaged swich to Cisco 2960 S switch, both VLANs start communicating to each other which I don't want.

I want to configure simple VLAN in which I don't want traffic/communication among VLANs but at the same time, I want all VLANs should communicate to common servers which are on unmanaged switch. 

I believe that you have mutually contradictory requirements. The fundamental issue is that the unmanaged switch has only a single VLAN and no ability to trunk VLANs. As long as you are dealing only with the 2960S then the VLANs are separated and can not communicate (which in one of your requirements). But when you connect the unmanaged switch (to provide communication to the servers) then the unmanaged switch is connecting both VLANs from the 2960S and now they communicate with each other.

If we knew a bit more about your environment we might be able to find a solution. To start with can you tell us how the two VLANs on the 2960S switch communicate with each other? Is there a layer 3 switch or router connected to the switch that provides communication between the VLANs? Also can you tell us about what IP addressing is being used? Are the two VLANs on the 2960S using the same subnet, different subnets? What IP addressing is used for the servers on the unmanaged switch?

If there is a layer 3 switch or router, and if the VLANs on the 2960S switch have different subnets and  use it to communicate, then there is the possibility that you could configure a third VLAN on the switch, configure the port that connects to the unmanaged switch in the third VLAN, and configure a third subnet on the layer 3 switch or router. Otherwise I can not think of a way to achieve separation between the VLANs on the 2960S and still communicate to the servers on the unmanaged switch.

HTH

Rick

Hey Rick,

Judging from what the OP has described, it's like the 2960S has two links to the unmanaged switch:  one link each for every VLAN.

Do you think there could be a potential for an impending loop?  

NOTE:  I know, based on the description, the network loop is insignificant, but still ... Freddy Krueger doesn't scare me.  It's this!

Leo

I think that you may very well be correct. I am very interested in finding out what is the topology of this network. It does sound like there could be two links from the 2960S to the unmanaged switch. And in that case I would expect a loop. So I am waiting for further information from the Original Poster.

HTH

Rick

Hello,

I created port based VLANs and assigned one port to each VLAN. I didn't use any IP address scheme in the current setup. Let me clear you about how network is designed. I given two uplinks from unmanaged switch to 2960 switch for each VLAN.

ISP --> Cisco router --> unmanaged switch --> Cisco 2960 S switch.

Is it possible to creat ACL in cisco 2960 S switch to deny traffic between these two VLANs. This would also help.

I can remove unmanaged switch if we can give servers traffic to each VLANs.

Please let me know if you need any other information.

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Ah, then it appears you are bridging your two VLANs with the unmanaged switch (as I, Rick and Leo all suspected).

If your 2960S supports private VLAN (as first noted by Stephen) you might be able to place your servers onto promiscuous ports and your two user VLANs onto community ports.  (The unmanaged switch could only be connect to just one of the 3 different port types.)  More information about PVLANs might be seen here:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml

An alternative design would be to separate your server and two user groups into 3 different VLANs/subnets.  You'll then need to route and also need to use ACLs to block traffic between the two user VLANs/subnets.  Again, the unmanaged switch can provide additional ports for just one of the 3 VLANs/subnets.

The problem with the 2nd approach you'll need a L3 switch.  The 2960 series was just L2 but the later 2960S with the latest IOS supports very limited routing, I believe.  Unsure it can manage routing interaction with the Cisco router you've described and whether it supports sufficient ACL controls in this role.

Lastly, you might very well be able to route and ACL manage traffic between 3 VLANs/subnets using the Cisco router, but depending on the model it might not support typical LAN bandwidths such as might be desired between your servers and user ports.