- Posts: 350
- Thank you received: 0
Training Lab Connectivity
18 years 10 months ago #11071
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Training Lab Connectivity
Inferno,
Before I contribute to this thread to help you with your problem (even though someone else already had), I would like to note a few things since you seem a new member and possibly have misunderstood this community's intention.
Firewall.cx's forums are not your everyday forums where people would simply reply to threads just for the sake of it, or to make out they are smart.
Our community (and I'm really proud to say this) consists of great IT professionals with different levels of knowledge, willing to sacrifice their time at work or at home, to help people like you and me deal with problems they haven't been able to resolve, either because noone else has taken the time to do so, or simply haven't had enough experience to resolve them themselves.
Jwj as well as the Bishop are highly respected members of this community. In fact, I personally am very thankful they have fallen into this community and become a very knowledgeable and helpful 'resource' for us all.
There are a few things we do not tolerate, amongst them being the making fun of other's lack of knowledge (which I assure you is not the case), or because incorrect instructions have been given (also not the case), as well as referring in a very ironic matter to people trying to help out (...).
More specifically, I'd be happy to inform you that Jwj's instructions nail your problem on the head. Jwj felt he needed to spend his time to help you from work and home - this alone (regardless if he's resolved your problem or not) should be very much appreciated, and I find no reason why you should take such offense and start commenting in a negative way these respected people who have been here longer than you, and proved themselves to the community.
If these simple and logical 'rules' (as we sometimes need to call them) are the foundation of this site and its community. If there's any problem with that, or think you've been mistreated in any way, I'm all ears.
Closing, in reference to what you've requested to do (i'm really only copying jqj's answer):
- This can be done using two or one VLAN - Both ways are correct, but using two VLANS is more appropriate from a security perspective.
I'll provide one way you can get the job done, if you need a different way, we can work it out.
1) Configure your 3560 with two vlan interfaces, VLAN 1 and VLAN 2
2) VLAN 1 should be associated with your 192.168.10.0 network.
VLAN 2 should be associated with your 192.168.100.0 network.
3) Assign your access links (switch ports) to either VLAN. The uplink port must be assigned to VLAN 1:
Netgear--VLAN1
VLAN1--Cisco
4) enable ip routing on your Cisco 3560 (ip routing is only available on the enhanced image sets).
5) All workstations connected to VLAN 2 of your Cisco switch must have their default gateway set to your Cisco's VLAN 2 interface
6) All workstations (including your netgear switch) connected to the VLAN 1 network (192.168.10.0) must have your Cisco's VLAN 1 interface (ip address) set as their default gateway.
7) Your Cisco 3650's default gateway should be your laptop/router that connects your network to the Internet.
8 ) This router/laptop must have a static entry for the 192.168.100.0 and 192.168.10.0 network, using the associated Cisco VLAN interface as the next hop.
Problem resolved - be nice
Cheers mate,
Before I contribute to this thread to help you with your problem (even though someone else already had), I would like to note a few things since you seem a new member and possibly have misunderstood this community's intention.
Firewall.cx's forums are not your everyday forums where people would simply reply to threads just for the sake of it, or to make out they are smart.
Our community (and I'm really proud to say this) consists of great IT professionals with different levels of knowledge, willing to sacrifice their time at work or at home, to help people like you and me deal with problems they haven't been able to resolve, either because noone else has taken the time to do so, or simply haven't had enough experience to resolve them themselves.
Jwj as well as the Bishop are highly respected members of this community. In fact, I personally am very thankful they have fallen into this community and become a very knowledgeable and helpful 'resource' for us all.
There are a few things we do not tolerate, amongst them being the making fun of other's lack of knowledge (which I assure you is not the case), or because incorrect instructions have been given (also not the case), as well as referring in a very ironic matter to people trying to help out (...).
More specifically, I'd be happy to inform you that Jwj's instructions nail your problem on the head. Jwj felt he needed to spend his time to help you from work and home - this alone (regardless if he's resolved your problem or not) should be very much appreciated, and I find no reason why you should take such offense and start commenting in a negative way these respected people who have been here longer than you, and proved themselves to the community.
If these simple and logical 'rules' (as we sometimes need to call them) are the foundation of this site and its community. If there's any problem with that, or think you've been mistreated in any way, I'm all ears.
Closing, in reference to what you've requested to do (i'm really only copying jqj's answer):
I've got a Cisco 3560 Catalyst Switch plugged into a Netgear Switch and the Netgear plugged into the Internet Gateway. I have computers off of both switches. The Hosts off of the Netgear obviously have connectivity because they are the first hop to the net. They are utilizing 192.168.10.0 network. The computers off of the Cisco are utilizing 192.168.100.0 network. I am trying to get those computers to talk to the computers on the Netgear as well as connect to the Internet. Is this possible utilizing the layer 3 switching capabilities of the Cisco?
- This can be done using two or one VLAN - Both ways are correct, but using two VLANS is more appropriate from a security perspective.
I'll provide one way you can get the job done, if you need a different way, we can work it out.
1) Configure your 3560 with two vlan interfaces, VLAN 1 and VLAN 2
2) VLAN 1 should be associated with your 192.168.10.0 network.
VLAN 2 should be associated with your 192.168.100.0 network.
3) Assign your access links (switch ports) to either VLAN. The uplink port must be assigned to VLAN 1:
Netgear--VLAN1
VLAN1--Cisco
4) enable ip routing on your Cisco 3560 (ip routing is only available on the enhanced image sets).
5) All workstations connected to VLAN 2 of your Cisco switch must have their default gateway set to your Cisco's VLAN 2 interface
6) All workstations (including your netgear switch) connected to the VLAN 1 network (192.168.10.0) must have your Cisco's VLAN 1 interface (ip address) set as their default gateway.
7) Your Cisco 3650's default gateway should be your laptop/router that connects your network to the Internet.
8 ) This router/laptop must have a static entry for the 192.168.100.0 and 192.168.10.0 network, using the associated Cisco VLAN interface as the next hop.
Problem resolved - be nice
Cheers mate,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.119 seconds