C3750 Layer 3 Switching and VLANs

1 view
Skip to first unread message

ryanfi...@hotmail.com

unread,
Feb 7, 2006, 10:30:20 AM2/7/06
to
Hi There,

I have the task of installing a new C3750 switch into an existing ip
network. The existing network is just running a basic layer2 switching
setup with daisy chained switches. They have a HP core switch that will
do vlan tagging but will not actually separate networks into VLANs if
that makes sense. I am tasked with installing a new L3 C3750 and
providing 3 separate VLANs (all with the same IP network (but different
masks) - otherwise it means readdressing everything!) and I need to
filter traffic out between the VLANs. Has anyone got any example
configs on how I can configure these VLANs and the router inside the
Switch? Any ACL filtering examples would be greatly appreciated! I am
new to VLANS and especially L3 Switches :-/

Thanks

Ryan

NETADMIN

unread,
Feb 7, 2006, 11:07:16 AM2/7/06
to
Hi Ryan,

Can you provide any current sceerion diagram to make the scenerio
clear,

Untill now i only understood that you wantto install 3750 Switch as
VLAN Tagging Server with restricted access.

Thanks,
NETADMIN

ryanfi...@hotmail.com

unread,
Feb 7, 2006, 11:17:29 AM2/7/06
to
Hi,

Thanks for the super fast reply. I think I should take the HP and the
VLAN tagging out of the loop first - so ignore the HP. I need to
install a new C3750 L3 Switch.

I need to create 3 VLANs, 1x Terminal Servers (VLAN2) , 1x
Clients/Workstations (VLAN3), 1x Management (VLAN4). I need to ensure
that the Clients can only access the Terminal Servers on TCP3389 and I
need to filter out ALL other traffic for getting to the servers. The
C3750 will be L3. Can you provide a config example for this.

Also, I will need to enable portfast on the Server ports.

Sorry I am missing out the diagram as it's just a L3 Switch with 3 x
VLANS and FIltering - my first post is confusing - so I've simplifed it
a little.

Lutz Donnerhacke

unread,
Feb 7, 2006, 11:23:45 AM2/7/06
to
* ryanfi...@hotmail.com wrote:
> I need to create 3 VLANs, 1x Terminal Servers (VLAN2) , 1x
> Clients/Workstations (VLAN3), 1x Management (VLAN4). I need to ensure
> that the Clients can only access the Terminal Servers on TCP3389 and I
> need to filter out ALL other traffic for getting to the servers. The
> C3750 will be L3. Can you provide a config example for this.

...
!
interface vlan3
ip address ...
ip access-group from_clients in
!
ip access-list extended from_clients
permit tcp any any eq 3389
deny ip any any log
!

ryanfi...@hotmail.com

unread,
Feb 7, 2006, 11:30:06 AM2/7/06
to
Hi Lutz - thanks a million for the reply - I was looking into VACLs and
all sorts - didn't think it was as easy as that! I am just wondering if
you could also provide an example on configuring the L3 part of the
switch?

Cheers

Ryan

NETADMIN

unread,
Feb 7, 2006, 12:28:41 PM2/7/06
to


ip default-gateway gateway IP
ip classless
ip route 0.0.0.0 0.0.0.0 gatewayIP

Thanks,
NETADMIN

Lutz Donnerhacke

unread,
Feb 7, 2006, 3:37:46 PM2/7/06
to
* NETADMIN wrote:
> Hi Lutz - thanks a million for the reply - I was looking into VACLs and
> all sorts - didn't think it was as easy as that! I am just wondering if
> you could also provide an example on configuring the L3 part of the
> switch?

You will need to consult the usual configuration guides. They are very good.

NETADMIN

unread,
Feb 7, 2006, 11:45:58 PM2/7/06
to
Hi Lutz..

>>Hi Lutz - thanks a million for the reply - I was looking into VACLs and
>>all sorts - didn't think it was as easy as that! I am just wondering if
>>you could also provide an example on configuring the L3 part of the
>>switch?

Is posted ryanfinne...@hotmail.com not by me

Thanks,
NETADMIN

mil...@gmail.com

unread,
Feb 8, 2006, 7:30:31 AM2/8/06
to
Try command in global config mode
no ip routing
and routing between vlans will be disabled

Reply all
Reply to author
Forward
0 new messages