Articles

Browsing computers in different VLANs

June 8, 2010 at 02:18:49
Specs: Windows XP

Hello and thanks for reading my post,

I've just configured two different VLANs (plus
the default one) in my 3560G switch, I can
ping from any VLAN to any host in other
VLANs, but I cannot see the computers in the
Windows explorer, do you know why?.

I created the VLANs to isolate several
computers in the networs as they are
dangerous because we are using an old
software and we can't update the OS, I wanted
them to have access to one NAS disk and
nothhing else, like this

DANGEROUS (VLAN 100) ------ NAS disk
(VLAN 200) ---- Rest of the company (VLAN
155)

I've configured the VLANs but I don't know
what I have to do to be able to browse the
NAS disk (I'm using a laptop for testing
purposes), do you have any idea?. Later, I
believe that I'll have to create access lists to
cut the communication between the danderous
and the "rest of the company" VLAN.

Have a nice day !

Jud


See More: Browsing computers in different VLANs

Report •


#1
June 8, 2010 at 06:31:55

nas port has both vlans. You wouldn't be browsing between the vlans or you would need vlan routing which pretty well defeats what you are trying to do.

Report •

#2
June 8, 2010 at 07:16:57

Thanks wanderer,

I already setup VLAN routing in the Cisco 3560, and I can
ping form any computer to any other computer in any VLAN.
But I can't browse them in the Windows network explorer.

As I have to share some resources while keep some
computers isolated, I thought it would be a good idea to
create several VLANs and then use ACLs to provide access
to certain resources in the LAN, like printers, NAS, the future
Small Business Server 2008, Exchange etc.

Do you believe there is a better/simpler way of doing it?, any
advice would be great.

Thanks


Report •

#3
June 8, 2010 at 08:11:54

Always follow the KISS principle.

what you descibe in your first post does not require vlan routing. In fact you defeat the isolation with vlan routing.

if you want to manage this dangerous vlan then put your pc's port in both vlans.


Report •

Related Solutions

#4
June 8, 2010 at 09:46:40

Thanks again wanderer,

I'm sorry but I don't understand what do you mean by put your
pc's port in both vlans?

Jud


Report •

#5
June 8, 2010 at 10:43:19

Depending on switch you can assign multiple vlans to a single port. I use HP managed switches and I can put up to 8 vlans on a single port.

So the port that connects your pc to the switch should have the ability for you to assign both the corp vlan as well as the dangerous vlan which in turn gives you access to both.

BTW if these dangerous computers don't have internet access they can't become dangerous.


Report •

#6
June 8, 2010 at 14:52:34

Great !.

The witch is a Cisco 3560G (I inherited it), so I believe it can handle it.

... VLANs have different subnet IP addresses right?, so what IP address and gateway should I configure in the NAS disk?. This solution would be great to my needs. I'll be able to configure the two VLANs in another port to connect the Small Business Server !

I'll have to wait a few hours to test it... :(

Thank you very much !

Jud


Report •

#7
June 8, 2010 at 15:00:16

"VLANs have different subnet IP addresses right?, "

Not necessarily.

There is a common thinking error I find on the web concerning Cisco training. Folks apply vlans and subnetting on class c networks when it is meant for very large networks.

If you have 254 devices or less you don't need to subnet.


Report •

#8
June 8, 2010 at 15:46:19

I only have around 70 IP devices: computers, printers, plotters, switches, etc.

The problem is that in our network, we have one big piece of hardware, its an HP rack, full of computation servers, file servers, SAN servers, switches, etc. They are all working together as a geoprocessing machine. They are in the 192.168.156.0/24 LAN. There are three workstations that manage the big system. They are now in a fully independent LAN, with their own Internet router. I can't use their subnet and mix everything. This is why I planned to use VLANs.

I need to provide those three workstations with printing capabilities, and in a few time, I'll have to setup a Windows SBS2008 with the domain server, Exchange server etc., and I need those workstations to be part of the office LAN...

I'm learning a lot with your explanations wanderer, thanks a lot,

Jud


Report •

#9
June 9, 2010 at 01:56:27

Hi,

I've been looking for some information and Cisco is not
supporting multi VLANs in the same port (it was supported some
time ago). This is getting more difficult.

Jud


Report •

#10
June 9, 2010 at 08:47:16

That does not sound right.

Cisco calls them Promiscuous ports

Look under
Understanding How Private VLANs Work

http://www.cisco.com/en/US/docs/swi...


Report •


Ask Question