vlans

Re: vlans



VLANS are separate networks that can't communicate with each other. Unless you use a router. Generally speaking.


Multi-layer switches can perform layer 2 and 3 functions, replacing the need for dedicated routers.


---------------------------------------------------------------------------------------------------------------------------------------


A Layer 3 switch (also called a multilayer switch) is one device, but it executes logic at two layers: Layer 2 LAN switching and Layer 3 IP routing. The Layer 2 switch function forwards frames inside each VLAN, but it will not forward frames between VLANs. The Layer 3 forwarding (routing) logic forwards IP packets between VLANs.
Layer 3 switches typically support two configuration options to enable IPv4 routing inside the switch, specifically to enable IPv4 on switch interfaces. This section explains one option, an option that uses switched virtual interfaces (SVI). The final major section of the chapter deals with the other option for configuring IPv4 addresses on Layer 3 switches: routed interfaces.


https://www.ciscopress.com/articles/article.asp?p=2990405&seqNum=3


PS - To answer your question, yes you can print to one copier over multiple VLANS.

Re: vlans

This is the video I watched months ago where I learned about inter-VLAN's. It was confusing at first and took a while for the light bulb to come on for me.

Re: vlans

Thanks I'll check it out

Re: vlans

Many of our larger customers are actually building out dedicated VLANs just for their printers and other devices so that they can segment traffic and device types. With printers it's especially useful as the web interfaces for a lot of devices can't use newer TLS versions or contain very old cipher suites. With a VLAN, you can grant a single PC or terminal server HTTP access to all of the devices and have a lower security setting for a single browser to access them. While I don't get directly involved in them beyond troubleshooting any odd ports that are needed, as a company we're beginning to add whether VLANs are a part of a customer network during our site surveys.

For the last customer we assisted with one, we had them allow ports 515 and 9100 for printing inbound, HTTP inbound from a management PC, SMB outbound to their file server for scan to folder, and SMTP outbound to their internal mail relay for scan to email. SNMP and the ports for their monitoring software were enabled inbound and outbound only to the specific IP of the monitoring system. All other traffic was blocked.

Their network guys further narrowed some of those down to only allowing printing from their server VLAN to ensure that users were only using print queues from their print server and other server based applications. Similarly, SMB was also limited to just the file servers to ensure no rogue shares were on any of the machines.



Sent from my BlackBerry using Tapatalk

Re: vlans

Interesting. What kind of IP address setup might you use? I know you couldn't use 255.255.255.0 for the mask. I see this mask more than any other for my customers with a small network.

Re: vlans


What model of Cisco switch do you have?

Re: vlans


Do you run into many problems with customers on VLAN's who don't have the necessary ports open? If so, how do you resolve it and does your company charge for it?

Re: vlans

Most of the VLAN issues we come across are where the routing isn't properly configured in the switch, or where a device was assigned to the wrong VLAN. Generally, it's a T&M change for it if we have to get involved, though most of our business customers are using either in-house or contract staff for their infrastructure support since we don't support much past the wall jack so they're able to figure the issue. At worst we'll do the first look at the MFP or dig into the server or workstation logs for issues. Port issues are more common with a few very restrictive customers.

Customers running VLANs seem to fall into two boats:

1. Security minded customers who want to limit traffic between network segments: they only allow exactly what needs to be transported through and everything else is dropped.

2. Customers with large networks or multiple sites on the same overall LAN that they want to break down for easier management/troubleshooting: they generally just assign a VLAN per campus building, or functional area and just permit all local network traffic through to every other VLAN.

There are also others that fall between each of these camps, and we recommend some mix of both like I put in my earlier post.

Re: vlans

It's an old catalyst 3560g. I telnet into it. I must be missing a setting somewhere to get it to work. I may try it again this weekend. I can attempt to put my Konica Minolta on it's own vlan.

Re: vlans


Are you using the Command Line Interface or the Setup Wizard?

Re: vlans

Command line. I don't think this has a setup wizard. I'll look at it again this weekend.

Re: vlans



I'm not familar with this model but "I think" at the first prompt if you type 'YES" that it will take you to the Setup Wizard. However, I think you're better off going the Command Line route. I'm just starting to learn how to set up VLAN's on a Cisco switch and I was able to do it without much trouble. Are you experienced with Cisco?

Re: vlans

No. I'm a copier tech with light networking knowledge. I'll work with the command line and see where it leads. The older stuff can be a bit of challenge.

Re: vlans


I think Cisco command line is all pretty much the same across their switches. Try this from the command line and in this order: (example only, your ports numbers are likely different but you'll get the idea.)


en
config t
vlan 10 (pick any number you want between 2-1001)
name blue (pick the name you want.)
vlan 20 (pick any number you want between 2-1001)
name yellow (pick the name you want.)
(hit control + c on your keyboard) This takes you back to global configuration mode.
show vlan brief (this will show that vlan 10 & vlan 20 were created. Please note that even though the Vlans were created that there's no ports assigned YET.)
config t
int F0/01 (FO/01 is the first port on my switch. I could use any port if I wanted to.)
switchport mode access
switchport access vlan 10

That's it. Port FO/01 is now assigned to VLAN 10. Just repeat the procedure to add ports to whatever VLAN you want.


NOTE: The Cisco switch is defaulted to VLAN 1 and all ports are assigned to VLAN 1. You can't delete VLAN 1. All you can do is assign the ports to a different VLAN after you create a new VLAN.

I hope that made some sense.

One more thing that will speed things up for you. Instead of adding one port at a time, you can add a "range" of ports to a vlan by using the following command: int range f0/10-15

Ports 10-15 are assigned to whatever VLAN you told it to configure. If that's confusing...just add one part at a time.