Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN, Multiple customers, 2610, MSTP and best practise

Alessandro_78
Regular Advisor

VLAN, Multiple customers, 2610, MSTP and best practise

Hi all,

i have a number of server (more or less 20) of different customers.

I need to redesign my network to archive best security and performance.

I'll like to do the following on the 2610 switch:

port1 -> server1 (customer1) -> vlan1
port2 -> server2 (customer1) -> vlan2
port3 -> server3 (customer1) -> vlan3
port4 -> server4 (customer1) -> vlan4
port5 -> server5 (customer1) -> vlan5
port6 -> server6 (customer1) -> vlan6
port24 -> router -> vlan1, vlan2, vlan3, vlan4, vlan5, vlan6, ...
...

Doing so, customers can't access to other customer's servers.

I'll have a LAN with a /21 allocation.
All servers will have a netmask of
255.255.248.0

Router will have a single IP with the same netmask.

Router will be accessibile from all vlan.

Doing so, all server can communicate only with the router regardless the large natmask.

Can I do it better?

More over, is possibile to put in a vlan some other vlan?

Something like:

vlan1, vlan2, vlan3 inside vlan10
vlna4, vlan5, vlan6 inside vlan20

Doing so, I can have fault tollerange for the uplink by putting vlan10 into one MSTP istance and vlan20 into another MSTP istance.

Is correct?
3 REPLIES
Ryan_G
Frequent Advisor

Re: VLAN, Multiple customers, 2610, MSTP and best practise

Hi Alessandro

What are you using to do your routing? And what are you trying to route around?

You can't have vlans inside other vlans. You can acheieve your redundacy to your router by using tagging of your uplinks and MSTP.

More info would be helpful.
Matt Hobbs
Honored Contributor

Re: VLAN, Multiple customers, 2610, MSTP and best practise

The 8200/5400/3500 now support Q-in-Q which does allow you to have VLANs within VLANs. You do need the premium-edge license though.
Alessandro_78
Regular Advisor

Re: VLAN, Multiple customers, 2610, MSTP and best practise

Look at my draw.

I have a bounce of server with dual ethernet inside.

I need to connect each server to each 2610 access switch.

Ethernet will be configured for balancing (only outgoing or incoming and outgoing balancing)

Doing so, both 2610 switches will be active at the same time.

On each switch i'll configure one vlan for one server.

For example: server 1 -> vlan 1


Port 23 and port 24 (gigabit) on the 2610 will be connected to our 'core' switches 2810 (gigabit).

I'll like to have redundancy and load balancing.
I can do this buy activating MSTP on each switch and putting:

VLAN1, VLAN2, VLAN3 active on port 23
VLAN2, VLAN2, VLAN3 backup on port 24

VLAN4, VLAN5, VLAN6 active on port 24
VLAN4, VLAN5, VLAN6 backup on port 23

Same config on each 2610 switches. Ok?

Route server will be connected to each 2810 via ethernet in active/failover so only one ethernet per time is active. I don't need balancing for outgoing traffico
(I have only 25mbit of aggregated bandwidth, one gigabit ethernet is enough :D )


So far, something wrong?

I would like to 'group' vlan1, vlan2, vlan3 into a big vlan10 so i don't have to change mstp every times I add a server but I think is not possibile.

Is possibile to have a sample configuration to do this? Actually I haven't the switches to play with because will be ordered in the next month.

Thanks and sorry for english.