Go Premium for a chance to win a PS4. Enter to Win


Creating several VLANs on a switch to share a common Internet connection.

Posted on 2006-07-22
Medium Priority
Last Modified: 2010-05-18
I've been trying to create the following for a client.

I have a Linksys SRW224G switch on which I want to create several VLANs both to improve network performance and for security reasons. These VLANs need to share a common resource being an Astaro Security Gateway firewall/UTM device.

To cover the hardware the Astaro system is built on a Dell GX240 box with a 3Com 3C905 NIC which is supposed to handle 802.1q traffic. Additionally the Astaro system is running the most current version being 6.301. I configured the Astaro interface for as an ethernet VLAN interface as per the user's manual for version 6.

Note I'm still learning the ins and outs of networking (working on the CCNA currently) so hopefully I'm not missing the obvious here.


1. Can VLANs be set to share a common port that connects to a common resource such as the Astaro Gateway? According to what I've read and the tech people at Linksys the answer is yes however three different attempts to get a solution from them didn't work. Note I'm not trying to route between the VLANs just share a common gateway.

2. If yes what is the basic configuration to do so. i.e., how is the common port configured etc. A Cisco based explanation is fine as I'm more interested in understanding the concept.
Question by:mbshafer2
LVL 22

Accepted Solution

Rick Hobbs earned 136 total points
ID: 17161823
On a Cisco it would be like this:
interface vlan 1
 ip address 171.197.155.x <---or whatever your subnet range is
 ip helper-address

interface vlan 2
 ip address
 ip helper-address

Assisted Solution

jfrady earned 132 total points
ID: 17162081
The Astaro server would have to be in both VLAN's.  For the NIC to support VLAN's I believe it has to be a 3Com "Server" NIC.  The 3C905, while a great card, was before the time of 802.1Q based VLAN's and does not support multiple VLAN's that I am aware of.  It does support PACE but not 802.1Q.

Essentially what you will need - all station facing ports untagged in the VLAN they are supposed to be in - the link to your server tagged in both VLAN's - and the server NIC tagged in both VLAN's.

In that Linksys device you would create an additional "Static" VLAN in addition to the Default VLAN.  Then (in the "webview" interface) select tagged or untagged.

You will have to have 2 subnets.  And the server will need to be in both unless they are routed somewhere.  If you don't want them routed do not enable routing in your server.

You generally (especially in low end switches) can only have one untagged VLAN per port.

Is your Astaro server running on Linux or VMWare?

Author Comment

ID: 17163180
In response to jfrady the Astaro box is runnng the native Astaro Linux.

Assisted Solution

mbavisi earned 132 total points
ID: 17163804

Hi mbshafer,

Not sure how to do it on these funny new age switches, im more of a cisco person....

The problem you have is that you need to terminate these vlans on your astaro.

The switch ports between the Linksys and your astaro need to be both 802.1q trunk ports, as multiple vlans are traversing this.

The other ports on the Linksys, can be seperated into as many vlans as you like, so put example, make 4 access ports on vlan 10, make another 4 access ports on vlan 20 etc...(statically assign the vlan ids on these ports and make sure they are set as ACCESS, not trunks).  You can now segment your traffic, make a subnet range for devices plugged into vlan 10 and apply to the devices eg.., same for vlan 20, eg, you now have devices on different vlans.

The crucial thing here is that on the astaro, you need to have an IP interface on this vlan, example on vlan 10, you need to create an IP interface listening to this vlan, eg for vlan 10 above.. , This will be the Default Gateway of your subnet.

For, make it

Once you do this, the IP packets coming from the subnets can now see the routing table of the astaro and can reach wherever you want to reach, including the other subnets.

The only problem here is that im not sure whether the astaro does vlan interfaces or supports it? maybe you can shed some light as i am more of a cisco guy.


Expert Comment

ID: 17164942
My question re: the OS was just out of curiosity.

How is this issue progressing? mbavisi translated my explanation in even more layman terms.  Good job mbavisi.

The other easy solution may be for you to add another NIC in the server.  That way you can have one NIC in each VLAN.  That way you can put NIC 1 untagged in VLAN 1 and NIC 2 untagged in VLAN 2 etc..  That would negate the need for your server to understand 802.1Q tagging.  You would have seperate subnets and therefore seperate default gateways on each network.

You could also turn on routing if you ever needed to and configure an ACL for security.

With the low priced Layer 3 switches on the market now though you could also just get a layer 3 switch.


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question