mobile1
asked on
VLAN Setup How to create 2 networks but both with full internet conectivity (one switch)
I have a router
http://broadband.motorola.com/consumers/products/VT2400/downloads/VT2442_User_Manual_US_UK.pdf
Conected to the router is a switch SMCGS16-SMART with 16 ports that supports VLans.
http://www.smc.com/index.cfm?event=viewProduct&localeCode=EN_USA&cid=7&scid=&pid=1485
(click on manual on the right)
Port 1 of the switch conects to the router, the router conects to the cable modem (for internet conectivity).
What I want to achieve is that Ports 2-8 are in a seperate LAN with internet conectivity and ports 9 to 16 in another LAN.The goal is that ports 9-16 DO NOT have access to ports 2-8.
My question is how do I need to setup my switch to seperate ports 2-8 and ports 9-16 so that both still have full internet conectivity.
Please do not point me to resources where I can read up about VLANS. I'd like direct instructions how to setup the switch... VLANS, PVID, TRUNKS or whatever is required. The link to the manual above shows what the user interfaces look like. I just want direct instructions so that it works.
Thanks.
http://broadband.motorola.com/consumers/products/VT2400/downloads/VT2442_User_Manual_US_UK.pdf
Conected to the router is a switch SMCGS16-SMART with 16 ports that supports VLans.
http://www.smc.com/index.cfm?event=viewProduct&localeCode=EN_USA&cid=7&scid=&pid=1485
(click on manual on the right)
Port 1 of the switch conects to the router, the router conects to the cable modem (for internet conectivity).
What I want to achieve is that Ports 2-8 are in a seperate LAN with internet conectivity and ports 9 to 16 in another LAN.The goal is that ports 9-16 DO NOT have access to ports 2-8.
My question is how do I need to setup my switch to seperate ports 2-8 and ports 9-16 so that both still have full internet conectivity.
Please do not point me to resources where I can read up about VLANS. I'd like direct instructions how to setup the switch... VLANS, PVID, TRUNKS or whatever is required. The link to the manual above shows what the user interfaces look like. I just want direct instructions so that it works.
Thanks.
1) Create Vlan number then set switchport range from 2-8....
2) Set ip for you network secment
3) Switchport mode trunk to trunk your Vlan if you want to connect your VLan
4) Configure sub interface in your router (bri0, bri1...) and set ip address according to your vlan IP address.
http://www.cisco.com/warp/public/793/lan_switching/3.html#assign
2) Set ip for you network secment
3) Switchport mode trunk to trunk your Vlan if you want to connect your VLan
4) Configure sub interface in your router (bri0, bri1...) and set ip address according to your vlan IP address.
http://www.cisco.com/warp/public/793/lan_switching/3.html#assign
your switch may support VLANing but your router doesn't... I suggest you get a better router to do this.
Basically you need a router with 2 ethernet interfaces to route for both VLANS or a router that supports VLAN tagging (subinterfaces) as well as your switch. Then you can apply access-lists on each interface or subinterface to deny traffic.
Bottom line is..... you can separate your switch segment into different VLANS but you need a router present in each segment to route packets out of the VLAN (either logically through vlan tagging or physically through 2 separate interfaces).
Basically you need a router with 2 ethernet interfaces to route for both VLANS or a router that supports VLAN tagging (subinterfaces) as well as your switch. Then you can apply access-lists on each interface or subinterface to deny traffic.
Bottom line is..... you can separate your switch segment into different VLANS but you need a router present in each segment to route packets out of the VLAN (either logically through vlan tagging or physically through 2 separate interfaces).
If you can dedicate a computer with 3 NICs, you can connect the router to it and define the computer as a gateway for the 2 other NICs and connect each one to a different vlan.
ASKER
What about setting the router as VLAN 1 (port 1), ports 2-7 as members of VLAN 1 and VLAN 2, and ports 8-16 as members of VLAN 1 and VLAN 3. Would that work, or would I still have the problem that my router isn't up for the task.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have to block access on the router.