Solved

VLAN Configuration

Posted on 2007-11-23
9
2,405 Views
Last Modified: 2008-05-29
I am a complete newb when it comes to VLANs, unfortunately the documentation that came with the Dell switches I have hasn't really helped my learning curve. I have six Dell PowerConnect 2716's and I need some network seperation.

Requirement 1
To seperate our two production networks (A & B), keeping data seperate, but allowing them to use the same Internet connection. The two networks are pretty small at the moment, so if necessary they could use the same switch, but I'd prefer to keep them on a switch each.

Requirement 2
To extend the network seperation to a further three networks (C, D & E). I have a similar requirment here, to keep data between the networks seperate, but allow the use of the same Internet connection.

TIA

Klaus
0
Comment
Question by:klaus1013
  • 5
  • 4
9 Comments
 

Author Comment

by:klaus1013
ID: 20342282
I've found some good information in another post here as below:

Administration should be done via Internet Explorer 6.  Firefox and IE 7 have mixed results.
Left port 1 on VLAN #1 for administration purposes since this is the only VLAN that allows for management.
On "VLAN Membership" I created VLAN #2 and set ports 2 - 8 as untagged
On "VLAN Membership" I created VLAN #3 and set ports 9 - 12 as untagged
On "VLAN Port Settings" I changed the PVID for all ports in VLAN #2 to "2"
On "VLAN Port Settings" I changed the PVID for all ports in VLAN #3 to "3"

I think this config would work if I had two Internet connections, but at the moment I only have one. So if I used this configuration and had a connection from each VLAN into our single router, the router would 'spoil' things and allow data to cross the VLANs. So I think I need a similar configuration, but to be able to only have one connection from the switch to the router.

Again, if I could extend this configuration across multiple switches it would be great, but not essential.

Klaus
0
 
LVL 27

Accepted Solution

by:
pseudocyber earned 200 total points
ID: 20342709
Ok - couple of things.

To do what you're asking for most people use a layer 3 switch at some point in their network.  Keeping segments seperated is fine, but there are some things you probably want to share between them - you've already mentioned Internet.

If this is one company, you'd also want to share basic network services such as DHCP and DNS.  You might want to share file and print and auth as well - up to you.

If it's a multiple company situation and they want to keep everything seperate but reduce costs by sharing Internet - you can do that - but you could run into trouble if one company is hogging all the bandwidth, if their policies are different and one company allows unrestricted access and someone starts doing bad stuff and people come looking for the IP etc.

Anyway, back to the layer 3 switch - so it would allow routing between vlans - which I know you don't want - but you need for Internet.  You could put in some basic rules with access control lists depending on your hardware.  

You would use another vlan - the Internet vlan.  So, vlans A, B, C could all route to I.  You would connect I to your router and you're done.

If you want to extend the vlans across switches - so vlan A is on switch 1 and 2 then you use vlan trunking.

Sticking with Dell - I think this is the first switch that supports layer 3 routing - the PowerConnect 6224 http://www.dell.com/content/products/productdetails.aspx/pwcnt_6224?c=us&cs=04&l=en&s=bsd.

If you don't want to get a layer 3 switch - then you need a router with multiple ethernet interfaces - and each interface could be a connection for a different vlan - unless you get a router which can do vlan trunking - then you could send one physical connection to it with multiple vlans on it.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 20342713
PS - not a good idea to use your default vlan - normally vlan 1 for management.  It could easily be accidentally not configured and you go to plug someone in and by default, they're in the management vlan.

Or there are hacker tools which can confuse the switch and then drop traffic into the default vlan - which would be your management vlan.
0
 

Author Comment

by:klaus1013
ID: 20342754
Thanks for the reply pseudocyber. Networks A & B consists of two different companies, with networks C, D and E consisting another possible three more companies. For now only networks A & B are in use and therefore the ones I need to sort. Networks A & B both have a Small Business Server on them, that runs DHCP, DNS and Exchange, so the networks need to stay seperate. There's also no requirement to share any data between the networks.

The router I want to use doesn't allow you to seperate the ethernet ports, so that is why I thought I can only have one connection to it. I'm the network administrator for both companies, both companies are currently small and don't have any problems of people hogging bandwidth. So if you could elaborate on splitting the network with one Internet connection, that would be great.

Klaus
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 27

Expert Comment

by:pseudocyber
ID: 20342771
Ok.  If your router only has one interface it needs either:
1.) vlan trunking capability - so you can send all your vlans to it and let the router decipher the vlan tags - or -
2.) one IP network coming to it - meaning your switch would have had to do the routing before the traffic gets to the router - then you need a layer 3 switch.
0
 

Author Comment

by:klaus1013
ID: 20342789
The router has four interfaces and I'm pretty sure it supports two IP's on the LAN side. The router I want to use is a ZyXEL Prestige 662H.

Klaus
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 20342810
Well I see it has 4 switched ports, and port based vlans.  If you can assign IP addresses to the individual vlan interfaces - it might work.  Can't tell from their documentation, and I've never used them.  However, if it only supports 2 IP's on the LAN side, this would not accomodate your planned expansion.

I think you would be better served investing in the layer 3 switch - but you need something that can do access control lists - don't know if Dell can do that.
0
 

Author Comment

by:klaus1013
ID: 20342981
If the Zyxel had port based VLANs that would be fine for my needs. I'm currently using a Draytek router and it has port based VLANs and it suits our network perfectly. However, we're having connection problems with the Draytek, so I need to put something else in place. The Zyxel manual for my router doesn't mention VLANs, but some websites do, so I'm not sure what to believe.

Klaus
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 20343016
Ok.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now