VLAN Configuration

I am a complete newb when it comes to VLANs, unfortunately the documentation that came with the Dell switches I have hasn't really helped my learning curve. I have six Dell PowerConnect 2716's and I need some network seperation.

Requirement 1
To seperate our two production networks (A & B), keeping data seperate, but allowing them to use the same Internet connection. The two networks are pretty small at the moment, so if necessary they could use the same switch, but I'd prefer to keep them on a switch each.

Requirement 2
To extend the network seperation to a further three networks (C, D & E). I have a similar requirment here, to keep data between the networks seperate, but allow the use of the same Internet connection.

TIA

Klaus
klaus1013Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
pseudocyberConnect With a Mentor Commented:
Ok - couple of things.

To do what you're asking for most people use a layer 3 switch at some point in their network.  Keeping segments seperated is fine, but there are some things you probably want to share between them - you've already mentioned Internet.

If this is one company, you'd also want to share basic network services such as DHCP and DNS.  You might want to share file and print and auth as well - up to you.

If it's a multiple company situation and they want to keep everything seperate but reduce costs by sharing Internet - you can do that - but you could run into trouble if one company is hogging all the bandwidth, if their policies are different and one company allows unrestricted access and someone starts doing bad stuff and people come looking for the IP etc.

Anyway, back to the layer 3 switch - so it would allow routing between vlans - which I know you don't want - but you need for Internet.  You could put in some basic rules with access control lists depending on your hardware.  

You would use another vlan - the Internet vlan.  So, vlans A, B, C could all route to I.  You would connect I to your router and you're done.

If you want to extend the vlans across switches - so vlan A is on switch 1 and 2 then you use vlan trunking.

Sticking with Dell - I think this is the first switch that supports layer 3 routing - the PowerConnect 6224 http://www.dell.com/content/products/productdetails.aspx/pwcnt_6224?c=us&cs=04&l=en&s=bsd.

If you don't want to get a layer 3 switch - then you need a router with multiple ethernet interfaces - and each interface could be a connection for a different vlan - unless you get a router which can do vlan trunking - then you could send one physical connection to it with multiple vlans on it.
0
 
klaus1013Author Commented:
I've found some good information in another post here as below:

Administration should be done via Internet Explorer 6.  Firefox and IE 7 have mixed results.
Left port 1 on VLAN #1 for administration purposes since this is the only VLAN that allows for management.
On "VLAN Membership" I created VLAN #2 and set ports 2 - 8 as untagged
On "VLAN Membership" I created VLAN #3 and set ports 9 - 12 as untagged
On "VLAN Port Settings" I changed the PVID for all ports in VLAN #2 to "2"
On "VLAN Port Settings" I changed the PVID for all ports in VLAN #3 to "3"

I think this config would work if I had two Internet connections, but at the moment I only have one. So if I used this configuration and had a connection from each VLAN into our single router, the router would 'spoil' things and allow data to cross the VLANs. So I think I need a similar configuration, but to be able to only have one connection from the switch to the router.

Again, if I could extend this configuration across multiple switches it would be great, but not essential.

Klaus
0
 
pseudocyberCommented:
PS - not a good idea to use your default vlan - normally vlan 1 for management.  It could easily be accidentally not configured and you go to plug someone in and by default, they're in the management vlan.

Or there are hacker tools which can confuse the switch and then drop traffic into the default vlan - which would be your management vlan.
0
[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

 
klaus1013Author Commented:
Thanks for the reply pseudocyber. Networks A & B consists of two different companies, with networks C, D and E consisting another possible three more companies. For now only networks A & B are in use and therefore the ones I need to sort. Networks A & B both have a Small Business Server on them, that runs DHCP, DNS and Exchange, so the networks need to stay seperate. There's also no requirement to share any data between the networks.

The router I want to use doesn't allow you to seperate the ethernet ports, so that is why I thought I can only have one connection to it. I'm the network administrator for both companies, both companies are currently small and don't have any problems of people hogging bandwidth. So if you could elaborate on splitting the network with one Internet connection, that would be great.

Klaus
0
 
pseudocyberCommented:
Ok.  If your router only has one interface it needs either:
1.) vlan trunking capability - so you can send all your vlans to it and let the router decipher the vlan tags - or -
2.) one IP network coming to it - meaning your switch would have had to do the routing before the traffic gets to the router - then you need a layer 3 switch.
0
 
klaus1013Author Commented:
The router has four interfaces and I'm pretty sure it supports two IP's on the LAN side. The router I want to use is a ZyXEL Prestige 662H.

Klaus
0
 
pseudocyberCommented:
Well I see it has 4 switched ports, and port based vlans.  If you can assign IP addresses to the individual vlan interfaces - it might work.  Can't tell from their documentation, and I've never used them.  However, if it only supports 2 IP's on the LAN side, this would not accomodate your planned expansion.

I think you would be better served investing in the layer 3 switch - but you need something that can do access control lists - don't know if Dell can do that.
0
 
klaus1013Author Commented:
If the Zyxel had port based VLANs that would be fine for my needs. I'm currently using a Draytek router and it has port based VLANs and it suits our network perfectly. However, we're having connection problems with the Draytek, so I need to put something else in place. The Zyxel manual for my router doesn't mention VLANs, but some websites do, so I'm not sure what to believe.

Klaus
0
 
pseudocyberCommented:
Ok.
0
All Courses

From novice to tech pro — start learning today.