kman48185
asked on
Splitting one physical network into 2 seqments making sure each side cannot see or get to the other
I have a business that need to have 1 physical network split into 2 segments. They each have their own Server, their own SonicWall firewall where DHCP is handeled. Each has internet access coming through seperate cable boxes. Each has it's own swich with their own pc's plugged into their own switch.
The problem seems to be there is one resouce, a network printer that is in one of the two domains.
I need to be able to have Company A point to Company B's network printer.
Also I have not turned on DHCP for Company A, so they currently get DHCP from Company B's SonicWall. When I do turn on Company A's DHCP server how can I make sure that Company' B's DHCP server won't send leases to Company B. And yes do to the network printer the switches are currently connected.
Kevin
The problem seems to be there is one resouce, a network printer that is in one of the two domains.
I need to be able to have Company A point to Company B's network printer.
Also I have not turned on DHCP for Company A, so they currently get DHCP from Company B's SonicWall. When I do turn on Company A's DHCP server how can I make sure that Company' B's DHCP server won't send leases to Company B. And yes do to the network printer the switches are currently connected.
Kevin
ASKER
Kurt,
There is a Linksys SR2016 16 Port Giga Switch, adn LM DS424 and a Dell PowerConnect 2708, which appears to have a managed mode capability. The fires walls are SonicWall TZ 170 and TZ180.
If I need them to upgrade one of the switches to one that can create VLAN's then I will. Also if the network printer can either A. have a second nic or B, Have two IP's bound to it would this help?
thanks
Kevin
There is a Linksys SR2016 16 Port Giga Switch, adn LM DS424 and a Dell PowerConnect 2708, which appears to have a managed mode capability. The fires walls are SonicWall TZ 170 and TZ180.
If I need them to upgrade one of the switches to one that can create VLAN's then I will. Also if the network printer can either A. have a second nic or B, Have two IP's bound to it would this help?
thanks
Kevin
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fantastic Kurt. I could use the screen shots as I have never logged into the Dell 2708 before. I am hoping it's like the Linksys with a default gateway and no password. I might have another 2708 laying around so I will have to check it. The client is a law firm, so I probably won't get approval for all this until next weekend. But I can create the VLAN, any time during the week.
Kevin
Kevin
Well, the webbased mgmt tool is pretty straight forward, and once you understand the concept of creating the VLANs, and assigning ports, it's not that hard.
First the easy part.
The switch has a button with managed mode on it. just press this one, and make sure the managed led is illuminated. At this point, the default settings are :
ip address : 192.168.2.1 (if you change the IP address, change it to an ip address in VLAN1, so company A ip range)
username = admin
no password
The user guide can be found here :
http://docs.us.dell.com/su
this user guide also contains some screenshots, but I will guide you through the VLAN stuff a bit.
By default, all ports are assigned to VLAN 1. What you have to do in your case is create a second VLAN by going to VLAN Membership, and add a new VLAN (see screenshot VL1.JPG) click the create VLAN radio button, and put a number (2 for example)
Once you have done this, you will be able to assign ports to this vlan. In your case, you would need to activate port 3 and 4 for VLAN 2 (remember port 1 and 2 are already in VLAN1 by default.) To enable ports 3 and 4 in VLAN 2, goto the drop down list and select VLAN2. Now you will see that all ports are blank in the little 'Ports' field below. If you click on the static field for port 3 or 4, you will notice that it changes from U to T to nothing. You want this to be U (which stands for Untagged). now do the same for port4. click apply to accept these settings,
the only thing you need to do now, is change the PVID on the port. You do this under port VLA Membership. Just select the port in the drop down menu, and set the PVID to 2. do this for both port 3 and 4. (don't forget to click 'apply changes'
Likewise, you can put more ports in VLAN 2. VLAN1 and VLAN2 will be fully separated now, unless you put a router inbetween.
In my screenshots, you will see that I have port 1 as a T - port, this is something you don't need for now, so disregard that in your own configs. If you ever want to create a trunk (multiple VLANs over one port) you might need this.
I created 3 VLANs (1, 4, and 6) port 1 is the trunk to another switch (cisco), 2 and 3 are in VLAN 4 and 4 and 5 are in VLAN 6
Let me know how things go, and please do not hesitate to contact me via this thread again once you are testing.
Best Regards
Kurt
VL1.jpg
VL4.jpg
VL6.jpg
portmem.jpg
First the easy part.
The switch has a button with managed mode on it. just press this one, and make sure the managed led is illuminated. At this point, the default settings are :
ip address : 192.168.2.1 (if you change the IP address, change it to an ip address in VLAN1, so company A ip range)
username = admin
no password
The user guide can be found here :
http://docs.us.dell.com/su
this user guide also contains some screenshots, but I will guide you through the VLAN stuff a bit.
By default, all ports are assigned to VLAN 1. What you have to do in your case is create a second VLAN by going to VLAN Membership, and add a new VLAN (see screenshot VL1.JPG) click the create VLAN radio button, and put a number (2 for example)
Once you have done this, you will be able to assign ports to this vlan. In your case, you would need to activate port 3 and 4 for VLAN 2 (remember port 1 and 2 are already in VLAN1 by default.) To enable ports 3 and 4 in VLAN 2, goto the drop down list and select VLAN2. Now you will see that all ports are blank in the little 'Ports' field below. If you click on the static field for port 3 or 4, you will notice that it changes from U to T to nothing. You want this to be U (which stands for Untagged). now do the same for port4. click apply to accept these settings,
the only thing you need to do now, is change the PVID on the port. You do this under port VLA Membership. Just select the port in the drop down menu, and set the PVID to 2. do this for both port 3 and 4. (don't forget to click 'apply changes'
Likewise, you can put more ports in VLAN 2. VLAN1 and VLAN2 will be fully separated now, unless you put a router inbetween.
In my screenshots, you will see that I have port 1 as a T - port, this is something you don't need for now, so disregard that in your own configs. If you ever want to create a trunk (multiple VLANs over one port) you might need this.
I created 3 VLANs (1, 4, and 6) port 1 is the trunk to another switch (cisco), 2 and 3 are in VLAN 4 and 4 and 5 are in VLAN 6
Let me know how things go, and please do not hesitate to contact me via this thread again once you are testing.
Best Regards
Kurt
VL1.jpg
VL4.jpg
VL6.jpg
portmem.jpg
ASKER
Good deal. I will be checking this out in a little bit. I can at least set the thing to managed mode and maybe create the VLAN's, I know just the 2nd one as the first is already there. I think that the only things in the Dell switch are my server which has nothing to do with the company A or B. They just let me use ther bandwidth.
ASKER
Kurt,
It appears that there is no option to have a 2nd NIC in the network printer in Company A's domain. Nor is there an option to bind a 2nd IP to the NIC. Can we create a path in VLAN2 (Company B's vlan) to the printer in Company A's vlan?
It appears that there is no option to have a 2nd NIC in the network printer in Company A's domain. Nor is there an option to bind a 2nd IP to the NIC. Can we create a path in VLAN2 (Company B's vlan) to the printer in Company A's vlan?
Hi Kevin,
The only option would be to route between the VLANs. I don't know if you have a router laying around? It does not need to be a high end router. Just something with 2 ethernet interfaces that can route the 2 segments. (Something like a 831) this will only enable you to route between the 2 VLANS, so if in the future you need extra VLANs, you will not be able to route between those.
If you want to be ready for future expansion, then I would go to a Cisco 2600 or so (this way you can trunk the VLANs into the router, that will take care of the routing.) These are routers that are end of sales, so you would have to look on ebay or so to buy one.
There are products of other vendors, but I'm not too faimiliar with them. You could also look at a linux router (LINUX PC with 2 ethernet interfaces), but then you would need someone who can help you with that.
Kurt
The only option would be to route between the VLANs. I don't know if you have a router laying around? It does not need to be a high end router. Just something with 2 ethernet interfaces that can route the 2 segments. (Something like a 831) this will only enable you to route between the 2 VLANS, so if in the future you need extra VLANs, you will not be able to route between those.
If you want to be ready for future expansion, then I would go to a Cisco 2600 or so (this way you can trunk the VLANs into the router, that will take care of the routing.) These are routers that are end of sales, so you would have to look on ebay or so to buy one.
There are products of other vendors, but I'm not too faimiliar with them. You could also look at a linux router (LINUX PC with 2 ethernet interfaces), but then you would need someone who can help you with that.
Kurt
ASKER
Please leave this question open, we are about to apply the suggestions contained with in.
ASKER
I finally got to this and it worked like a charm. Thanks Dude!!!
What are the switches that you have? and what are the sonicwall FW types? IF you have switches that support VLANs, you could split these segment over 2 VLANs. If you do so, you can then put the FWs in each segment to perform the DHCP and FW function to the internet. To route between these segments (for the printer to be reachable for company A), you would need a router with 2 ethernet ports.
If you let me know the exact types of switches, (routers if you have any) and FWs, we can go more into depth on how to configure all this.
Regards
Kurt