• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1007
  • Last Modified:

First VLAN setup. Have I got it right?

Ok please bare with me on this as this is pretty new.

First od all our local lan is all on the default VLAN 1 setup.

I have just replaced our external HP unmanaged switch (sits outside of internal lan) with a new HP 1800G ProCurve managed switch which is not connected to lan. Basically our ISP's router and external port on our Cisco ASA5510 firewall plus a couple of other devices sit on this switch. But I want to be able to manage this from the interanl lan.
I have given the new HP 1800G ProCurve switch a local IP (172.31.5.10).

Do I just need to create a VLAN 2 on this switch place all device ports on this VLAN apart from one port (8) leave it in the default VLAN 1 and then plug that into a switch on our lan? Will this enable me to then manage it without physically plugging into this switch?

I hope that makes sense.

Basic setup:

Lan>
Inside port on Cisco 5510>
Outside port on Cisco 5510>
External Switch(HP 1800G ProCurve)> ISP Router + other devices i.e. Video Conference device>
Web

And would I be able to make these changes on the fly? Or would it take down anything by creating VLAN's and assigning ports.

Thanks in advance,
Richard
0
Vai777
Asked:
Vai777
  • 3
  • 3
1 Solution
 
DonbooCommented:
You should create a seperate VLAN (vlan 2) to hold the internal network and give the that VLAN an IP address in the internal IP addressing scheme, then you´d be able to manage it from the LAN.

Also any changes on the switch is done on the fly except creating vlans to a certain point when using HP, then you have to enable the software for more VLANs (think default is 5 vlans).

So it would be like this: LAN-SWITCH->HP-SWITCH-VLAN2->Inside ASA5510->OutsideASA5510->HP_SWITCH-VLAN1.

0
 
Vai777Author Commented:
But we've got 6 switches on our internal lan all setup on the default VLAN 1.
So wouldn't it be easier to set the external switch on VLAN 2 i.e. ports 1>7 and leave port 8 on VLAN 1 and then link port number 8 to the rest of the internal switches?

Wouldn't that enable me to get to it from the internal lan?
0
 
DonbooCommented:
It will be more simple to it like you suggest but in reality it dosn´t matter as VLAN is only significant locally per switch unless you use VLAN trunk between your switches.

For instance attaching a switch VLAN 2 to a switch VLAN 1 as access ports still enables them to pass traffic but the setup isn´t really in line with best practices.

Also you need to ports in VLAN 1 for internal LAN 1 for the rest of the internal LAN switches and 1 for the ASA5510 inside interface.

So in your case it would look like this.

LAN-SWITCH-VLAN1->HP-SWITCH-VLAN1->Inside ASA5510->OutsideASA5510->HP_SWITCH-VLAN2->ALL-OTHER-PUBLIC-IP.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Vai777Author Commented:
We don't use any trunks. This is the first VLAN setup I've ever done.

How would you suggest I manage the external switch instead? I need to be able to manage it from the internal lan rather than having to physically plug into the switch.

And your last topology example is exactly how it looks now.

Thanks for all you help and advice so far. It's much appreciated.
0
 
DonbooCommented:
If its like that then you should just give the HP switch an LAN IP address on VLAN 1 and no IP address on VLAN 2 and you should be in business.
0
 
Vai777Author Commented:
Already done!

Great stuff. I'm no longer a VLAN virgin.

Thanks again. Your a star!

Points will be given.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now