We help IT Professionals succeed at work.

First VLAN setup. Have I got it right?

Vai777
Vai777 asked
on
Medium Priority
1,025 Views
Last Modified: 2012-05-06
Ok please bare with me on this as this is pretty new.

First od all our local lan is all on the default VLAN 1 setup.

I have just replaced our external HP unmanaged switch (sits outside of internal lan) with a new HP 1800G ProCurve managed switch which is not connected to lan. Basically our ISP's router and external port on our Cisco ASA5510 firewall plus a couple of other devices sit on this switch. But I want to be able to manage this from the interanl lan.
I have given the new HP 1800G ProCurve switch a local IP (172.31.5.10).

Do I just need to create a VLAN 2 on this switch place all device ports on this VLAN apart from one port (8) leave it in the default VLAN 1 and then plug that into a switch on our lan? Will this enable me to then manage it without physically plugging into this switch?

I hope that makes sense.

Basic setup:

Lan>
Inside port on Cisco 5510>
Outside port on Cisco 5510>
External Switch(HP 1800G ProCurve)> ISP Router + other devices i.e. Video Conference device>
Web

And would I be able to make these changes on the fly? Or would it take down anything by creating VLAN's and assigning ports.

Thanks in advance,
Richard
Comment
Watch Question

Commented:
You should create a seperate VLAN (vlan 2) to hold the internal network and give the that VLAN an IP address in the internal IP addressing scheme, then you´d be able to manage it from the LAN.

Also any changes on the switch is done on the fly except creating vlans to a certain point when using HP, then you have to enable the software for more VLANs (think default is 5 vlans).

So it would be like this: LAN-SWITCH->HP-SWITCH-VLAN2->Inside ASA5510->OutsideASA5510->HP_SWITCH-VLAN1.

Author

Commented:
But we've got 6 switches on our internal lan all setup on the default VLAN 1.
So wouldn't it be easier to set the external switch on VLAN 2 i.e. ports 1>7 and leave port 8 on VLAN 1 and then link port number 8 to the rest of the internal switches?

Wouldn't that enable me to get to it from the internal lan?
Commented:
It will be more simple to it like you suggest but in reality it dosn´t matter as VLAN is only significant locally per switch unless you use VLAN trunk between your switches.

For instance attaching a switch VLAN 2 to a switch VLAN 1 as access ports still enables them to pass traffic but the setup isn´t really in line with best practices.

Also you need to ports in VLAN 1 for internal LAN 1 for the rest of the internal LAN switches and 1 for the ASA5510 inside interface.

So in your case it would look like this.

LAN-SWITCH-VLAN1->HP-SWITCH-VLAN1->Inside ASA5510->OutsideASA5510->HP_SWITCH-VLAN2->ALL-OTHER-PUBLIC-IP.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
We don't use any trunks. This is the first VLAN setup I've ever done.

How would you suggest I manage the external switch instead? I need to be able to manage it from the internal lan rather than having to physically plug into the switch.

And your last topology example is exactly how it looks now.

Thanks for all you help and advice so far. It's much appreciated.

Commented:
If its like that then you should just give the HP switch an LAN IP address on VLAN 1 and no IP address on VLAN 2 and you should be in business.

Author

Commented:
Already done!

Great stuff. I'm no longer a VLAN virgin.

Thanks again. Your a star!

Points will be given.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.