Two Networks on One Switch

Posted on 2009-05-20
Last Modified: 2012-05-07
We have run out of space in one of our racks in our offsite location and are planning to set up another rack and have a quick networking question.  We were wondering if there are managed switches out their that allow two networks on one switch.  I understand this can be done with VLANs but were hoping to stay away from that being that none of us have dove in that territory yet but will learn if it is necessary.  

Perhaps there is a way to designate a certain number of ports in the management console to one network and another group of ports to another?

Basically we are planning to buy a ProCurve 2848 (48 port) managed switch and was hoping it could do the job.
Question by:chrisjmccrum
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 43

Expert Comment

ID: 24433454
Sure, the switch will work.  You can have multiple IP subnets residing on the same VLAN.  The switch doesn't care.  However, you'll need to use VLAN's if you want "physical" (well virtual) separation of the two networks/subnets.

Author Comment

ID: 24433615
I see what your saying but perhaps I worded my question poorly.  We would like to ultimately have 1 wire from our Sonicwall Router/Firewall go into port 1 on the ProCurve and have port 2-24 be our network. Then a second wire would be run to port 25 on the ProCurve and have port 26-48 be our DMZ network

We would like to achieve this without using VLANs and I'm pretty sure I've seen it done with some switches but I'm not sure how.  
LVL 18

Assisted Solution

by:Don S.
Don S. earned 50 total points
ID: 24433626
Don't be scared of Vlans.  They are fairly simple to implement on the Procurves (and most other switches)  You simply set up an additional vlan (Vlan2) and set the ports you want seperated to be untagged on Vlan2.  those ports are then essentially on a seperate switch from the ports you did not change (which by default are untagged on the default Vlan which is vlan 1)  that's it.  Procurve even has a menu available in the switch to make it real easy.  you can set it up in about 2 minutes.
Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

LVL 43

Expert Comment

ID: 24433671
Technically this can be done with one VLAN just the way you are planning but there are security risks with using one VLAN in this manner.  I would recommend using two VLAN's.
LVL 17

Assisted Solution

ccomley earned 100 total points
ID: 24433914
VLANs is what you need but yo ucan stick to the simple method.

Find a switch which will give you PORT BASED VLAN. This is SIMPLE to set up, either done with little switches on the back or by web-browsing into the switch. Either way, for each port, you chose Lan 1 or Lan 2, etc.

So just set Ports 1-8 to be Lan 1 and ports 9-16 to be Lan 2 and that's IT.

You *can* set a "trunk" port that is visible to both but in this case it sounds like you don't want to.

The other advantage you may find with such a switch is that

- you can use the web admin page to enable or disable one or more ports, remotely if you want
- you can get traffic stats on each port

Typical example, Zyxel Dimension 2xxx series, e.g. ES2024 - 24 ports, Port-Vlan-able, remote controllable, etc. via web GUI.  

(Warning - the one thing to watch out for, any such device will have a default Ip address of its own, make sure you set this to something sane before attaching it to your lan.)

Author Comment

ID: 24434250
Thank you all for your responses thus far.  It's been very helpful and are realizing how easy this can be.    I've confronted our Security Specialist and he has major concerns regarding the security in general of VLANs.  We are SAS70 compliant and he is worried because they asked us one time if are networks are physically split.  Like is it possible for a user on the VLAN2 to spoof there address and end up on VLAN1  

Is the traffic tagged at the packet level or is the port tagged?  I guess ultimately how is the security with VLANs?  Can you point me to a good article backing it up?  

Again thank you all for your help.
LVL 43

Accepted Solution

JFrederick29 earned 350 total points
ID: 24434300
If security is of the utmost concern, you can simply use two switches (non managed even) for each network.  VLAN's are software based so they are prone to bugs, coding errors, etc. which is why using two physical switches is the strongest form of separation.
LVL 17

Expert Comment

ID: 24438879
Footnote - PORT based VLAN cannot be spoofed because it's hard-coded on eac port of the switch which VLAN it is in.

Soft VLAN requires you to add a "tag" to each data packet saying "hey, I'm a packet on VLAN xxx", and the switch reacts to the tag - that's more powerful coz you can set the same VLAN up on multiple swithes and routers across the WAN, but you don't need it here.  

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS issue. Can't add a server to a domain 23 207
VPN Exposure 19 45
How to separate mgmt & production vm network 8 79
Sonicpoint ACi and PoE switch 2 4
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question