Solved

Two Networks on One Switch

Posted on 2009-05-20
8
707 Views
Last Modified: 2012-05-07
We have run out of space in one of our racks in our offsite location and are planning to set up another rack and have a quick networking question.  We were wondering if there are managed switches out their that allow two networks on one switch.  I understand this can be done with VLANs but were hoping to stay away from that being that none of us have dove in that territory yet but will learn if it is necessary.  

Perhaps there is a way to designate a certain number of ports in the management console to one network and another group of ports to another?

Basically we are planning to buy a ProCurve 2848 (48 port) managed switch and was hoping it could do the job.  

http://www.hp.com/rnd/products/switches/HP_ProCurve_Switch_2800_Series/overview.htm
0
Comment
Question by:chrisjmccrum
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24433454
Sure, the switch will work.  You can have multiple IP subnets residing on the same VLAN.  The switch doesn't care.  However, you'll need to use VLAN's if you want "physical" (well virtual) separation of the two networks/subnets.
0
 

Author Comment

by:chrisjmccrum
ID: 24433615
I see what your saying but perhaps I worded my question poorly.  We would like to ultimately have 1 wire from our Sonicwall Router/Firewall go into port 1 on the ProCurve and have port 2-24 be our 10.160.0.1 network. Then a second wire would be run to port 25 on the ProCurve and have port 26-48 be our DMZ network 10.190.0.1.

We would like to achieve this without using VLANs and I'm pretty sure I've seen it done with some switches but I'm not sure how.  
0
 
LVL 18

Assisted Solution

by:Don S.
Don S. earned 50 total points
ID: 24433626
Don't be scared of Vlans.  They are fairly simple to implement on the Procurves (and most other switches)  You simply set up an additional vlan (Vlan2) and set the ports you want seperated to be untagged on Vlan2.  those ports are then essentially on a seperate switch from the ports you did not change (which by default are untagged on the default Vlan which is vlan 1)  that's it.  Procurve even has a menu available in the switch to make it real easy.  you can set it up in about 2 minutes.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24433671
Technically this can be done with one VLAN just the way you are planning but there are security risks with using one VLAN in this manner.  I would recommend using two VLAN's.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 16

Assisted Solution

by:ccomley
ccomley earned 100 total points
ID: 24433914
VLANs is what you need but yo ucan stick to the simple method.

Find a switch which will give you PORT BASED VLAN. This is SIMPLE to set up, either done with little switches on the back or by web-browsing into the switch. Either way, for each port, you chose Lan 1 or Lan 2, etc.

So just set Ports 1-8 to be Lan 1 and ports 9-16 to be Lan 2 and that's IT.

You *can* set a "trunk" port that is visible to both but in this case it sounds like you don't want to.

The other advantage you may find with such a switch is that

- you can use the web admin page to enable or disable one or more ports, remotely if you want
- you can get traffic stats on each port

Typical example, Zyxel Dimension 2xxx series, e.g. ES2024 - 24 ports, Port-Vlan-able, remote controllable, etc. via web GUI.  

(Warning - the one thing to watch out for, any such device will have a default Ip address of its own, make sure you set this to something sane before attaching it to your lan.)
0
 

Author Comment

by:chrisjmccrum
ID: 24434250
Thank you all for your responses thus far.  It's been very helpful and are realizing how easy this can be.    I've confronted our Security Specialist and he has major concerns regarding the security in general of VLANs.  We are SAS70 compliant and he is worried because they asked us one time if are networks are physically split.  Like is it possible for a user on the 10.190.0.1 VLAN2 to spoof there address and end up on VLAN1 10.160.0.1?  

Is the traffic tagged at the packet level or is the port tagged?  I guess ultimately how is the security with VLANs?  Can you point me to a good article backing it up?  

Again thank you all for your help.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 350 total points
ID: 24434300
If security is of the utmost concern, you can simply use two switches (non managed even) for each network.  VLAN's are software based so they are prone to bugs, coding errors, etc. which is why using two physical switches is the strongest form of separation.
0
 
LVL 16

Expert Comment

by:ccomley
ID: 24438879
Footnote - PORT based VLAN cannot be spoofed because it's hard-coded on eac port of the switch which VLAN it is in.

Soft VLAN requires you to add a "tag" to each data packet saying "hey, I'm a packet on VLAN xxx", and the switch reacts to the tag - that's more powerful coz you can set the same VLAN up on multiple swithes and routers across the WAN, but you don't need it here.  
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now