Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Two Networks on One Switch

Posted on 2009-05-20
8
Medium Priority
?
759 Views
Last Modified: 2012-05-07
We have run out of space in one of our racks in our offsite location and are planning to set up another rack and have a quick networking question.  We were wondering if there are managed switches out their that allow two networks on one switch.  I understand this can be done with VLANs but were hoping to stay away from that being that none of us have dove in that territory yet but will learn if it is necessary.  

Perhaps there is a way to designate a certain number of ports in the management console to one network and another group of ports to another?

Basically we are planning to buy a ProCurve 2848 (48 port) managed switch and was hoping it could do the job.  

http://www.hp.com/rnd/products/switches/HP_ProCurve_Switch_2800_Series/overview.htm
0
Comment
Question by:chrisjmccrum
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24433454
Sure, the switch will work.  You can have multiple IP subnets residing on the same VLAN.  The switch doesn't care.  However, you'll need to use VLAN's if you want "physical" (well virtual) separation of the two networks/subnets.
0
 

Author Comment

by:chrisjmccrum
ID: 24433615
I see what your saying but perhaps I worded my question poorly.  We would like to ultimately have 1 wire from our Sonicwall Router/Firewall go into port 1 on the ProCurve and have port 2-24 be our 10.160.0.1 network. Then a second wire would be run to port 25 on the ProCurve and have port 26-48 be our DMZ network 10.190.0.1.

We would like to achieve this without using VLANs and I'm pretty sure I've seen it done with some switches but I'm not sure how.  
0
 
LVL 18

Assisted Solution

by:Don S.
Don S. earned 200 total points
ID: 24433626
Don't be scared of Vlans.  They are fairly simple to implement on the Procurves (and most other switches)  You simply set up an additional vlan (Vlan2) and set the ports you want seperated to be untagged on Vlan2.  those ports are then essentially on a seperate switch from the ports you did not change (which by default are untagged on the default Vlan which is vlan 1)  that's it.  Procurve even has a menu available in the switch to make it real easy.  you can set it up in about 2 minutes.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 43

Expert Comment

by:JFrederick29
ID: 24433671
Technically this can be done with one VLAN just the way you are planning but there are security risks with using one VLAN in this manner.  I would recommend using two VLAN's.
0
 
LVL 17

Assisted Solution

by:ccomley
ccomley earned 400 total points
ID: 24433914
VLANs is what you need but yo ucan stick to the simple method.

Find a switch which will give you PORT BASED VLAN. This is SIMPLE to set up, either done with little switches on the back or by web-browsing into the switch. Either way, for each port, you chose Lan 1 or Lan 2, etc.

So just set Ports 1-8 to be Lan 1 and ports 9-16 to be Lan 2 and that's IT.

You *can* set a "trunk" port that is visible to both but in this case it sounds like you don't want to.

The other advantage you may find with such a switch is that

- you can use the web admin page to enable or disable one or more ports, remotely if you want
- you can get traffic stats on each port

Typical example, Zyxel Dimension 2xxx series, e.g. ES2024 - 24 ports, Port-Vlan-able, remote controllable, etc. via web GUI.  

(Warning - the one thing to watch out for, any such device will have a default Ip address of its own, make sure you set this to something sane before attaching it to your lan.)
0
 

Author Comment

by:chrisjmccrum
ID: 24434250
Thank you all for your responses thus far.  It's been very helpful and are realizing how easy this can be.    I've confronted our Security Specialist and he has major concerns regarding the security in general of VLANs.  We are SAS70 compliant and he is worried because they asked us one time if are networks are physically split.  Like is it possible for a user on the 10.190.0.1 VLAN2 to spoof there address and end up on VLAN1 10.160.0.1?  

Is the traffic tagged at the packet level or is the port tagged?  I guess ultimately how is the security with VLANs?  Can you point me to a good article backing it up?  

Again thank you all for your help.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 1400 total points
ID: 24434300
If security is of the utmost concern, you can simply use two switches (non managed even) for each network.  VLAN's are software based so they are prone to bugs, coding errors, etc. which is why using two physical switches is the strongest form of separation.
0
 
LVL 17

Expert Comment

by:ccomley
ID: 24438879
Footnote - PORT based VLAN cannot be spoofed because it's hard-coded on eac port of the switch which VLAN it is in.

Soft VLAN requires you to add a "tag" to each data packet saying "hey, I'm a packet on VLAN xxx", and the switch reacts to the tag - that's more powerful coz you can set the same VLAN up on multiple swithes and routers across the WAN, but you don't need it here.  
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Make the most of your online learning experience.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question