Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Two Networks on One Switch

Posted on 2009-05-20
Medium Priority
Last Modified: 2012-05-07
We have run out of space in one of our racks in our offsite location and are planning to set up another rack and have a quick networking question.  We were wondering if there are managed switches out their that allow two networks on one switch.  I understand this can be done with VLANs but were hoping to stay away from that being that none of us have dove in that territory yet but will learn if it is necessary.  

Perhaps there is a way to designate a certain number of ports in the management console to one network and another group of ports to another?

Basically we are planning to buy a ProCurve 2848 (48 port) managed switch and was hoping it could do the job.  

Question by:chrisjmccrum
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 43

Expert Comment

ID: 24433454
Sure, the switch will work.  You can have multiple IP subnets residing on the same VLAN.  The switch doesn't care.  However, you'll need to use VLAN's if you want "physical" (well virtual) separation of the two networks/subnets.

Author Comment

ID: 24433615
I see what your saying but perhaps I worded my question poorly.  We would like to ultimately have 1 wire from our Sonicwall Router/Firewall go into port 1 on the ProCurve and have port 2-24 be our network. Then a second wire would be run to port 25 on the ProCurve and have port 26-48 be our DMZ network

We would like to achieve this without using VLANs and I'm pretty sure I've seen it done with some switches but I'm not sure how.  
LVL 18

Assisted Solution

by:Don S.
Don S. earned 200 total points
ID: 24433626
Don't be scared of Vlans.  They are fairly simple to implement on the Procurves (and most other switches)  You simply set up an additional vlan (Vlan2) and set the ports you want seperated to be untagged on Vlan2.  those ports are then essentially on a seperate switch from the ports you did not change (which by default are untagged on the default Vlan which is vlan 1)  that's it.  Procurve even has a menu available in the switch to make it real easy.  you can set it up in about 2 minutes.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 43

Expert Comment

ID: 24433671
Technically this can be done with one VLAN just the way you are planning but there are security risks with using one VLAN in this manner.  I would recommend using two VLAN's.
LVL 17

Assisted Solution

ccomley earned 400 total points
ID: 24433914
VLANs is what you need but yo ucan stick to the simple method.

Find a switch which will give you PORT BASED VLAN. This is SIMPLE to set up, either done with little switches on the back or by web-browsing into the switch. Either way, for each port, you chose Lan 1 or Lan 2, etc.

So just set Ports 1-8 to be Lan 1 and ports 9-16 to be Lan 2 and that's IT.

You *can* set a "trunk" port that is visible to both but in this case it sounds like you don't want to.

The other advantage you may find with such a switch is that

- you can use the web admin page to enable or disable one or more ports, remotely if you want
- you can get traffic stats on each port

Typical example, Zyxel Dimension 2xxx series, e.g. ES2024 - 24 ports, Port-Vlan-able, remote controllable, etc. via web GUI.  

(Warning - the one thing to watch out for, any such device will have a default Ip address of its own, make sure you set this to something sane before attaching it to your lan.)

Author Comment

ID: 24434250
Thank you all for your responses thus far.  It's been very helpful and are realizing how easy this can be.    I've confronted our Security Specialist and he has major concerns regarding the security in general of VLANs.  We are SAS70 compliant and he is worried because they asked us one time if are networks are physically split.  Like is it possible for a user on the VLAN2 to spoof there address and end up on VLAN1  

Is the traffic tagged at the packet level or is the port tagged?  I guess ultimately how is the security with VLANs?  Can you point me to a good article backing it up?  

Again thank you all for your help.
LVL 43

Accepted Solution

JFrederick29 earned 1400 total points
ID: 24434300
If security is of the utmost concern, you can simply use two switches (non managed even) for each network.  VLAN's are software based so they are prone to bugs, coding errors, etc. which is why using two physical switches is the strongest form of separation.
LVL 17

Expert Comment

ID: 24438879
Footnote - PORT based VLAN cannot be spoofed because it's hard-coded on eac port of the switch which VLAN it is in.

Soft VLAN requires you to add a "tag" to each data packet saying "hey, I'm a packet on VLAN xxx", and the switch reacts to the tag - that's more powerful coz you can set the same VLAN up on multiple swithes and routers across the WAN, but you don't need it here.  

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Make the most of your online learning experience.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question