VLAN STACKING
I have two sites: the datacenter and the HQ Office. All traffic from the HQ office goes to the Datacenter. This includes the internet. There is current two VLAN: VLAN 50 from datacenter going out to the internet and VLAN 120 for communication between the HQ and Datacenter.
I have a need for setting up a separate network at the HQ office that ONLY need internet access. I need this new network to be totally separate from the existing network. I have to use the existing VLAN 120 between HQ and Datacenter, and I was thinking about doing VLAN stacking. I have Netgear GS724TS switches. Is it possible to do VLAN stacking or is there another way that I can set up another network that has no access to the servers at the datacenter and only has access to the internet.
I am using SonicWalll for routing.
I have a need for setting up a separate network at the HQ office that ONLY need internet access. I need this new network to be totally separate from the existing network. I have to use the existing VLAN 120 between HQ and Datacenter, and I was thinking about doing VLAN stacking. I have Netgear GS724TS switches. Is it possible to do VLAN stacking or is there another way that I can set up another network that has no access to the servers at the datacenter and only has access to the internet.
I am using SonicWalll for routing.
ASKER
I think you can do Q in Q tunneling/VLAN stacking on Cisco switches? Can I do this on Netgear Smart Switches also?
Use ACL filter to deny TCP for HQ to datacenter network, then allow port 80 or IP any any.
Yes you can use dot1q tagging on the netgear.
You can't do QinQ on the Netgear switches.
ASKER
What is dot1Q? is that another term for QinQ?
dot1q tags the frame for transport to identify it. But looking at the Netgear switch it does not support QinQ as craig states.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solved by self
I'm not a Sonicwall expert, but I think (depending on the model) it should be possible to have this VPN tunnel connect to separate VLAN's at each end of the tunnel.
Thomas Roes