Solved

Two subnets through one switch

Posted on 2011-09-12
8
403 Views
Last Modified: 2012-05-12
OK, here it is and I need help. Right now, I have a setup where by I have an IPS with two ports.
These are setup in bridge mode and basically one port connects my LAN port on my router to
it and the second port is then connected to my LAN so that all traffic leaving or coming into my
organization is filtered. My problem is that I only have two ports and I need to filter traffic from
two separate subnets on these two IPS ports (right now I am only filtering one). I was considering putting in a managed switch
and creating VLANs so as to connect one subnet to one port and the other subnet to the other
port on the managed switch (each port configured for its VLAN) and then connect the switch to
one of the ports on the IPS. My question is how would I uplink to the IPS? I am hung up on the
connecting the switch to the IPS part. Would this port have to be setup to see both VLANs or even
as a trunk? I will  have to have two unmanaged switches for both ports on the IPS with this
scenario - for inbound and outbound traffic is you will. I cannot replace or add ports to the IPS for cost
reasons. Advice is GREATLY appreciated. Thanks.
and outbound if you will. I am really hung up and the uplink to the IPS part. Thanks.
0
Comment
Question by:Stickers2
8 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36526908
Does the IPS support trunking? Some do, and if I'm understanding your scenario, that would allow you to handle both sets of VLANs. Without that capability, I don't see a good solution that doesn't involve adding hardware.
0
 

Author Comment

by:Stickers2
ID: 36526997
The IPS vendor says they will use a subnet to encompass both subnets. I am just hung up on the actual uplink to the switch and configuration of the port used to connect to the IPS.
0
 
LVL 6

Expert Comment

by:jgibbar
ID: 36527071
Do both subnets go to one single router (see below)? Or does each subnet go to a physically different router?

Subnet1 (VLANx)----
                                 | ---- Managed Switch ---- IPS ---- Router
Subnet2 (VLANy)----



0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 

Author Comment

by:Stickers2
ID: 36528700
Same router but different ports on router
0
 
LVL 6

Expert Comment

by:jgibbar
ID: 36528909
You will need a managed switch at both sides of the IPS. Configure the trunk between the two as you would a trunk between any other two switches. Then split the router out with the different access ports with the appropriate VLAN assigned.

Alternatively, if your router supports sub interfaces, you can configure both VLANs on one physical port on the router and trunk directly to that single port. This would allow you to eliminate a piece of needed hardware.
0
 

Author Comment

by:Stickers2
ID: 36529183
So are you saying that I configure one port on each pf the managed switches as a trunk and uplink those port to the IPS?
0
 
LVL 6

Accepted Solution

by:
jgibbar earned 500 total points
ID: 36529517
Yes, the IPS should be able to see traffic from both subnets via a trunk.
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 36533288
It sounds like you need layer 3 switch to act as the root of the 2 subnets and uplink to the IPS.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I wrote this article to help simplify the process of combining multiple subnets. This can be used for route summarization also but there are other better ways to summarize routes, This article is a result of questions I participate in here at Ex…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question