Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Two subnets through one switch

Posted on 2011-09-12
8
Medium Priority
?
419 Views
Last Modified: 2012-05-12
OK, here it is and I need help. Right now, I have a setup where by I have an IPS with two ports.
These are setup in bridge mode and basically one port connects my LAN port on my router to
it and the second port is then connected to my LAN so that all traffic leaving or coming into my
organization is filtered. My problem is that I only have two ports and I need to filter traffic from
two separate subnets on these two IPS ports (right now I am only filtering one). I was considering putting in a managed switch
and creating VLANs so as to connect one subnet to one port and the other subnet to the other
port on the managed switch (each port configured for its VLAN) and then connect the switch to
one of the ports on the IPS. My question is how would I uplink to the IPS? I am hung up on the
connecting the switch to the IPS part. Would this port have to be setup to see both VLANs or even
as a trunk? I will  have to have two unmanaged switches for both ports on the IPS with this
scenario - for inbound and outbound traffic is you will. I cannot replace or add ports to the IPS for cost
reasons. Advice is GREATLY appreciated. Thanks.
and outbound if you will. I am really hung up and the uplink to the IPS part. Thanks.
0
Comment
Question by:Stickers2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36526908
Does the IPS support trunking? Some do, and if I'm understanding your scenario, that would allow you to handle both sets of VLANs. Without that capability, I don't see a good solution that doesn't involve adding hardware.
0
 

Author Comment

by:Stickers2
ID: 36526997
The IPS vendor says they will use a subnet to encompass both subnets. I am just hung up on the actual uplink to the switch and configuration of the port used to connect to the IPS.
0
 
LVL 6

Expert Comment

by:jgibbar
ID: 36527071
Do both subnets go to one single router (see below)? Or does each subnet go to a physically different router?

Subnet1 (VLANx)----
                                 | ---- Managed Switch ---- IPS ---- Router
Subnet2 (VLANy)----



0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 

Author Comment

by:Stickers2
ID: 36528700
Same router but different ports on router
0
 
LVL 6

Expert Comment

by:jgibbar
ID: 36528909
You will need a managed switch at both sides of the IPS. Configure the trunk between the two as you would a trunk between any other two switches. Then split the router out with the different access ports with the appropriate VLAN assigned.

Alternatively, if your router supports sub interfaces, you can configure both VLANs on one physical port on the router and trunk directly to that single port. This would allow you to eliminate a piece of needed hardware.
0
 

Author Comment

by:Stickers2
ID: 36529183
So are you saying that I configure one port on each pf the managed switches as a trunk and uplink those port to the IPS?
0
 
LVL 6

Accepted Solution

by:
jgibbar earned 2000 total points
ID: 36529517
Yes, the IPS should be able to see traffic from both subnets via a trunk.
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 36533288
It sounds like you need layer 3 switch to act as the root of the 2 subnets and uplink to the IPS.
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question