Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 422
  • Last Modified:

Two subnets through one switch

OK, here it is and I need help. Right now, I have a setup where by I have an IPS with two ports.
These are setup in bridge mode and basically one port connects my LAN port on my router to
it and the second port is then connected to my LAN so that all traffic leaving or coming into my
organization is filtered. My problem is that I only have two ports and I need to filter traffic from
two separate subnets on these two IPS ports (right now I am only filtering one). I was considering putting in a managed switch
and creating VLANs so as to connect one subnet to one port and the other subnet to the other
port on the managed switch (each port configured for its VLAN) and then connect the switch to
one of the ports on the IPS. My question is how would I uplink to the IPS? I am hung up on the
connecting the switch to the IPS part. Would this port have to be setup to see both VLANs or even
as a trunk? I will  have to have two unmanaged switches for both ports on the IPS with this
scenario - for inbound and outbound traffic is you will. I cannot replace or add ports to the IPS for cost
reasons. Advice is GREATLY appreciated. Thanks.
and outbound if you will. I am really hung up and the uplink to the IPS part. Thanks.
0
Stickers2
Asked:
Stickers2
1 Solution
 
jmeggersCommented:
Does the IPS support trunking? Some do, and if I'm understanding your scenario, that would allow you to handle both sets of VLANs. Without that capability, I don't see a good solution that doesn't involve adding hardware.
0
 
Stickers2Author Commented:
The IPS vendor says they will use a subnet to encompass both subnets. I am just hung up on the actual uplink to the switch and configuration of the port used to connect to the IPS.
0
 
jgibbarCommented:
Do both subnets go to one single router (see below)? Or does each subnet go to a physically different router?

Subnet1 (VLANx)----
                                 | ---- Managed Switch ---- IPS ---- Router
Subnet2 (VLANy)----



0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
Stickers2Author Commented:
Same router but different ports on router
0
 
jgibbarCommented:
You will need a managed switch at both sides of the IPS. Configure the trunk between the two as you would a trunk between any other two switches. Then split the router out with the different access ports with the appropriate VLAN assigned.

Alternatively, if your router supports sub interfaces, you can configure both VLANs on one physical port on the router and trunk directly to that single port. This would allow you to eliminate a piece of needed hardware.
0
 
Stickers2Author Commented:
So are you saying that I configure one port on each pf the managed switches as a trunk and uplink those port to the IPS?
0
 
jgibbarCommented:
Yes, the IPS should be able to see traffic from both subnets via a trunk.
0
 
eeRootCommented:
It sounds like you need layer 3 switch to act as the root of the 2 subnets and uplink to the IPS.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now