Solved

Two subnets through one switch

Posted on 2011-09-12
8
384 Views
Last Modified: 2012-05-12
OK, here it is and I need help. Right now, I have a setup where by I have an IPS with two ports.
These are setup in bridge mode and basically one port connects my LAN port on my router to
it and the second port is then connected to my LAN so that all traffic leaving or coming into my
organization is filtered. My problem is that I only have two ports and I need to filter traffic from
two separate subnets on these two IPS ports (right now I am only filtering one). I was considering putting in a managed switch
and creating VLANs so as to connect one subnet to one port and the other subnet to the other
port on the managed switch (each port configured for its VLAN) and then connect the switch to
one of the ports on the IPS. My question is how would I uplink to the IPS? I am hung up on the
connecting the switch to the IPS part. Would this port have to be setup to see both VLANs or even
as a trunk? I will  have to have two unmanaged switches for both ports on the IPS with this
scenario - for inbound and outbound traffic is you will. I cannot replace or add ports to the IPS for cost
reasons. Advice is GREATLY appreciated. Thanks.
and outbound if you will. I am really hung up and the uplink to the IPS part. Thanks.
0
Comment
Question by:Stickers2
8 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36526908
Does the IPS support trunking? Some do, and if I'm understanding your scenario, that would allow you to handle both sets of VLANs. Without that capability, I don't see a good solution that doesn't involve adding hardware.
0
 

Author Comment

by:Stickers2
ID: 36526997
The IPS vendor says they will use a subnet to encompass both subnets. I am just hung up on the actual uplink to the switch and configuration of the port used to connect to the IPS.
0
 
LVL 6

Expert Comment

by:jgibbar
ID: 36527071
Do both subnets go to one single router (see below)? Or does each subnet go to a physically different router?

Subnet1 (VLANx)----
                                 | ---- Managed Switch ---- IPS ---- Router
Subnet2 (VLANy)----



0
 

Author Comment

by:Stickers2
ID: 36528700
Same router but different ports on router
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 6

Expert Comment

by:jgibbar
ID: 36528909
You will need a managed switch at both sides of the IPS. Configure the trunk between the two as you would a trunk between any other two switches. Then split the router out with the different access ports with the appropriate VLAN assigned.

Alternatively, if your router supports sub interfaces, you can configure both VLANs on one physical port on the router and trunk directly to that single port. This would allow you to eliminate a piece of needed hardware.
0
 

Author Comment

by:Stickers2
ID: 36529183
So are you saying that I configure one port on each pf the managed switches as a trunk and uplink those port to the IPS?
0
 
LVL 6

Accepted Solution

by:
jgibbar earned 500 total points
ID: 36529517
Yes, the IPS should be able to see traffic from both subnets via a trunk.
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 36533288
It sounds like you need layer 3 switch to act as the root of the 2 subnets and uplink to the IPS.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now