?
Solved

Network Desgin With Vlan

Posted on 2014-10-30
8
Medium Priority
?
206 Views
Last Modified: 2014-10-31
Hi,
Point-1:
We have a production unit with different plants.
Plants Name
A
B
C

Point-2:
We have also a Administration building where our server room.
Where our Check Point firewall is mounted.


Point-3:
We have ISP (Airtel and Relience)


Current Network Design:
Both ISP are configure in checkpoint firewall. After that a port configure for local LAN
with 3 network range ,
192.168.4.1-254 -For Users
192.168.5.1-254 -For Server
192.168.6.1-254 -For Users
192.168.3.1-254 -For CCTV
 
And a CAT-6 cable is connected from firewall to Cisco Switch SG-300 28 Port(SW1) for LAN Network.
Our network is very slow because we dont have any VLAN in Network.All network on same subnet.

And a cable connected from a server room switch(SW1) to  in lift room switch Cisco Switch SG-300 28 Port(SW2).
After that 3 cable connected to RF(radio frequency) which are provide the internet for Plants .

And each plant have cisco unmanged switch.

We attach a file .


Please help us.
Ashish Kumar
If any query Mail to me Kumar.ashish9000@gmail.com

Thanks
scan-001.jpg
0
Comment
Question by:Ashish Kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 12

Accepted Solution

by:
Fidelius earned 1500 total points
ID: 40412885
Hello,

You can reconfigure network (CheckPoint, SW1 and SW2) and put each subnet to own VLAN.
On Checkpoint configure 802.1Q trunk interface toward local LAN, and create subinterface in each VLAN.
On SW1 and SW2 create appropriate VLANs, and assign ports to it. Port toward CheckPoint configrure as 802.1Q trunk

If connection from RF to SW2 is single cable, I'm not sure you'll be able to separate Plants in different VLANs, but is every RF has its own connection to SW2, then you can put each RF in separate VLAN.

Configure link between SW1 and SW2 as 802.1Q trunk.

Regards!
0
 

Author Comment

by:Ashish Kumar
ID: 40412982
Hi ,
Firstly thanks for comment,

Every RF has own connection to SW2, so we can put each plant to different VLAN.

Sir we can create VLAN but we are fresher so please help us to create communication between VLAN.
How to communicate between each vlan to each vlan inculding SAP server valn(which has subnet mask 255.255.255.0) without changing SAP server subnet mask.

We have SAP server also in admin building and a CAT 6 cable connect sap server and sw1 switch.

Thanks
Ashish Kumar
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412998
Inter VLAN communication can be done on CheckPoint or SW1. It depends how you want to do it.
On which subnet is SAP server?

If you have already this subnets:
192.168.4.1-254 -For Users
192.168.5.1-254 -For Server
192.168.6.1-254 -For Users
192.168.3.1-254 -For CCTV

You just need to put each subnet in different VLAN, no need to change subnet mask.
So lets say:
VLAN 4 -> 192.168.4.0/255.255.255.0
VLAN 5 -> 192.168.5.0/255.255.255.0
VLAN 6 -> 192.168.6.0/255.255.255.0
VLAN 3 -> 192.168.3.0/255.255.255.0
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Author Comment

by:Ashish Kumar
ID: 40413016
We want to make trunk using Cisco Switch rather then check point .
We can purchase a switch sw3 if required.


SAP server :

192.168.5.182
255.255.255.0

Sir can we make a vtp server using sw3.
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40413493
You don't need SW3. All can be done with CP, SW1 and SW2.
For only two switches, I don't recommend vtp configuration.

So regarding picture I attached, here is what you need to do:
- on SW1 create VLANs with IP addresses (for x,y,z use any number from 7-255.):
VLAN 3 -> 192.168.3.1/255.255.255.0
VLAN 4 -> 192.168.4.1/255.255.255.0
VLAN 5 -> 192.168.5.1/255.255.255.0
VLAN 6 -> 192.168.6.1/255.255.255.0
VLAN x -> 192.168.x.1/255.255.255.0
VLAN y -> 192.168.y.1/255.255.255.0
VLAN z -> 192.168.z.1/255.255.255.0

- on SW1 port toward SW2 configure as trunk
- on SW2 port toward SW1 configure as trunk
- on SW2 create VLANs: VLAN x, VLAN y, VLAN z
- on SW2:
- port toward RF1 put in VLAN x
- port toward RF2 put in VLAN y
- port toward RF3 put in VLAN z
- on CheckPoint add static route toward 192.168.0.0/255.255.0.0 to point to SW1 IP address (to be more precise, please send me IP of CheckPoint and SW1)
- on CheckPoint modify Anti-Spoofing on inside interface by adding network range 192.168.0.0/255.255.0.0
- on clients change default gateway to SW1 IP address in adequate  VLAN.

That should be it.
LAN.PNG
0
 

Author Comment

by:Ashish Kumar
ID: 40415025
All network range created in Check Point.
IP Address of Check Point
192.168.4.1
But we can also access firewall through by
192.168.5.1
192.168.6.1

One more question can we access any vlan host from any vlan including CCTV and SAP server VLAN.
0
 

Author Comment

by:Ashish Kumar
ID: 40415031
why you are not recommending VTP server??
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40415233
Because for only two switches it is not very useful, and you have more control and easier troubleshoot, without vtp.

Can you post interface configuration from CheckPoint and configuration of SW1 and SW2?
It will be much easier and faster to help you with those information.
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question