Solved

Network Desgin With Vlan

Posted on 2014-10-30
8
197 Views
Last Modified: 2014-10-31
Hi,
Point-1:
We have a production unit with different plants.
Plants Name
A
B
C

Point-2:
We have also a Administration building where our server room.
Where our Check Point firewall is mounted.


Point-3:
We have ISP (Airtel and Relience)


Current Network Design:
Both ISP are configure in checkpoint firewall. After that a port configure for local LAN
with 3 network range ,
192.168.4.1-254 -For Users
192.168.5.1-254 -For Server
192.168.6.1-254 -For Users
192.168.3.1-254 -For CCTV
 
And a CAT-6 cable is connected from firewall to Cisco Switch SG-300 28 Port(SW1) for LAN Network.
Our network is very slow because we dont have any VLAN in Network.All network on same subnet.

And a cable connected from a server room switch(SW1) to  in lift room switch Cisco Switch SG-300 28 Port(SW2).
After that 3 cable connected to RF(radio frequency) which are provide the internet for Plants .

And each plant have cisco unmanged switch.

We attach a file .


Please help us.
Ashish Kumar
If any query Mail to me Kumar.ashish9000@gmail.com

Thanks
scan-001.jpg
0
Comment
Question by:Ashish Kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 12

Accepted Solution

by:
Fidelius earned 500 total points
ID: 40412885
Hello,

You can reconfigure network (CheckPoint, SW1 and SW2) and put each subnet to own VLAN.
On Checkpoint configure 802.1Q trunk interface toward local LAN, and create subinterface in each VLAN.
On SW1 and SW2 create appropriate VLANs, and assign ports to it. Port toward CheckPoint configrure as 802.1Q trunk

If connection from RF to SW2 is single cable, I'm not sure you'll be able to separate Plants in different VLANs, but is every RF has its own connection to SW2, then you can put each RF in separate VLAN.

Configure link between SW1 and SW2 as 802.1Q trunk.

Regards!
0
 

Author Comment

by:Ashish Kumar
ID: 40412982
Hi ,
Firstly thanks for comment,

Every RF has own connection to SW2, so we can put each plant to different VLAN.

Sir we can create VLAN but we are fresher so please help us to create communication between VLAN.
How to communicate between each vlan to each vlan inculding SAP server valn(which has subnet mask 255.255.255.0) without changing SAP server subnet mask.

We have SAP server also in admin building and a CAT 6 cable connect sap server and sw1 switch.

Thanks
Ashish Kumar
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412998
Inter VLAN communication can be done on CheckPoint or SW1. It depends how you want to do it.
On which subnet is SAP server?

If you have already this subnets:
192.168.4.1-254 -For Users
192.168.5.1-254 -For Server
192.168.6.1-254 -For Users
192.168.3.1-254 -For CCTV

You just need to put each subnet in different VLAN, no need to change subnet mask.
So lets say:
VLAN 4 -> 192.168.4.0/255.255.255.0
VLAN 5 -> 192.168.5.0/255.255.255.0
VLAN 6 -> 192.168.6.0/255.255.255.0
VLAN 3 -> 192.168.3.0/255.255.255.0
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 

Author Comment

by:Ashish Kumar
ID: 40413016
We want to make trunk using Cisco Switch rather then check point .
We can purchase a switch sw3 if required.


SAP server :

192.168.5.182
255.255.255.0

Sir can we make a vtp server using sw3.
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40413493
You don't need SW3. All can be done with CP, SW1 and SW2.
For only two switches, I don't recommend vtp configuration.

So regarding picture I attached, here is what you need to do:
- on SW1 create VLANs with IP addresses (for x,y,z use any number from 7-255.):
VLAN 3 -> 192.168.3.1/255.255.255.0
VLAN 4 -> 192.168.4.1/255.255.255.0
VLAN 5 -> 192.168.5.1/255.255.255.0
VLAN 6 -> 192.168.6.1/255.255.255.0
VLAN x -> 192.168.x.1/255.255.255.0
VLAN y -> 192.168.y.1/255.255.255.0
VLAN z -> 192.168.z.1/255.255.255.0

- on SW1 port toward SW2 configure as trunk
- on SW2 port toward SW1 configure as trunk
- on SW2 create VLANs: VLAN x, VLAN y, VLAN z
- on SW2:
- port toward RF1 put in VLAN x
- port toward RF2 put in VLAN y
- port toward RF3 put in VLAN z
- on CheckPoint add static route toward 192.168.0.0/255.255.0.0 to point to SW1 IP address (to be more precise, please send me IP of CheckPoint and SW1)
- on CheckPoint modify Anti-Spoofing on inside interface by adding network range 192.168.0.0/255.255.0.0
- on clients change default gateway to SW1 IP address in adequate  VLAN.

That should be it.
LAN.PNG
0
 

Author Comment

by:Ashish Kumar
ID: 40415025
All network range created in Check Point.
IP Address of Check Point
192.168.4.1
But we can also access firewall through by
192.168.5.1
192.168.6.1

One more question can we access any vlan host from any vlan including CCTV and SAP server VLAN.
0
 

Author Comment

by:Ashish Kumar
ID: 40415031
why you are not recommending VTP server??
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40415233
Because for only two switches it is not very useful, and you have more control and easier troubleshoot, without vtp.

Can you post interface configuration from CheckPoint and configuration of SW1 and SW2?
It will be much easier and faster to help you with those information.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NSX Distributed Firewall 6 73
Wireshark filtering IP and port 4 73
Ms azure 2 50
Non Distrubtive Core Switch Repacement 8 41
I was at a customer and we recently set up a new DNS Server.  I asked him to ensure that all servers pointed to the new server.  140 remote servers – estimated 6 days of work to do this manually. Ever had this experience and just need to get the …
A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question