Would this work with a managed switch

svbooga · 4 Mar 2009 at 17:28

Hi All

I havent ever been exposed to a network that required anything more than dumb switches before, but a project has come up and i am wondering if a managed switch supporting VLANS would do the job.
Currently we have space in a datacentre with a firebox firewall and seperate switches for the DMZ and trusted networks. Routing between the two is done through firewall rules. The firebox has seperate IPs for each interfaceand is the default gateway for each network.
We are going to host a customers system in the datacentre and are going to setup one of the additional firebox interfaces with a seperate network that doesnt talk to the existing DMZ and trusted interface. I was going to get another switch for this, but is this something that switch with VLANS for each network would be able to do. Say a 24-port switch with 3 VLANS of 8 ports each, with the firebox connected to each of the VLANS through its seperate interfaces. If this isnt the clearest let me know and i'll get a diagram of what i am talking about posted

. if it is a valid config then any suggestions of a suitable gigabit switch.

Thanks
Neil

the_jetsetwilly · 4 Mar 2009 at 20:20

yes

so basically you splitting the switch into 3 VLANS

just imagine each vlan is like its own little switch, they cant see each other.

you are then going to put individual cables from the firebox (i remember them shudder

)

into each vlan goes the "default gateway" for each VLAN segment.

you can get fancy and use trucks/tagging using just one interface etc but the above is a good way to start out.

if your on a tight budget maybe go for a low end 3com switch baseline plus doesnt have snmp but has web interface and can do vlans, i'll hunt up the product code should be a couple of hundered quid. 3Com® Baseline Plus Switch Family

"3Com® Baseline Switch 2924-SFP Plus" weve got a few of these one our network for about a year no problems at all lifetime warranty

Vertigo · 4 Mar 2009 at 20:37

We also use the 2924-SFP Plus and it's a cracking box for the money.

As stated above, the simplest way to think of VLANs is as if you're chopping one big switch up into several smaller ones. The key benefit over actually separate switches is that, via tagging, they can share infrastructure cabling so you can have multiple, totally separate networks running down a single wire with no chance of interference.

svbooga · 5 Mar 2009 at 08:33

Thanks for the information vertigo and jetsetwilly, thats the answer i wanted

. I didnt want to have to put three switches in so knowing each vlan will be seen as its own switch is just the ticket. Leaves more room for the servers. Thanks again!

Skidilliplop · 5 Mar 2009 at 09:44

Don't forget the management VLAN! You will need to set some ports up as tagged (i.e part of two vlans) or assign a designated port to be on the management VLAN. It's best practice not to have host device VLANs able to access the configuration interface. Especially if the devices are being accessed over the public net.
I usually use the first/last port or if it's uplinked to another switch tag the uplink and link all the management VLANs together (probably not necessary in this case.

svbooga · 5 Mar 2009 at 13:15

thanks for the headsup!