Firewall/router:
port 1: connected to internet on vlan 300
port 2: connected to 2724 on vlan 100 and 200
2724:
port 1 connected to Firewall on VLAN 100 and 200 (Tagged)
port 2 connected to local lan on VLAN 200 (untagged)
port 3 connected to 2716 on vlan 100 and 200 (Tagged)
2716:
port 1: connected to DMZ computer on vlan 100 (untagged)
port 2: connected to local lan on VLAN 200 (untagged)
port 3: connected to 2724 on vlan 100 and 200 (Tagged)
Then I would suggest:
FIrewall:
- port 1: configure DMZ bound traffic to be put on VLAN 100
- port 2: configure to be member of vlan 100 and 200 and tag both
2724:
- VLAN Membership page:
o create vlan 100
o add ports 1 and 3 as tagged (T) to vlan 100
o create vlan 200
o add port 2 as untagged (U) and port 3 as tagged (T) to vlan 200
- VLAN Port Settings:
o change port 1 and 3 PVID to 4095 (drop all untagged)
o change port 2 PVID to 200 (all untagged go to vlan 200)
2716:
- VLAN Membership page:
o create vlan 100
o add port 1 as untagged (u) and port 3 as tagged (T) to vlan 100
o create vlan 200
o add port 2 as untagged (U) and port 3 as tagged (T) to vlan 200
- VLAN Port Settings:
o change port 1 PVID to 100 (all untagged go to vlan 100)
o change port 2 PVID to 200 (all untagged go to vlan 200)
o change port 3 PVID to 4095 (drop all untagged)
If you set the PVID to 1 on the ports of each switch between the switches, this will add vlan 1 to these ports and allow you to manage the switches without being drectly connected.
Thanks for the help. I think I understand everything except I still have one quetions. Since I am using 27XX, I can only access the webadmin thru VLAN1. Since my main network is on 200 and my DMZ is on 100, I will not be able to acces the webadmin from my network. I would have to plug a laptop into a an open port that was part of VLAN1. Correct? VLAN1 cannot be share ports with any other VLANs?
If I change the PVID from 4095 to 1 on the connections between the switches and change it to allow all, I will then be able to access the other switches remotely once I plug into the open VLAN1 port on my main switch.
bh1633
909 Posts
0
April 4th, 2007 20:00
port 1: connected to internet on vlan 300
port 2: connected to 2724 on vlan 100 and 200
port 1 connected to Firewall on VLAN 100 and 200 (Tagged)
port 2 connected to local lan on VLAN 200 (untagged)
port 3 connected to 2716 on vlan 100 and 200 (Tagged)
port 1: connected to DMZ computer on vlan 100 (untagged)
port 2: connected to local lan on VLAN 200 (untagged)
port 3: connected to 2724 on vlan 100 and 200 (Tagged)
Then I would suggest:
FIrewall:
- port 1: configure DMZ bound traffic to be put on VLAN 100
- port 2: configure to be member of vlan 100 and 200 and tag both
- VLAN Membership page:
o create vlan 100
o add ports 1 and 3 as tagged (T) to vlan 100
o create vlan 200
o add port 2 as untagged (U) and port 3 as tagged (T) to vlan 200
- VLAN Port Settings:
o change port 1 and 3 PVID to 4095 (drop all untagged)
o change port 2 PVID to 200 (all untagged go to vlan 200)
- VLAN Membership page:
o create vlan 100
o add port 1 as untagged (u) and port 3 as tagged (T) to vlan 100
o create vlan 200
o add port 2 as untagged (U) and port 3 as tagged (T) to vlan 200
- VLAN Port Settings:
o change port 1 PVID to 100 (all untagged go to vlan 100)
o change port 2 PVID to 200 (all untagged go to vlan 200)
o change port 3 PVID to 4095 (drop all untagged)
bh1633
909 Posts
0
April 5th, 2007 13:00
jeslpc
4 Posts
0
April 5th, 2007 13:00
If I change the PVID from 4095 to 1 on the connections between the switches and change it to allow all, I will then be able to access the other switches remotely once I plug into the open VLAN1 port on my main switch.
Thanks
Message Edited by jeslpc on 04-05-2007 09:14 AM