Unsolved
This post is more than 5 years old
4 Posts
0
28132
VLAN on 2716
We have a unsecure ISP connection, which have to go through 3 powerconnect 2716 switche, to get to the server, but on the 3 switches there is a lot of clients.
Then we got the idea that we could use vlan, so none of the clients where is on the 3 switche can use the unsecure connection from our ISP but only the secure connection from the server.
How can we do this, we have really tried a lot of things.
Thanks.
bh1633
909 Posts
0
June 18th, 2009 14:00
at a high level,
- pick 2 ports on each switch to be 'unsecured'. (for example ports 1 and 2)
- put these ports in a different different untagged vlan (for example vlan 100)
- set the port vlan of these 2 ports to be vlan 100 also.
- connect switches like this: internet->switch 1 port 1, switch 1 port 2-> switch 2 port 1, switch 2 port 2 -> switch 3 port 1, switch 3 port2 -> server unsecured network interface
- this will connect your unsecured internet to your server.
- you could now also connect the switches like this: switch 1 port 16 -> switch 2 port 15, switch 2 port 16 -> switch 3 port 15, switch 3 port 16 -> server SECURED network interface
- this will connect all your clients to the secure interface of the server.
- you will have to run some kind of routing firewall on your server and configure it to route between the network interfaces if the clients are going to be able to access the internet through it
coem
4 Posts
0
June 19th, 2009 00:00
Can't we get both connections on one port and then it only react on the tags.
Example.
On the first switch, there the servers lan is going in to, can't i set that port to tag with 100.
And then set the port the servers wan is going in to, to tag with 80.
Then set the these to connection to go though one port on the first switch or do i have to do it with two different ports?
bh1633
909 Posts
0
June 19th, 2009 05:00
Sure. You can use a single port to connect the switches. Here is an example using vlans 100 and 80:
- There are 2 vlans 100 for internet access, 80 for secured lan
- set switch 1 port 1 to be untagged in vlan 100 and port vlan to 100 and set switch 1 port 16 to be tagged in vlan 100 and 80, set all other ports to be untagged in vlan 80 and port vlan of 80
- on switches 2 and 3 set ports 15 and 16 to be tagged in vlans 100 and 80, set all other ports to be untagged in vlan 80 and port vlan of 80
- connect switches like this: internet->switch 1 port 1, switch 1 port 16-> switch 2 port 15, switch 2 port 16 -> switch 3 port 15, switch 3 port 16 -> server network interface.
- configure server to accept tagged packets in vlans 100 and 80.
- you will have to run some kind of routing firewall on your server and configure it to route between the vlans if the clients are going to be able to access the internet through it
coem
4 Posts
0
June 19th, 2009 06:00
Thanks for your reply, i will try it on monday.
coem
4 Posts
0
June 23rd, 2009 00:00
I have got it to work.
Thank you so much!
I just have a last question, if all my port are PVID 80/100 how do i contact the switch?
bh1633
909 Posts
0
July 6th, 2009 13:00
Unfortuanately, this switch is only manageable on vlan 1. To answer your question, you cannot change all your PVIDs to 80/100 and still be able to manage the switch. You will have to have at least one port that is a member of vlan 1 for management.