Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

jantypas

15 Posts

7336

March 4th, 2007 14:00

Basic VLAN question about PowerConnect switches

I THINK this will work, but....
 
I'm trying to set up an office networking environment.  I have the following equipment:
 
- Several Dell 390 workstations on a private LAN (10.0.0.0/24)
- One internet connection (5 static IPs) from DSL
- A backup Internet connection (5 static IPs) from Cable
- Two Powerconnect web managed switches (8, 24 port)
- One 390 running Gentoo Linux which will serve as the main firewall etc.
- One wireless AP (Netgear WAG102) with VLAN support
 
What I want is this:
 
--- Private LAN ----- PowerConnect24---390Router--- PowerConnect8---DSL Bridge
                                                                                                   |-------------Cable Modem,
                                                                                                   |-------------Wireless AP
 
Would the steps be something like this:
 
1. Set up all the workstations on a private LAN space, no VLANs
2. Have the Powerconnect24 serve as the general switch (no VLANs)
3. On one ethernet interface on the router, connect to the Powerconnect24 (no VLAN)
4. Apply appropriate LAN firewall rules
5. On the exterior interface on the router, make three VLANs
       a. Vlan100 (DSL)
       b. Vlan110 (Cable)
       c  Vlan120 (WAG102)
6. Tell the PoweConnect 8 that Port 1 has VLAN 1, no ingress filter, no tagging
7  Connect the interface above to this port.  It should receive everything from anywhere
8  On port 2, apply Vlan 100 egress tagging?  (I'm trying to get everything the DSL modem sends into the switch to carry tag 100)
9. On port 3, apply Vlan 110 egress tagging?  (Cable modem packets should now be tagged with 110)
10 On port4, apply Vlan 120, WAG 102 packets should be tagged with 120
 
In theory:
 
1. Any packets FROM the DSL modem entering port 2, will be tagged with VLAN tag 100.
2. Any packets FROM the Cable modem will be tagged with VLAN tag 110
3. Any packets FROM the WAG102 will be tagged with VLAN tag 120
   (These tags will also be removed appropriately in the reverse direction)
4 All of these tagged packets will flow to port 1
5. On port 1, a VLAN interface from the 390 will pick up these packets
6 Since the interface has three VLANs on it, Linux will now route appropriate
7 Since each VLAN has its own IP address and firewall rules, it's as if I had three external interface cards in the machine.
 
Will this work?

jantypas

15 Posts

March 4th, 2007 15:00

What I'm hoping to get:
 
1. A single external ethernet interface on the 390 rathing than trying to find multiport ethernet cards
2. Any packets from one of the external devices are tagged, and de-tagged as needed as the DSL modem and Cable modem have no idea what a VLAN is.
3. On the Linux side, that interface supports VLANs so it's port should just leave them alone.

Was this post helpful?

View All

No Events found!

Top