Ask Experts Questions for FREE Help !
Ask
    xxxx77024's Avatar
    xxxx77024 Posts: 4, Reputation: 1
    New Member
     
    #1

    Jun 17, 2008, 07:28 AM
    Create vlan - layer 3 and layer 2
    This is what I have
    Firewall (ISA) connected to GSM 7312(layer 3 switch)
    On GSM 7312(layer 3 switch):
    Port1 – 192.168.50.1 connected to firewall
    Port 2 – 192.168.60.1 connected to a 5 port Linksys switch
    Port 3 – 192.168.59.1 connected to a 5 port Linksys switch
    Port 4 – 192.168.0.1 connected to a 5 port Linksys switch
    Port 5 – 192.168.61.1 connected to a 5 port Linksys switch
    I want to get rid of those 5 port switches. I got a layer 2 switch GSM7248 which I want to connect it to the GSM7312 and create vlan


    Thank you
    chuckhole's Avatar
    chuckhole Posts: 850, Reputation: 45
    Senior Member
     
    #2

    Jun 17, 2008, 03:03 PM
    Are you running a 16-bit or 24-bit subnet?

    VLANs are generally created to compartmentalize your network for application traffic such as computers and VOIP. Another reason would be to isolate specific areas for security reasons. What is your goal? What are your reasons for creating these logical network segments?
    xxxx77024's Avatar
    xxxx77024 Posts: 4, Reputation: 1
    New Member
     
    #3

    Jun 17, 2008, 04:46 PM
    I have 24-bit subnet.
    I like to connect the servers to one vlan and users to another vlan and so on..
    So I can say both to manage the traffic and security.
    chuckhole's Avatar
    chuckhole Posts: 850, Reputation: 45
    Senior Member
     
    #4

    Jun 18, 2008, 11:27 AM
    Since they are all on a separate network ID, you will have to set up VLAN routes.

    If you have enough ports in your Layer 3 switch, you can group your ports into VLANS. Do not use the default VLAN0. Create new VLANS for each port grouping.

    For example:
    Port 1 is a monitoring port set to VLAN0
    Ports 2-6 is VLAN1 - IP 192.168.0.1/24
    Ports 7-11 is VLAN2 - IP 192.168.50.1/24
    Ports 12-16 is VLAN3 - IP 192.168.59.1/24
    Ports 17-21 is VLAN4 - IP 192.168.60.1/24
    Ports 22-26 is VLAN5 - IP 192.168.61.1/24
    xxxx77024's Avatar
    xxxx77024 Posts: 4, Reputation: 1
    New Member
     
    #5

    Jun 18, 2008, 12:07 PM
    Thank you for your help so far.

    My layer 3 has 12 ports and my layer 2 has 48 ports. What about the configuration on the layer 2?
    chuckhole's Avatar
    chuckhole Posts: 850, Reputation: 45
    Senior Member
     
    #6

    Jun 22, 2008, 02:24 PM
    Your Layer 3 switch can perform the routing between VLANs for the Layer 2 switch. It is likely that your L2 switch can only bridge the connections and can not perform routing so the L3 switch will act as a "one arm router" for the VLANs instead of having to use a router. Also, it is likely that the L2 switch will not recognize VLAN tags but this should not be a problem. As a general rule, you will want to enable STP (Spanning Tree Protocol) on all switches. Your L2 switch should support this.

    You also mentioned the use of an ISA Server. Are you using a dual NIC setup on this box? One for the LAN and the other for the ISP's dirty side of the network? If so, take a look at the TCP/IP configuration on the NIC connected to the DMZ. Make sure you have disabled Microsoft Networking, File and Print Sharing, DDNS registrations and NetBIOS.

    You may need to add persistent static routes on the ISA server for each of the network ID's since a gateway address is not used on the LAN NIC configuration. This will also help when configuring the Local Networks in the ISA configuration. It will need to be aware of all of your internal network ID's if you are using Windows Proxy Auto-Discovery (WPAD) and have configured a WPAD entry for either DHCP or DNS. This allows you to set the ISA Firewall Client to auto-configure your client browser settings.

    Your ISA Server should be also be running DNS as a DNS cache server. The DNS should be configured to forward all non-local domain requests out to your ISP's DNS server and the external NIC should not be configured for DNS. Also, the NIC on the LAN should be configured to point to itself for DNS and your Active Directory DNS servers use the ISA Server DNS as the forwarder. You can add the AD DNS domains as Secondary Zones that get their copies from your internal DNS servers. For more information on setting up WPAD or DNS on ISA Server, refer to some very helpful articles on Microsoft ISA Server Firewall Resource Site: Articles & Tutorials.
    xxxx77024's Avatar
    xxxx77024 Posts: 4, Reputation: 1
    New Member
     
    #7

    Jun 24, 2008, 09:15 AM
    Thank you for the information

Not your question? Ask your question View similar questions

 

Question Tools Search this Question
Search this Question:

Advanced Search

Add your answer here.


Check out some similar questions!

Can I layer my own hair? [ 5 Answers ]

I have dead straight hair. It looks really boring, I wanted to know if it is possible to layer my own hair. Do I have to go to a hair salon to get it layered? If I can do it myself, how do I layer my hair?:confused:

Installing 3rd layer of linolium [ 1 Answers ]

Is it OK to install a 3rd layer of linolium on top of the 2 old ones?

Lemon layer pudding [ 2 Answers ]

I just had to share this with you guys ben bought lemons last week for no apparent reason and I couldn't think what to do with them until this afternoon when I was thinking about my nanna and what she would do and bam lemon layer pudding I'm drooling at the thought of it and will be making a batch...

Inter Vlan Using Layer 3 Switch [ 1 Answers ]

I am a network administrator, I have a three Cisco layer2 switches and 2 vlan assigned in the switches I use to inter vlan between them using my firewall but now I have a new layer 3 foundry switch and I have to use it to inter VLAN between the vlan in the other cisco switches, I was searching in...

Layer cutting hair [ 1 Answers ]

Hi, Please give instructions on layer cutting hair. Thanks!


View more questions Search