Jump to content



Photo

Switch VLANing issue.


  • Please log in to reply
67 replies to this topic

#61 +PeterUK

PeterUK

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 26-March 07

Posted 22 February 2013 - 16:35

Route or bridge your still crossing over a VLAN if thats what the OP wants do that.


#62 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 22 February 2013 - 16:51

They are completely different.. Your vlans would normally be on completely different L3 (ip) address space, so bridging traffic would most likely not even work.

Bridging is L2 and routing is L3 - why would you bridge in his setup??

Now if for some odd reason his vlans were using the same IP space, then sure you could bridge the traffic.. BUT would be the point - if he was going to do that, then he might as well just put them on the same vlan.

#63 +PeterUK

PeterUK

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 26-March 07

Posted 22 February 2013 - 20:42

I never wanted the OP to do bridge I only put that in to keep sc302 happy or we go off on “server 1 can be on vlan2 and workstations can be on vlan5, vlan2 can access vlan5 and vice versa.” again which fine you can do that with bridging/routing.

All I said was:
Any computer or server needing to access each other needs to be on the same VLAN.
Any computer or server not needing to access each other can be put in a different VLAN.

And pages later we are here I was just trying to make it simple for the OP.

#64 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 23
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 22 February 2013 - 20:55

If you are going to drag me into this again....

they do not need to be in the same vlan to have access to each other. You create a rule in the switch to deny access. all vlans, by default in a layer3 switch, have access to eachother if they are routable...how do you make one routable you may ask, give the vlan an IP address. You need to create a rule to deny access from 1 vlan to another, that is it...it is that simple.

and just so we are all on the same page:

maybe you guys think too deep into the secureness ....

my approach is toward internal staff and guess.

yes i know there are certain attack that are able to penetrate vlans but tat is not what i am looking for.

my question is sort of simple, creating multiple vlans on a single switch(layer 3) that house staff,servers and guess connection.

what i want to achieve is that, servers are in 1 vlan and staff in 1 vlan and guess in 1 vlan
sort of some isolation where broadcasting will not be seen in either of them.


or should them be on seperate switch each with its own vlan.

which approach is better.



and incase you don't know wtf a layer 3 switch is,
http://compnetworkin...er3switches.htm
"A Layer 3 switch is a high-performance device for network routing. Layer 3 switches actually differ very little from routers. A Layer 3 switch can support the same routing protocols as network routers do. Both inspect incoming packets and make dynamic routing decisions based on the source and destination addresses inside. Both types of boxes share a similar appearance."

#65 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 22 February 2013 - 20:55

"Any computer or server needing to access each other needs to be on the same VLAN."

This would only be true if there was no routing available.. What kind of network would it be if there was no routing between segments? I would never in a million years think that showing me a network with multiple segments was not routing between them.

And the OP clearly stated

1 of them is a file server which store office files...
the 20 office computer has are able to read/write to a certain directory (eg . Office Doc) in D: drive

So clearly he is routing between the vlans..

#66 Original Poster

Original Poster

    C++ n00b

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7, backtrack 5, OSx 10.6

Posted 22 February 2013 - 21:07

ok..i will go into more details,


to give any information I would need to see your running config ? I am not great in setting up networks, but making them as tight as a butt hole is something i am good at

#67 +PeterUK

PeterUK

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 26-March 07

Posted 22 February 2013 - 22:27

And the OP clearly stated

1 of them is a file server which store office files...
the 20 office computer has are able to read/write to a certain directory (eg . Office Doc) in D: drive

So clearly he is routing between the vlans..

No we don't look at what the OP posted here:
http://www.neowin.ne...#entry595531010
One of the servers is on VLAN 2 with x20 Office PC so clearly no one knows what the OP needs.

#68 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 23 February 2013 - 05:51

I agree, but wtf would you have 4 server nobody gets too. And the guest wireless can go nowhere? Just talk amongst themselves.

The network would be pointless -- again why would you think there is no routing on a network?



Click here to login or here to register to remove this ad, it's free!