zeffan Absent Member.
Absent Member.

Re: VLAN :(

Its the feminine symbol,


Thank you, Robert Langdon.
0 Likes
adrockk Contributor.
Contributor.

Re: VLAN :(


>
> STAFF (vlan id 1) ----> Switch (layer 3) -----> Full network (internet,
> servers, printers, etc.)


So this will be on the same VLAN as everything else, right?

>
> MEDICAL (vlan id 5) ----> Switch ----> Internet, Printers


ok, internet is a seperate vlan (right?), but where are printers? in VLAN1?

>
> GUEST (vlan id 10) ----> Switch ----> Internet Only (DHCP comes from firewall
> on it's on Port.)


Do you have extra interfaces on your firewall? you could just NOT assign vlan10
an IP and put the firewall on it and let it do the routing to the internet
directly...

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: VLAN :(

Adam Gabriel wrote:
>> STAFF (vlan id 1) ----> Switch (layer 3) -----> Full network (internet,
>> servers, printers, etc.)


Yes

>
> So this will be on the same VLAN as everything else, right?
>
>> MEDICAL (vlan id 5) ----> Switch ----> Internet, Printers

>
> ok, internet is a seperate vlan (right?), but where are printers? in VLAN1?


This one may not be practical as they really end up needing all the same
resources as STAFF. My goal was just to keep the off the servers by
making the servers. For the sake of my sanity lets just forget about
this one at the moment. 😄

>
>> GUEST (vlan id 10) ----> Switch ----> Internet Only (DHCP comes from firewall
>> on it's on Port.)

>
> Do you have extra interfaces on your firewall? you could just NOT assign vlan10
> an IP and put the firewall on it and let it do the routing to the internet
> directly...


Yes. My firewall has eight ports. eth0 is connected to the dsl modem.
eth1 is connected to the 10.0.0.0/8 network and acts only as a gateway
to the internet (i think it's connected to port 45 on the switch). eth4
is connected to port 47 on the switch. eth4 has the static address of
198.168.0.1. It's also assigned to serve DHCP request for
198.168.0.0/24 and act as a gateway and dns server to the internet for
guest.

My Cisco AP's are connected on ports 1 through 11 on the same switch.
They will have the ssids STAFF mapped to VLAN 1 and GUEST mapped to VLAN 10.
0 Likes
adrockk Contributor.
Contributor.

Re: VLAN :(

OK so ports 1-11 will be in VLAN1 and VLAN10, and marked as trunks (vlan
tagging is on) you make sure the switch doesn't do routing (by not assigning an
IP to VLAN10). You could put port 12 in VLAN 10, and plug it into an extra port
on your firewall. that way the firewall does all the routing VLAN10, not the
switch itself.

make sense kinda sorta?
--



Matthew spewed:

> Adam Gabriel wrote:
> >>STAFF (vlan id 1) ----> Switch (layer 3) -----> Full network (internet,
> > > servers, printers, etc.)

>
> Yes
>
> >
> > So this will be on the same VLAN as everything else, right?
> >
> >>MEDICAL (vlan id 5) ----> Switch ----> Internet, Printers

> >
> > ok, internet is a seperate vlan (right?), but where are printers? in VLAN1?

>
> This one may not be practical as they really end up needing all the same
> resources as STAFF. My goal was just to keep the off the servers by making
> the servers. For the sake of my sanity lets just forget about this one at
> the moment. 😄
>
> >
> >>GUEST (vlan id 10) ----> Switch ----> Internet Only (DHCP comes from

> firewall
> > > on it's on Port.)

> >
> > Do you have extra interfaces on your firewall? you could just NOT assign
> > vlan10 an IP and put the firewall on it and let it do the routing to the
> > internet directly...

>
> Yes. My firewall has eight ports. eth0 is connected to the dsl modem.
> eth1 is connected to the 10.0.0.0/8 network and acts only as a gateway to the
> internet (i think it's connected to port 45 on the switch). eth4 is
> connected to port 47 on the switch. eth4 has the static address of
> 198.168.0.1. It's also assigned to serve DHCP request for 198.168.0.0/24 and
> act as a gateway and dns server to the internet for guest.
>
> My Cisco AP's are connected on ports 1 through 11 on the same switch. They
> will have the ssids STAFF mapped to VLAN 1 and GUEST mapped to VLAN 10.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: VLAN :(

Adam Gabriel wrote:
> OK so ports 1-11 will be in VLAN1 and VLAN10, and marked as trunks (vlan
> tagging is on) you make sure the switch doesn't do routing (by not assigning an
> IP to VLAN10). You could put port 12 in VLAN 10, and plug it into an extra port
> on your firewall. that way the firewall does all the routing VLAN10, not the
> switch itself.
>
> make sense kinda sorta?


There is no routing going on that I'm aware of on the switch. I'm not
overly familiar with trunking so I don't know if it's working or not.
In regards to tagging. I'm given the option of untagged or tagged for
each port under each vlan.

Port 47 is connected to the extra interface on the firewall.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.