| Author |
Message |
Lucas Tam
Guest
|
 Posted:
Mon Oct 17, 2005 4:20 pm Post subject:
Help: Low-Cost Switch with VLAN routing / LAN Segmentation? |
|
|
Hi All,
We have a SonicWall 3060 Firewall with Zone support (Port-based LAN
segmentation) and we like to connect a switch to this firewall. Zones on
the firewall allow filtering of database between subnets - and this is very
important for us.
We like to use one switch to handle all the subnets.
Are there any switches that support LAN segmentation by port? (i.e. Port 1
- 12 = 192.168.1.x, Ports 13 - 24 = 192.168.2.x?). Ideally we like to
segment the switch phyiscally (i.e. split a switch in 2, 3, etc?).
Unfortunately our firewall doesn't support VLANs... Can switches do VLAN
routing on their own?
Any suggestions on what switch to buy?
Thanks!
--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
Newmarket Volvo Sucks! http://newmarketvolvo.tripod.com |
|
| Back to top |
|
 |
Walter Roberson
Guest
|
| Posted:
Mon Oct 17, 2005 7:51 pm Post subject:
Re: Help: Low-Cost Switch with VLAN routing / LAN Segmentati |
|
|
In article <dj0tfi$g3g@harn.ceas.rochester.edu>,
Jim Prescott <jgp@harn.ceas.rochester.edu> wrote:
:I'm pretty sure that any switch that supports VLANs will support port
:based VLANs. The other ways of assigning VLANs are more advanced
:features and will require a higher-end switch.
Possible exception: Cisco Cat2900XL (or some model nearish there).
There are a few old Cisco switch + software versions that support VLAN
Trunking but not assignment of VLANs to ports. [I never did figure out
what good this feature limitation would do you...]
But for anything built within recent years that supports VLANs, Yes,
I too would -expect- port-based VLANs.
--
Programming is what happens while you're busy making other plans. |
|
| Back to top |
|
|
Jim Prescott
Guest
|
| Posted:
Tue Oct 18, 2005 12:19 am Post subject:
Re: Help: Low-Cost Switch with VLAN routing / LAN Segmentati |
|
|
In article <Xns96F270A768497nntprogerscom@127.0.0.1>,
Lucas Tam <REMOVEnntp@rogers.com> wrote:
| Quote: | Are there any switches that support LAN segmentation by port? (i.e. Port 1
- 12 = 192.168.1.x, Ports 13 - 24 = 192.168.2.x?). Ideally we like to
segment the switch phyiscally (i.e. split a switch in 2, 3, etc?).
|
I'm pretty sure that any switch that supports VLANs will support port
based VLANs. The other ways of assigning VLANs are more advanced
features and will require a higher-end switch.
| Quote: | Unfortunately our firewall doesn't support VLANs... Can switches do VLAN
routing on their own?
|
A simple switch cannot route traffic between VLANs but you would be
using your Sonicwall to do that. I think the latest SonicOS does
support VLANs, but this is really only helpful if you want to do
multiple Zones per interface.
Setup a VLAN for each Zone. Each VLAN will have one port which will be
connected to that Zone's interface and other ports to connect to the
users you want in that Zone. If you need to move a user from one Zone
to another you just change the VLAN their port is associated with.
We use 3Com 4200 series switches for this but any VLAN aware switch
should work.
Note that while VLANs can make a single switch appear as several
distinct switches, their focus isn't security. The VLAN separation
inside a switch isn't nearly as secure from attack as actually using
separate switches would be. Closed VLANs are slightly more secure than
Open VLANs, but it may be that neither are secure enough for your needs.
--
Jim Prescott - Computing and Networking Group jgp@seas.rochester.edu
School of Engineering and Applied Sciences, University of Rochester, NY |
|
| Back to top |
|
|
Lucas Tam
Guest
|
| Posted:
Tue Oct 18, 2005 2:20 am Post subject:
Re: Help: Low-Cost Switch with VLAN routing / LAN Segmentati |
|
|
roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in news:dj0vbv$g7l$1
@canopus.cc.umanitoba.ca:
| Quote: | But for anything built within recent years that supports VLANs, Yes,
I too would -expect- port-based VLANs.
|
Thanks for clearing this up! That's the feature I want - Port-based VLANs
rather than 802.1q VLANs.
It seeme that most makers only talk about 802.1Q VLANs and they rarely
mention port-based VLANs. I guess it's such a standard feature that it's
not worth mentioning?
In anycase, thanks for clarifying it for me!
--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
Newmarket Volvo Sucks! http://newmarketvolvo.tripod.com |
|
| Back to top |
|
|
anoop
Guest
|
| Posted:
Tue Oct 18, 2005 3:48 am Post subject:
Re: Help: Low-Cost Switch with VLAN routing / LAN Segmentati |
|
|
Lucas Tam wrote:
| Quote: | Thanks for clearing this up! That's the feature I want - Port-based VLANs
rather than 802.1q VLANs.
|
802.1Q VLANs _are_ port-based. Additionally, the VLAN for untagged
frames
may also be inferred from protocol type in the Ethertype or SNAP
headers.
When the manufacturer of switch says it does 802.1Q VLANs, it is safe
to assume they do port-based VLANs or they are in violation of the
standard.
Anoop |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in