Hi All,
We have a SonicWall 3060 Firewall with Zone support (Port-based LAN
segmentation) and we like to connect a switch to this firewall. Zones on
the firewall allow filtering of database between subnets - and this is very
important for us.
We like to use one switch to handle all the subnets.
Are there any switches that support LAN segmentation by port? (i.e. Port 1
- 12 = 192.168.1.x, Ports 13 - 24 = 192.168.2.x?). Ideally we like to
segment the switch phyiscally (i.e. split a switch in 2, 3, etc?).
Unfortunately our firewall doesn't support VLANs... Can switches do VLAN
routing on their own?
Any suggestions on what switch to buy?
Thanks!
--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
Newmarket Volvo Sucks! http://newmarketvolvo.tripod.com
DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
Help: Low-Cost Switch with VLAN routing / LAN Segmentation?
5 posts
• Page 1 of 1
Help: Low-Cost Switch with VLAN routing / LAN Segmentation?
by Lucas Tam » Mon Oct 17, 2005 11:20 am
- Lucas Tam
Re: Help: Low-Cost Switch with VLAN routing / LAN Segmentati
by Walter Roberson » Mon Oct 17, 2005 2:51 pm
In article <dj0tfi$g3g@harn.ceas.rochester.edu>,
Jim Prescott <jgp@harn.ceas.rochester.edu> wrote:
:I'm pretty sure that any switch that supports VLANs will support port
:based VLANs. The other ways of assigning VLANs are more advanced
:features and will require a higher-end switch.
Possible exception: Cisco Cat2900XL (or some model nearish there).
There are a few old Cisco switch + software versions that support VLAN
Trunking but not assignment of VLANs to ports. [I never did figure out
what good this feature limitation would do you...]
But for anything built within recent years that supports VLANs, Yes,
I too would -expect- port-based VLANs.
--
Programming is what happens while you're busy making other plans.
Jim Prescott <jgp@harn.ceas.rochester.edu> wrote:
:I'm pretty sure that any switch that supports VLANs will support port
:based VLANs. The other ways of assigning VLANs are more advanced
:features and will require a higher-end switch.
Possible exception: Cisco Cat2900XL (or some model nearish there).
There are a few old Cisco switch + software versions that support VLAN
Trunking but not assignment of VLANs to ports. [I never did figure out
what good this feature limitation would do you...]
But for anything built within recent years that supports VLANs, Yes,
I too would -expect- port-based VLANs.
--
Programming is what happens while you're busy making other plans.
- Walter Roberson
Re: Help: Low-Cost Switch with VLAN routing / LAN Segmentati
by Jim Prescott » Mon Oct 17, 2005 7:19 pm
In article <Xns96F270A768497nntprogerscom@127.0.0.1>,
Lucas Tam <REMOVEnntp@rogers.com> wrote:
I'm pretty sure that any switch that supports VLANs will support port
based VLANs. The other ways of assigning VLANs are more advanced
features and will require a higher-end switch.
A simple switch cannot route traffic between VLANs but you would be
using your Sonicwall to do that. I think the latest SonicOS does
support VLANs, but this is really only helpful if you want to do
multiple Zones per interface.
Setup a VLAN for each Zone. Each VLAN will have one port which will be
connected to that Zone's interface and other ports to connect to the
users you want in that Zone. If you need to move a user from one Zone
to another you just change the VLAN their port is associated with.
We use 3Com 4200 series switches for this but any VLAN aware switch
should work.
Note that while VLANs can make a single switch appear as several
distinct switches, their focus isn't security. The VLAN separation
inside a switch isn't nearly as secure from attack as actually using
separate switches would be. Closed VLANs are slightly more secure than
Open VLANs, but it may be that neither are secure enough for your needs.
--
Jim Prescott - Computing and Networking Group jgp@seas.rochester.edu
School of Engineering and Applied Sciences, University of Rochester, NY
Lucas Tam <REMOVEnntp@rogers.com> wrote:
Are there any switches that support LAN segmentation by port? (i.e. Port 1
- 12 = 192.168.1.x, Ports 13 - 24 = 192.168.2.x?). Ideally we like to
segment the switch phyiscally (i.e. split a switch in 2, 3, etc?).
I'm pretty sure that any switch that supports VLANs will support port
based VLANs. The other ways of assigning VLANs are more advanced
features and will require a higher-end switch.
Unfortunately our firewall doesn't support VLANs... Can switches do VLAN
routing on their own?
A simple switch cannot route traffic between VLANs but you would be
using your Sonicwall to do that. I think the latest SonicOS does
support VLANs, but this is really only helpful if you want to do
multiple Zones per interface.
Setup a VLAN for each Zone. Each VLAN will have one port which will be
connected to that Zone's interface and other ports to connect to the
users you want in that Zone. If you need to move a user from one Zone
to another you just change the VLAN their port is associated with.
We use 3Com 4200 series switches for this but any VLAN aware switch
should work.
Note that while VLANs can make a single switch appear as several
distinct switches, their focus isn't security. The VLAN separation
inside a switch isn't nearly as secure from attack as actually using
separate switches would be. Closed VLANs are slightly more secure than
Open VLANs, but it may be that neither are secure enough for your needs.
--
Jim Prescott - Computing and Networking Group jgp@seas.rochester.edu
School of Engineering and Applied Sciences, University of Rochester, NY
- Jim Prescott
Re: Help: Low-Cost Switch with VLAN routing / LAN Segmentati
by Lucas Tam » Mon Oct 17, 2005 9:20 pm
roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in news:dj0vbv$g7l$1
@canopus.cc.umanitoba.ca:
Thanks for clearing this up! That's the feature I want - Port-based VLANs
rather than 802.1q VLANs.
It seeme that most makers only talk about 802.1Q VLANs and they rarely
mention port-based VLANs. I guess it's such a standard feature that it's
not worth mentioning?
In anycase, thanks for clarifying it for me!
--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
Newmarket Volvo Sucks! http://newmarketvolvo.tripod.com
@canopus.cc.umanitoba.ca:
But for anything built within recent years that supports VLANs, Yes,
I too would -expect- port-based VLANs.
Thanks for clearing this up! That's the feature I want - Port-based VLANs
rather than 802.1q VLANs.
It seeme that most makers only talk about 802.1Q VLANs and they rarely
mention port-based VLANs. I guess it's such a standard feature that it's
not worth mentioning?
In anycase, thanks for clarifying it for me!
--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
Newmarket Volvo Sucks! http://newmarketvolvo.tripod.com
- Lucas Tam
Re: Help: Low-Cost Switch with VLAN routing / LAN Segmentati
by anoop » Mon Oct 17, 2005 10:48 pm
Lucas Tam wrote:
802.1Q VLANs _are_ port-based. Additionally, the VLAN for untagged
frames
may also be inferred from protocol type in the Ethertype or SNAP
headers.
When the manufacturer of switch says it does 802.1Q VLANs, it is safe
to assume they do port-based VLANs or they are in violation of the
standard.
Anoop
Thanks for clearing this up! That's the feature I want - Port-based VLANs
rather than 802.1q VLANs.
802.1Q VLANs _are_ port-based. Additionally, the VLAN for untagged
frames
may also be inferred from protocol type in the Ethertype or SNAP
headers.
When the manufacturer of switch says it does 802.1Q VLANs, it is safe
to assume they do port-based VLANs or they are in violation of the
standard.
Anoop
- anoop
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests