VLAN questions

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sabrefreak

Thread Starter
Joined
Jan 5, 2009
Messages
56
I'm setting up a VLAN (I've never done one before) in my office to prevent internet misuse and also to allow for better network resource management. We came up with 3 groups (each on its own switch):
VLAN 1 - no internet, no email (example)
VLAN 2 - no internet (example)
VLAN 3 - no restrictions
All VLAN's have to be able to see the server all the time, as well as all the network printers (plugged into the switches).

Currently, the "server" is actually a NAS which has worked beautifully for us (a Buffalo TeraStation). The switches in question are (2) D-Link DGS-1024D gigabits and (1) D-Link DES-1024D 10/100.
Each switch is connected to the D-Link DIR-825 Xtreme N Router (I'm not using the wireless portion of it; I have a Wireless AP downstream which works better).

I'm not attached to the hardware so if it has to be changed LMK.

So, my questions are:
1. How can I make sure that everyone sees the Buffalo?
2. Since all the literature I can find on VLAN is a decade old, do I still need secondary software or is it built into a good router?
3. Anything else, please let me know.

Thanks much, in advance
 
Joined
Jan 28, 2008
Messages
1,428
I don't get the feeling you are clear what a vlan is.

If I look at your switch here
http://www.retrevo.com/search?q=D-link+DGS-1024D&rt=sp
there is no mention of vlan support.

If I look at your router here
ftp://ftp10.dlink.com/pdfs/products/DIR-825/DIR-825_ds.pdf
there is no vlan support either. It does have VPN support but vpn and vlan are not the same.

Otherwise what you want to do is easy.
vlan1 don't include the port connecting to the gateway
vlan2 don't include the port connecting to the gateway and mail server
vlan3 includes all ports except those in vlans 1 and 2

All vlans connect to the port the Buffalo is connected to.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,476
Your hardware will not support what you're looking to do. I did a quick check with all your hardware there's not one mention of any VLAN support either port based or tagged (802.1q.) So even if you wanted to set up any VLANs for isolation/segregation, you can't with your current network gear.

As far as traffic flows between VLANs and allowing some traffic flows to work and others to be blocked, you need a firewall/router capable of apply ACLs on traffic flows. This leads to the next issue which is getting a firewall/router which can support multiple router interfaces. Your DLink router is not one. VLANs are a layer 2 protocol and as such if you need traffic to flow in and out of the VLAN, a router interface needs to exist on that VLAN.

I have a similar type setup on my home network and other customer networks I've built. My home network has 4 VLANs and traffic is routed and controlled between VLANs via a Cisco ASA 5505. Some traffic flows require specific ACL rules while others do not because of the security level principle I can assign to each router interface (traffic always flows unhindered from high to low but not the reverse.)
 

sabrefreak

Thread Starter
Joined
Jan 5, 2009
Messages
56
Thanks for the reply Wanderer2.
As I stated, I don't mind getting the hardware replaced so thank you for clarifying that.
You state "All vlans connect to the port the Buffalo is connected to"; here do mean that the Buffalo (and other network attacked devices, like printers) should be on a 4th VLAN or on a separate, unused section of a switch?

Thanks much.
 

sabrefreak

Thread Starter
Joined
Jan 5, 2009
Messages
56
Well, zx10guy, thanks for giving me a clearer idea where to start in my travels for the proper equipment. Much appreciated.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top