Re: Restart: VLAN question...




Geir Holmavatn wrote:
Bod43@xxxxxxxxxxxxx wrote:

anoop wrote:
Hi,

It looks to me as if you want:-
NO VLANS - well one on each switch
i.e. the default.

On the Domain Controller switch:-
Configure all ports except the Domain Controller as PVE
Configure the Domain Controller port as the uplink

On the Internet switch:-
In order to prevent classes talking to each other
when more than one is pluggeg into the internet
you do the same thing on the Internet switch.
i.e. Firewal port PVE
Nothing else

Done.

Can both the domain controller switch and the internet switch be
combined into one SRW2016? Domain range: Port 1-6 with uplink Port 8
and Internet range: Port 9-14 and uplink port 16? Or will this cause
unexpected side effects?

This should be fine. I am not expreienced
with this hardware though.
It is what VLANS are for and is prretty much the definition
of a VLAN.


This will allow the following.

All PCs/printers will be able to talk to the DC
No PCs will be able to talk to another class
No PCs will be able to talk to the internet
PCs within a class will be able to talk to each other.

Then you can plug in the Internet cable to class
room switches as you require.
Is that what you want?

Yeah, exactly.

However, in another forum one guy wrote:

PVE's are used between like switches to extend your VLAN topology across
your switch topology so if you had 2 or more SRW2016s, they can all be
combined to make it look like you had on really big SRW2016 that had 32
ports or more that you can then split up into separate VLANs. It does
not apply here to the specific scenario that you want a solution to.
And per the parameters that you gave, this feature does not work with
non-linksys, non-PVE capable switches, so the 2 unmanaged switches
fitting into the non-linksys, non-PVE capable catagory will not work.
This is not what the Linksys user guide says.

"PVE. For Gigabit Ethernet switches. When a port is a
Private VLAN Edge (PVE) port, it bypasses the Forwarding
Database and forwards all unicast, multicast,
and broadcast traffic to an uplink, except for MAC-to-me packets.
Uplinks can be ports or LAGs."

Who knows what MAC-to-me packets are though?



The only think left though is that you mentioned
"subnets". I think you didn't mean it.

All workstation computers, the domain controller and the router's LAN
address are on the same subnet.

I bet you have a central printer:-(((

Yes, several.
These will be OK as long as the print jobs are
going via the server.

A professional level solution to this
would be to put each PC on a different subnet and
change the firewall permissions as required to
permit/deny access.

The classes consist almost always of different students (with different
subject choices) so this will be very difficult to manage.

AS far as I can see there is no siginficant difference.
1 - Log on to firewall and activate class rule
2 - log on to switch and make class connection.


I made a typo, sorry should read
On the Domain Controller switch:-
Configure all ports except the Domain Controller as PVE
Configure the Domain Controller port as the uplink


On the Internet switch:-
In order to prevent classes talking to each other
when more than one is pluggeg into the internet
you do the same thing on the Internet switch.
i.e. Configure all ports except the Firewall as PVE
Configure the Firewall port as the uplink


One problem is scalability. You have only one server port.

You could though:-

1, 2, 3, 4, 5, 6 PVE ports VLAN 2
7 uplink port for server VLAN 2
8, 9, 10, 11 more server ports - normal ports VLAN 3

Link 7 to 8 and you will be able to plug servers into 9, 10, 11

"Wastes" 2 ports but buys you more server ports.

An external switch would of course do too.

At first I thought no way - but looks not too bad after all.

.