Re: Restart: VLAN question...




Geir Holmavatn wrote:
Bod43@xxxxxxxxxxxxx wrote:

anoop wrote:
Hi,

It looks to me as if you want:-
NO VLANS - well one on each switch
i.e. the default.

On the Domain Controller switch:-
Configure all ports except the Domain Controller as PVE
Configure the Domain Controller port as the uplink

On the Internet switch:-
In order to prevent classes talking to each other
when more than one is pluggeg into the internet
you do the same thing on the Internet switch.
i.e. Firewal port PVE
Nothing else

Done.

Can both the domain controller switch and the internet switch be
combined into one SRW2016? Domain range: Port 1-6 with uplink Port 8
and Internet range: Port 9-14 and uplink port 16? Or will this cause
unexpected side effects?

This should be fine. I am not expreienced
with this hardware though.
It is what VLANS are for and is prretty much the definition
of a VLAN.


This will allow the following.

All PCs/printers will be able to talk to the DC
No PCs will be able to talk to another class
No PCs will be able to talk to the internet
PCs within a class will be able to talk to each other.

Then you can plug in the Internet cable to class
room switches as you require.
Is that what you want?

Yeah, exactly.

However, in another forum one guy wrote:

PVE's are used between like switches to extend your VLAN topology across
your switch topology so if you had 2 or more SRW2016s, they can all be
combined to make it look like you had on really big SRW2016 that had 32
ports or more that you can then split up into separate VLANs. It does
not apply here to the specific scenario that you want a solution to.
And per the parameters that you gave, this feature does not work with
non-linksys, non-PVE capable switches, so the 2 unmanaged switches
fitting into the non-linksys, non-PVE capable catagory will not work.
This is not what the Linksys user guide says.

"PVE. For Gigabit Ethernet switches. When a port is a
Private VLAN Edge (PVE) port, it bypasses the Forwarding
Database and forwards all unicast, multicast,
and broadcast traffic to an uplink, except for MAC-to-me packets.
Uplinks can be ports or LAGs."

Who knows what MAC-to-me packets are though?



The only think left though is that you mentioned
"subnets". I think you didn't mean it.

All workstation computers, the domain controller and the router's LAN
address are on the same subnet.

I bet you have a central printer:-(((

Yes, several.
These will be OK as long as the print jobs are
going via the server.

A professional level solution to this
would be to put each PC on a different subnet and
change the firewall permissions as required to
permit/deny access.

The classes consist almost always of different students (with different
subject choices) so this will be very difficult to manage.

AS far as I can see there is no siginficant difference.
1 - Log on to firewall and activate class rule
2 - log on to switch and make class connection.


I made a typo, sorry should read
On the Domain Controller switch:-
Configure all ports except the Domain Controller as PVE
Configure the Domain Controller port as the uplink


On the Internet switch:-
In order to prevent classes talking to each other
when more than one is pluggeg into the internet
you do the same thing on the Internet switch.
i.e. Configure all ports except the Firewall as PVE
Configure the Firewall port as the uplink


One problem is scalability. You have only one server port.

You could though:-

1, 2, 3, 4, 5, 6 PVE ports VLAN 2
7 uplink port for server VLAN 2
8, 9, 10, 11 more server ports - normal ports VLAN 3

Link 7 to 8 and you will be able to plug servers into 9, 10, 11

"Wastes" 2 ports but buys you more server ports.

An external switch would of course do too.

At first I thought no way - but looks not too bad after all.

.



Relevant Pages

  • Re: Strannge situation with two SRW224G4 and one Cisco 2950-12
    ... doesn't mean the vlan has been created. ... The em1 card of the BSD is connected into trunk port g3 of the first ... LinkSys SRW224G4 switch as described at scheme. ... So I suspect that problem is in Cisco switch configuration or IOS. ...
    (comp.dcom.sys.cisco)
  • Re: 470-48T switches can I do this?
    ... My fibers are going into the core, one is on the 172.16.x.x vlan while ... All MLT port members must be ... those that are used on the core switch. ...
    (comp.dcom.sys.nortel)
  • Re: vlan without ip address
    ... on "freebsd 0 aka switch": ... ifconfig em0.10 create #em0 port is patched to the "real" switch to a trunk port configured to accept at least vlan 10 ... em1 and em2 will be on vlan 10. ... you know i have three freebsd box. ...
    (freebsd-net)
  • Strannge situation with two SRW224G4 and one Cisco 2950-12
    ... LinkSys SRW224G4 switch as described at scheme. ... forwarding via another trunk port to second SRW224G4 and then to Cisco ... vlan40 is described in VLAN DB of all three switches. ... So I suspect that problem is in Cisco switch configuration or IOS. ...
    (comp.dcom.sys.cisco)
  • Re: Restart: VLAN question...
    ... Configure all ports except the Domain Controller as PVE ... Configure the Domain Controller port as the uplink ... On the Internet switch:- ... you do the same thing on the Internet switch. ...
    (comp.dcom.lans.ethernet)