VLAN Network Segregation

sicruise

Hi,

Basically the end result that I want here is separate Web / App / DB networks and only can communicate with each other through NAT.

I have 5 machines
e.g.

web1 - 192.168.2.2
web2 - 192.168.2.3

app1 - 192.168.3.2
app2 - 192.168.3.3

db1 - 192.168.4.2

My firewall is a DFL-800 from D-Link. On this I have set up 3 vlan interfaces with the corresponding settings

web_vlan_ip - 192.168.2.1
web_vlan_net - 192.168.2.0/24
VLAN ID - 2

app_vlan_ip - 192.168.3.1
app_vlan_net - 192.168.3.0/24
VLAN ID - 3

db_vlan_ip - 192.168.4.1
db_vlan_net - 192.168.4.0/24
VLAN ID - 4

On my switch a DELL PowerConnect 3524 I have the 3 above VLAN ID's set up

web is on e3/e4 with settings U (Untagged)
app is on e5/e6 with settings U (Untagged)
db is on e7 with settings U

The firewall comes in on e1 and I have tried setting this as trunk but it doesn't work.

Servers on each VLAN can see each other on the switch no problem. How do I get the servers to communicate with the firewall, I have tried most logical approaches that I can think of but have had no luck.

I even tried adding extra ports to VLAN and connecting directly to router and it doesn't work.

FruitLover

I'm not familiar with the equipment above, but it sounds like you're doing the right things. Assuming the firewall has a single physical internal port, you should configure a trunk link between it and the switch (i.e. make sure the firewall port is trunking as well, not just the switch eth1 port). You'll be using 802.1q for tagging; double-check that both devices support this (if they support trunking, they should).

sicruise

Thanks for that, turns out I had it set up correctly alright just my ip rules were mixed up on the firewall. Thanks for the confidence boost