Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

VLAN Network Segregation

Options
  • 19-10-2009 5:11pm
    #1
    sicruise
    Registered Users Posts: 378 ✭✭


    Hi,

    Basically the end result that I want here is separate Web / App / DB networks and only can communicate with each other through NAT.

    I have 5 machines
    e.g.

    web1 - 192.168.2.2
    web2 - 192.168.2.3

    app1 - 192.168.3.2
    app2 - 192.168.3.3

    db1 - 192.168.4.2

    My firewall is a DFL-800 from D-Link. On this I have set up 3 vlan interfaces with the corresponding settings

    web_vlan_ip - 192.168.2.1
    web_vlan_net - 192.168.2.0/24
    VLAN ID - 2

    app_vlan_ip - 192.168.3.1
    app_vlan_net - 192.168.3.0/24
    VLAN ID - 3

    db_vlan_ip - 192.168.4.1
    db_vlan_net - 192.168.4.0/24
    VLAN ID - 4

    On my switch a DELL PowerConnect 3524 I have the 3 above VLAN ID's set up

    web is on e3/e4 with settings U (Untagged)
    app is on e5/e6 with settings U (Untagged)
    db is on e7 with settings U

    The firewall comes in on e1 and I have tried setting this as trunk but it doesn't work.

    Servers on each VLAN can see each other on the switch no problem. How do I get the servers to communicate with the firewall, I have tried most logical approaches that I can think of but have had no luck.

    I even tried adding extra ports to VLAN and connecting directly to router and it doesn't work.


Comments

  • Options
    #2
    FruitLover
    Registered Users Posts: 2,534 ✭✭✭FruitLover


    I'm not familiar with the equipment above, but it sounds like you're doing the right things. Assuming the firewall has a single physical internal port, you should configure a trunk link between it and the switch (i.e. make sure the firewall port is trunking as well, not just the switch eth1 port). You'll be using 802.1q for tagging; double-check that both devices support this (if they support trunking, they should).


  • Options
    #3
    sicruise
    Registered Users Posts: 378 ✭✭sicruise


    Thanks for that, turns out I had it set up correctly alright just my ip rules were mixed up on the firewall. Thanks for the confidence boost


Advertisement