Multiple VLAN Configuration Between NETGEAR Firewalls and Switches
點擊 - 3682  |  2 個人喜歡這篇文章和覺得有幫助 KBA-410

NETGEAR - Switches  


Multiple VLAN Configuration Between NETGEAR Firewalls and Switches

Objective:  To show how you arrange Internet access for multiple VLANs

VLAN-Definition
VLANs are logical subgroups within a Local Area Network (LAN), which combine user stations, and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups. VLANs use software to reduce the amount of time it takes for network changes, additions, and moves to be implemented.

Notes when setting-up VLANs

  1. A VLAN does not have a minimum number of ports
  2. VLANs work at the OSI Layer 2
  3. A VLAN can be created per unit, device or via logical connection/combination
  4. Broadcast and Multicast traffic is transmitted only in the VLAN in which traffic is generated.
  5. To allow traffic between VLANs a device working at protocol level (Layer 3) is required

Equipment used:

  1. A router that supports Vlans. SRX5308 is used here.   FVS318N, and FVS336 also support.
  2. A Layer 2 switch  that supports Vlans. GS724T is used in the example.
  3. 2x PC's
  4. Modem with internet connection.
  5. Various Ethernet patch cables.

Objective: To show how different Vlans on a switch can access internet, but not access devices on the other Vlan. In this article, a Vlan aware router is used. InterVlan routing is not enabled.

 

http://support1.gearguy.com/useruploads/images/Paint-Topology.png

 

Set up of the SRX5308 Router

  1. On both devices, example Vlans 12 and 22 are created.
  2. The following screenshots show the Router configuration:
  3. This is the initial screenshot, with the default Vlan 1.

http://support1.gearguy.com/useruploads/images/SRX-Vlan1-1.png

 

  1. For example, you create Vlan 12 as shown. Select 'Add', and fill in as follows:

http://support1.gearguy.com/useruploads/images/Vlan12-2.png

 

  1. I have picked the 192.168.12.xx subnet for convenience. DHCP pool values are for demonstration use. Hit 'Apply' at the base of your screen. Note that I have ticked Port 1.
  2. I similarly created Vlan 22.

http://support1.gearguy.com/useruploads/images/SRX-3Vlans.png

  1. Note that 'Inter Vlan routing' is unchecked.

http://support1.gearguy.com/useruploads/images/Inter-Vlan-Routing.png

 

Switch Settings:

  1. I connected switch to Router, and plugged PC into  any of the spare ports. I chose port 20.
  2. Running 'Smart Control centre'  allowed Discovery of the Switch Management IP,  192.168.1.110 in this instance.

http://support1.gearguy.com/useruploads/images/S-Wizard-10.png

 

  1. Enter the web interface on the 192.168.1.110 address.

http://support1.gearguy.com/useruploads/images/Create-Vlan22-5.png

 

  1. Switching >> Vlan >> Basic Configuration. Enter Vlan 12 and name, and hit 'Add'. Similarly I created  Vlan 22 as shown.
  2. Next stage is port assignment.
  3. I am connecting Port 1 of Router, to Port 1 of switch. This is labeled as 'T'  for  the trunk port, as it is carrying traffic for more than one Vlan.

http://support1.gearguy.com/useruploads/images/Vlan12-ports.png

 

  1. In this example, I am assigning ports 3,4,5,6 as 'U' or untagged members of Vlan 12.
  2. Below shows that ports 10,11,12,13 are  untagged members of Vlan 22.

http://support1.gearguy.com/useruploads/images/Vlan22-ports.png

 

  1. Note that all of these untagged ports are taken out of default Vlan 1.

http://support1.gearguy.com/useruploads/images/Ports-out-of-Vlan1.png

 

  1. The next stage is to set the PVID's This means that egress packets leaving that port are tagged to that Vlan number.
  2. Again ports,3,4,5,6 are set to a PVID of 12,  and ports 10,11,12,13 have a PVID of 22.
  3. PVID does not apply to Trunk ports.

http://support1.gearguy.com/useruploads/images/PVID12.png

 

  1. Switching >> Vlan > Advanced > Port PVID Configuration
  2. Enter the new PVID value in the box at the top, and check the ports to be aligned as shown.
  3. Similarly repeat for Vlan 22, as shown.
    http://support1.gearguy.com/useruploads/images/PVISs-set.png
  4. Testing and Verification:

In the photo below, the yellow cable is linking port 1 of router to Port 1 of Switch.

Dark blue cable on left --   in port 4,goes to PC in Vlan 12.

Green cable   --   in port 10, goes to PC in Vlan 22.

Light blue cable-- to modem, on to DSL line.

Dark blue cable on right --    On Port 21 for Switch management on Vlan 1

 

http://support1.gearguy.com/useruploads/images/Cable-layout-1.png

 

  1. PC's in both Vlans can access internet.
  2. I am displaying the Ping readings from both PC's.
  3. Here is the PC in Vlan 12. It can ping the management address of Vlan 22 which is based on the router.
  4. Note that it cannot ping the PC in Vlan 22, ( 192.168.22.20).

http://support1.gearguy.com/useruploads/images/Ping-11.png

 

  1. Here is the Ping data for the other PC.

 

http://support1.gearguy.com/useruploads/images/Ping-Navy.png

 

  1. 'Color f1' is a command which changes to Navy text on a white  background.
  2. Note the same situation in reverse. The PC at 22.20 can ping the other Vlans management address (22.1 ) here, which was routed through by the SRX5308 router.
  3. The PC in the other Vlan ( 12.20 ), plugged into the same switch, in this example cannot be reached.

 

 

    更新日期: 5/3/2016 6:13:24 PM  
 
 

類似的文章

Share this article

 

標籤


Winco (Pacific) Limited      Phone: 3619-8822   Email: support@winco.com.hk