Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: D-Link, 3COM and manageable switches

D-Link, 3COM and manageable switches 8 years 4 months ago #26970

  • zarnick
  • zarnick's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Hello, I have some questions about this 3 things (which of course are related)
1st)What's the best manageable 24 port switch, from D-Link or 3COM? I always used D-Link, but only unmanageable switches...
2nd)I'm planing on make the use of a manageable switch to attach some switches in it (unmanageable) so that every computer attached to one switch, can have a different netmask, assigned via DHCP, this is possible to make with a manageable switch right? Here's a little ASCII draw about what I want to make:

[ Manageable Switch ]
|| || ||
[Switch1] [Switch2] [Switch3]
(10.0.0.1/29) (10.0.0.15/28) (10.0.0.32/27)

I'm not going crazy saying that this is possible right? (we currently have a W2k3 server assigning IPs via DHCP, but since we have only one nic going to the UNmanageable switch, all I can do is put all the ips under the same netmask, or assign fixed ips via MAC address)

Thanks a lot (this is kinda urgente).
The administrator has disabled public write access.

Re: D-Link, 3COM and manageable switches 8 years 4 months ago #26972

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Hi zarnick,

If your manageable switch supports VLANs you certianly can assign different masks and network addresses for each unmanageable switch LAN. Thats by defining 3 VLANs in your Man. switch then defining each port connected to each Un-man. switch to be part of one of those VLANs. Offcourse, you need a router connected to your Man. switch to route between the VLANs. (unless your Man. is a layer 3 switch that can do routing)

Still, your problem with the DHCP server will remain since DHCP broadcasts don't get routed across VLANs. You need some thing called a "DHCP agent" on the two other VLAN (the ones that are not connected to the DHCP nic) to enable it to work.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: D-Link, 3COM and manageable switches 8 years 4 months ago #26973

  • Vell
  • Vell's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
solo you are absolutely right!!!

Hi Zarnick,

If DHCP clients and DHCP server are in different network/vlan,
then you need to DHCP relay agent to switch the packets
to the server.
The administrator has disabled public write access.

Re: D-Link, 3COM and manageable switches 8 years 4 months ago #26974

  • zarnick
  • zarnick's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Thanks guys, I was actually discussing this with some folks over IRC, and we reached out for this solution, please tell me what you think about it

Problem:
I need 4 different LANs attached to the servers, the lans should be firewalled, and each lan has to have it's custom rule, this, spending the least money possible.

What we have:
1 Windows 2003 Server box that's doing DHCP/DNS/AD/Sharing and Internal Firewall
1 Bridge to protect the w2k3 box from the internet and act as a proxy
1 D-Link Unmanageable 24 port switch

The solution we arrived:
Get:
1 Layer 2 Switch that supports VLAN and DHCP Relay
1 4 ethernet port NIC
1 Linux box
Put the 4 port NIC into the linux box, assign 4 different DHCP servers per port of the NIC, and put this Linux box for making the routing (maybe with Zebra?) so that every client can talk to each other (even if they are on different networks), and since we are here we can as well put this as an internal firewall, then the W2K3 box would be left for doing only DNS/AD and sharing, thus leaving it with a lot of less work. Then we would create 4 vlans on the manageable switch, with 2 ports each, one for a new unmanageable switch, and another connecting each vlan to a different dhcp server on the linux box, then set up 4 DHCP Relays, one for each vlan of course.
Do you guys think this might work?
The administrator has disabled public write access.

Re: D-Link, 3COM and manageable switches 8 years 4 months ago #26975

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Wonderfull, Agree on all, except for 2 things, First I don't see why you will need DHCP relay agents any more since you are setting separate DHCP servers for each VLAN. Second, The "1 D-Link Unmanageable 24 port switch" would physically still be connecting all VLANs together, although logically they are separate. Nothing is wrong with that, but if you are VERY concerned with security issues, then that is not the best way to do it. Although your traffic between the VLANs will be flowing through the router (linux box), some hacking software is available that can sniff un-man. switches. In other words, listen to other VLANs on the same un-man. switch.

The perfect solution off course would be to have 4 un-man switches, you can by 8 or 12 port un-man switch cheap. Again, this is just for security issues, not a big deal if you don't care.

By the way, do you really have to separate into subnetworks, you might as well just run 1 VLAN, 1 DHCP, no router, firewall between you and internet, and thats it.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: D-Link, 3COM and manageable switches 8 years 4 months ago #26977

  • zarnick
  • zarnick's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Unfortunately, yes, I do need to make the different VLANs, I can of course just make different subnetworks if I can get the 4 port NIC, and start with 4 un manageable switches, I would like to have the manageable switch tough, so I can easily implement some QoS between the different VLANs (we have some kind of problem with bandwith, and this could help us a lot saving some bandwith if I'm wright), so I really think I could start with the 4 port nic, 4 un manageable switches and build up from that...what do you guys think?
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.093 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup