What will your router be and can it handle vlans.
Hey guys, I would really appreciate some suggestions on how to setup my vlans on a home network
I would like to setup 3 vlans
1 vlan for DMZ so I can host and Exchange OWA site, a Lync IM server and a website
1 for home LAN - a domain controller and SQL server with 7 pcs
1 for guest network for users only to be able to get to internet
the same servers will have 2 nics for the Exchange server, Lync server and the website and will need to available both to DMZ and local LAN
I have a DLInk DGS1224T smart switch to setup the vlans on
I assume I will need an individual DHCP and DNS server for each VLAN? is that correct?
suggestions please. AM I on the right track?
Last edited by sheetzdw; 12th January 2013 at 06:10 PM.
What will your router be and can it handle vlans.
I have a motorola cable gateway device that I was goign to just set to DMZ for everything
then I have a Netgear VPN firewall that I am not sure if can handle vlans. I know my switch has setup for the vlans
I also have a Watchguard wireless X10 that I could use which I am almost sure can handle the vpns
Last edited by sheetzdw; 12th January 2013 at 06:59 PM.
VPNS's and VLANS are totaly different technologies.
You need to diagram what you want to achieve, that will make it easier to assist.
sheetzdw (12th January 2013)
SO it looks like my firewall allows me to setup the different subnets and use itself as the gateway for each vlan subnet , it looks like then I just need to setup the devices on each vlan to use the gateway address I used when configuring multihoming on the Netgear Firewall...
so far sound correct?
I am just looking at high level - is this idea recommended?
each vlan can go out ot the internet but not access the other vlans
Last edited by sheetzdw; 12th January 2013 at 10:07 PM.
I guess I dont quite get if I need to do tagging
since I have one switch and 3 vlans on the same switch it simplifies things
Can the firewall and Netgear do 802.11Q Trunking , if not does it have enough ports for each of the vlans?
And you don't want the three networks to talk to each other, is that correct?
Last edited by twin--turbo; 13th January 2013 at 09:41 AM.
Unfortunately it doesn't look like any of your hardware is up to the job that you want it to do.
The VPN router is really a home/small business device and has no VLan support whilst the smart switch will probably support simple port based VLans and uplink tagging unless it supports vlan routing your stumped.
Circa 2008 the router only supports something called LAN Grouping where each of the four LAN ports can be connect to different IP ranges, the firewall is capable of forwarding from WAN to a specific port group.
You could probably create a few groups of switch ports on different LANS on the switch
EG VLan1, 2, 3 and connect 3 uplink cables from each port group to ports 1,2,3 on the Wifi Router
The router then appears to be able to allow traffic from each VLAN to share the Internet connection but that's about it.
Its not a good solution even for a test lab, you really need a layer 3 routing device to route traffic between your networks, either at the switch level or the gateway device and the Wifi on the router itself is another headache as that doesn't seem to have any serious management other than MAC filtering.
Whilst your ideas are sound it would appear that the equipment your trying to utilise is falling well short of of your needs to fulfill them.
sheetzdw (13th January 2013)
Thanks so much!!!
SO is there any recommendation for a cheap layer 3 router so I can play around with vlans?
The X10 - should do what you need without needing to use VLans - setup ETH0 as external, ETH1 as your Home Lan and ETH2 as your DMZ - control access to the DMZ from external/Internal (ETH1) - the Guest access is easily setup using the Built in wireless.
All routers are layer 3
Any decent Layer 2/3 switch will do VLANS as you need them, If you look at the likes of Cisco and HP you'll find plenty that will do VLANS - pretty easy to setup and configure.
InterVLAN Routing using Router on a stick - YouTube
This way you can send all your VLans up a single cable to a Router and have Virtual Interfaces send the packets back to the required neighbours.
You could do a lot worse than buy one of these RouterBoard.com : RB2011L-IN
At $90 they are incredible devices but RouterOS in itself is quite a challenge for a novice but it will do everything you want
you would need this if you have then VLAN entities as completely seperate networks, the vlan will stop any DHCP request going to a differet vlan. i.e. you have 2 rings each on different vlans so you would need a dhcp on each
alternatively you can use a layer 3 device and either route-on-a-stick or route on device so you can put dhcp on all the vlans and have it accessable to all units
dont really come across this in teh industrial world much so its normally a enterprise thing
There are currently 1 users browsing this thread. (0 members and 1 guests)