No announcement yet.

two different networks through one switch

  • Filter
  • Time
  • Show
Clear All
new posts

  • two different networks through one switch


    First time poster here. I am trying to solve an issue where I need two different networks/subnets communicating between my Juniper firewall and my Cisco 2950 switch.
    On the firewall I took two ports and split them up by assigning them seperate vlans (these are layer 3 ports). One vlan (port) is setup for network 10.1.1.x network, and the other is setup for 172.90.60.x. Communication is fine when I take a computer and setup a static IP in that range and connect it to the correct port on the firewall.
    The problem is that we have a media converter coming into the main room that has both networks running on it and I need to split these up from our Cisco switch. Previous to implementing our firewall this media converter was plugged into our Cisco switch (all default config) and both networks on it could talk fine out to the ISP switch and to the internet.
    I can plug in one of the vlan ports from the firewall into the Cisco switch and then plug in a test computer into a seperate port on the switch (correct static IP range on the computer) and it works fine. I can do the exact same thing for the other network and that also works fine. But when I try to plug in both ports from the firewall at the same time, it looks like it creates a loop and shuts the one port down.
    How can I get this to work so I can have them communicate without creating a loop? Is it possible? What would the best way be to go about it? I really hope this setup works because there is no other solution that I can think of to firewall the two networks off of that one media converter.
    Please see the attached PDF. That will show you exactly what I am trying to do. If you need me to provide any additional information or such, I will gladly do that. I really appreciate your expert advice and opinions.

    Attached Files

  • #2
    Re: two different networks through one switch

    To simplify it even more. I need this: two connections coming off of the firewall (each connection hosting a different subnet), going into the Cisco switch. Then one connection (coming off of the Cisco) hosting the traffic coming from the two connections off of the firewall, going to the one media converter. All of this functioning without creating a loop.
    Hopefully this puts it into perspective a little better. Thanks much.


    • #3
      Re: two different networks through one switch

      Well it's definitely possible to get things setup.
      The reason the port shuts down is because a loop is created and thanks to spanning-tree one of the ports is shutdown to prevent the loop from taking down the network.

      On the firewall, are you sure that the port is setup with two VLANs or could it be a secondary IP address?
      How many NICs does the media converter have? If one, is it using VLAN tagging to separate the traffic?

      The proper way to separate the traffic is to setup two VLANs on the firewall and Cisco, making sure the VLAN numbers match and then configuring a trunk port between the firewall and the switch (both VLANs going over the same port).

      Another option would be to use access ports on the firewall and switch and plug matching VLANs together.

      With the proper setup there won't be any loops.

      Network Consultant/Engineer
      Baltimore - Washington area and beyond


      • #4
        Re: two different networks through one switch

        Thanks Jeremy. That is good to know that with some tweaking, it would be possible.

        Actually on the firewall, each port has its own vlan. So fe-0/0/1 would be setup to allow traffic, and port fe-0/0/2 would be setup to allow traffic. Hopefully this clarifies things a bit; it looked like you might have interpreted it as being a single port with multiple vlans on it.

        The media converter is just a single one with one SC fiber port, and one 1 NIC port on it. I'm not sure how it is setup (I didn't set them up initially), but I do know that when that media converter is plugged directly into the ISP switch, both networks down the line can get out to the internet fine, so I believe it is using vlan tagging.

        The NIC question you raised is interesting. If I were to get a media converter with two NIC ports on it, would this be easier than trying to setup the switch and firewall to talk? So it would be port fe-0/0/1 from the firewall going into NIC 1 on the media converter, and then port fe-0/0/2 going into NIC 2 on the same media converter.

        If you think that would work and be easier, I will order one of these media converters. Otherwise in the meantime I will try and implement the configurations you recommended to see if I can get it to work. I appreciate the input.