Announcement

Collapse
No announcement yet.

Using an external facing VLAN on a LAN switch; Good? Bad? Indifferent?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using an external facing VLAN on a LAN switch; Good? Bad? Indifferent?

    I'm kicking around a network topology design and would like some input. (So in other words: Do you all think what I'm considering is crazy? )

    I have a small office that has just reached a milestone: They need a second static IP address! ::Throws Confetti:: Currently the network design is thus:
    Code:
    DSL Modem --> linkSys Rv082 Router --> ProCurve LAN switch
    However after the addition of a second IP address, it might look like this:
    Code:
                                           ---- > Phone System
    DSL Modem --> Dinky 4 port switch --> |
                                           ---- > LinkSys Rv082 --> ProCurve LAN Switch serving all devices
    However, I'm not liking the idea of using either a "dinky" little switch or a built-in switch in the DSL modem as a way of hanging multiple devices out on the 'net. I'd rather use something that can give me more information on network traffic (ideally, a firewall, but that isn't financially feasable). So here was my idea: The office LAN has a ProCurve 2610 switch that is VLAN aware. I was thinking about VLANing 4 ports of the Procurve and using that 4 port VLAN as the external switch. See if this diagram makes sense:

    Code:
                                                          ---> Phone system
    DSL Modem ---> 4 ports VLAN'd from the ProCurve ---> |
                                                          ---> LinkSys RV082 ---> ProCurve 2610 using remaining 20 ports for the LAN
    That way I can use the SFlow and SNMP data collected from the ProCurve on the LAN and WAN connections, among other things.

    Admittedly, my understanding of VLANs is limited, but I think this is feasible and shouldn't cause a loop or anything undesirable. Of course, what would the security implications be? The management VLAN would be on the LAN of course. Am I on the verge of doing something daft?
    Wesley David
    LinkedIn | Careers 2.0
    -------------------------------
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

  • #2
    Re: Using an external facing VLAN on a LAN switch; Good? Bad? Indifferent?

    Well, I gave it a go with an external VLAN on a LAN switch and all seems to be well. That is, at least the office can connect to the interwebs and vice versa. We'll wait and see what happens as the design grows with some extra devices and a change of ISPs. It seems to be technically sound... but my paranoia keeps flaring up.
    Wesley David
    LinkedIn | Careers 2.0
    -------------------------------
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

    Comment


    • #3
      Re: Using an external facing VLAN on a LAN switch; Good? Bad? Indifferent?

      I am doing this on my network. Basically we VLAN'd our core 6509 with about 10 ports and did not assign a IP to the VLAN. It works well for us.

      We used to have a single Cisco switch that handled this, but change it when we upgraded our network core.
      MCITP:SA, MCSA 2003, MCP, CCNA, A+, Net+, Security+

      Comment

      Working...
      X