Announcement

Collapse
No announcement yet.

How to separate network traffic from the servers on L2 switch

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to separate network traffic from the servers on L2 switch

    I have 3com Baseline 2924 L2 switch, where all my 8 servers are connected,

    All the servers and Client PCs are on the same network, and all the Client PCs need to access all the servers,

    Also one of these server is also DHCP server,

    I want to separate them so that I can increase security and performance, ( I am assuming that if I can some how setup VLANs then my servers will not receive any broadcast traffic and also not any unwanted malwares or viruses)

    How is this possible?

  • #2
    Re: How to separate network traffic from the servers on L2 switch

    If you're talking about blocking broadcast traffic, then what you need is separation of subnets, which means a router or an L3 switch acting as a router. Basic ARP traffic includes broadcasts to ident MAC address owners vs. IPs, so of they're all on the same subnet, they're all local to each other.

    If you had a single L3 switch to replace what you're using now, you could define one VLAN for the servers and a separate VLAN for the client PCs, and with a single command 'ip routing' in the running config, you've got a router.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: How to separate network traffic from the servers on L2 switch

      So in fact I can not separate my servers using the L2 switch and prevent Broadcast traffic?

      What about tagging the ports for all the servers and put them in vlan1 and the on vlan2 I have rest of the other ports untagged and all the server tagged ports?

      Comment


      • #4
        Re: How to separate network traffic from the servers on L2 switch

        Sorry, but VLANS equals subnets equals broadcast domains. Just adding vlan assignments to your ports won't solve your immediate problem--in fact it'll make things worse. In order to use vlans, you must divide up your total network into groups (servers, clients, printers, etc.) and each group, assigned to it's own vlan, must be on it's own subnet. And to cross from one subnet to another, which means from one vlan to another, you must have a router somewhere in your infrastructure. Routers are the devices which allow traffic to move from one network or subnet to another.

        As soon as you start using vlans without routing, traffic to/from those vlans stops because there's no crossing point to get from one to the other. It makes no difference if all the vlans are physically configured on ports that are all on the same switch. Pure switches are L2 devices, which means they speak MAC addresses, and don't understand IP addressing which is Layer 3.

        You can use the same L2 switch you have now and add a separate router to the mix, or replace your L2 switch with an L3 switch to accomplish the same task but not take up any more space. But it sounds like you'll want hands-on help from someone who is at least working on their CCNA cert to ensure it gets done to best practice standard.
        *RicklesP*
        MSCA (2003/XP), Security+, CCNA

        ** Remember: credit where credit is due, and reputation points as appropriate **

        Comment

        Working...
        X