More Baystack questions on mangement

[rdgordon]

What's the advantages to managing switches and not just pluging them in and leaving them be. Thanks

 

[jimbopalmer]

Some equipment does not auto-negotiate, you want to be able to override the defaults.

You sometimes want to know WHO is downloading the entire internet.

Sometimes you want to upgrade the firmware without driving the miles to the equipment.

I get requests to block so-n-so from internet access, but allow network access

If a NIC goes bad and pretends to be the router for that network, you need tools to figure out which one is bad.. I tried to remain child-like, all I acheived was childish.

 

[Yozhik]

One word

VLAN's

Wont get them on an unmanaged switch. (You wont get it on some managed switches too but that is not the point) One of the best things about managed switches in my opinion is that they can have the ability to VLAN.

For more info though I would suggest picking up one of the CCNA books. I use the CCNA Exam Cram Guide as a basic bible. If you read up the section on switches in there you will see the many benefits of managed switches.

 

[rdgordon]

Thanks guys, great info. One more question, do you have to set up a VLan to limit so-n-so from accessing the internet, is there a brief explanation to how you limit someone from accessing the internet with a switch. I didn't see that in the switch books.

thanks

 

[jimbopalmer]

[confession time] i read your posts in the wrong order, I manage internet access in my next switch up the Passort 1200

that said, if the port to the router is not in the VLAN the user uses, his packets won't go there. I tried to remain child-like, all I acheived was childish.

 

[Yozhik]

I dont know too much about this on Bay switches but on Cisco switches you can restrict certain ports to talk only to one destination port or to only allow a certain MAC address on one port. Maybe this could be used?

To do it by splitting the network into VLAN's would work but you would need a router to allow any communication between the two VLAN's. So if the VLAN with the internet connection can be entirely independent of the other VLAN(s) then yes this would work ideally.

If the pc's that you do not want on the internet VLAN need to talk to some of the pc's that are on the internet VLAN then you are probably better to simply put them in the same VLAN and set up your internet router/firewall to restrict permissions on that. I am assuming your internet connection is connected to some kind of routing device whether it is a router or a PC with routing/firewall software. This should have the ability somewhere to set up rules as to who can access the internet.

I usually only use VLAN's if I want two totally independant networks and by the sounds of it, what you want is some pc's on your network to have internet access while others on the same network do not. So in this situation VLAN's is not ideal. I would suggest looking into your firewall software.

 

[jimbopalmer]

this shoiuld work on the 350-24ts, the 350t I am not as sure of, if evey device is on VLAN 1 and the PCs have a PVID of 1 but the router has a PVID of 2, then put the router and only those PCs you want to have access also on VLAN 2

then those PC you want not to have access, cannot hear the router, but all PCs can hear each other I tried to remain child-like, all I acheived was childish.

 

[Yozhik]

The pc's will not be able to hear eachother if they are on two seperate VLAN's. They will only see/hear the pc's in the same VLAN. You would need a second router to allow comunications between the VLAN's thus creating additional and unnecessary requirements.

 

[jimbopalmer]

They are not seperate VLANS, they overlap

Every device is on VLAN 1, so everyone will hear packets with a PVID of 1, only the router has a PVID of 2 and only those PCs you want to have internet access are also in VLAN 2

As I say I do not think the 350T are this sneaky but the 350-24Ts should support this

I tried to remain child-like, all I acheived was childish.