Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up new VLAN

Status
Not open for further replies.
HeathRamos

HeathRamos

IS-IT--Management
Apr 28, 2003
112
0
0
US
I am looking into setting up VLANs in my company but know very little about it.

We currently have multiple buildings in a single subnet using various managed switches (ProCurve 2650, 2626, 5304). We use a Windows 2000 DHCP server.

I want to set up two VLANs, one for employees and one for guests to use for Internet Access only. Guests would get a dedicated port in one of 4 conference rooms, each located in different buildings.

I understand you can dedicate a port to a particular VLAN (and in the case of the guest VLAN, I could make their default gateway the firewall and allow them to go out port 80 for instance) but the DHCP aspect concerns me (as well as license servers that broadcast).

Lets say my DHCP server for a scope for 192.168.x.x right now and I want to add a scope for 10.10.1.x for use for the guest VLAN. How would I assign a scope to a VLAN? Am I thinking about this wrong?

What about WINS? Or licensing servers that broadcast?
 
Sort by date Sort by votes
I've been trying to do almost the exact same thing. I've have a number of procurve switches and a 5308 core switch.

I've pretty much got everything working. I have two vlans(vlan1 & vlan2). Vlan1 is my management vlan which my employees are on. I've setup multiple ports on vlan2. I have a dhcp connected to vlan2. The dhcps servers assigns pc's on vlan2 the default gateway of my 5308 core switch which router them out to the internet but also blocks all other access to vlan1. I used access-lists to block users on vlan2 from accessing devices and vlan1 except for my firewall.

Do you want to prevent the people on the guest vlan from accessing anything other than the internet on the employee vlan?
 
Upvote 0 Downvote
Where do you terminate the VLAN's??? What I do is to terminate them on a firewall that supports VLAN and serving DHCP on the different subinterfaces...

i2007
 
Upvote 0 Downvote

I terminate the vlans at the core switch (hp5308) or gateway. My coreswitch is setup with access-lists to prevent members of vlan2 from accessing certain members of vlan 1. My firewall is on vlan 1 so, I have an access list to permit vlan2 members access to the firewall. The nice thing about the HP 5308 is that is supportd extend access-lists that allows me to block traffic based on the connecting port. My firewall has a outbound permit command setup to allow vlan2(192.168.163.0) members access to the internet via tcp port 80 and 443. Most of my members on vlan1 (172.16.0.0) are denied access to internet via those ports and are required to use a proxy.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

eca2
  • Locked
  • Question
Basic VLAN Configuration
Replies
1
Views
55
AH64Armament
AH64Armament
kryptor
  • Locked
  • Question
VLANs causing me a headache!!
Replies
1
Views
125
meneerB
meneerB
PretorianGhost
  • Locked
  • Question
VLAN Trunking J9782A
Replies
3
Views
72
VinceWhirlwind
VinceWhirlwind
EdwardElric
  • Locked
  • Question
Port error not showing up (Hp V1910-24G Switch JE006A)
Replies
0
Views
55
EdwardElric
EdwardElric
DUMB4EVER
  • Locked
  • Question
3COM 3CR17333-91/HP 4210 VLAN questions
Replies
0
Views
48
DUMB4EVER
DUMB4EVER

Part and Inventory Search

Sponsor

Back
Top