Tom's Hardware > Forum > General Networking > General Gateways, Routers and Firewalls > Multiple Subnet VLAN's sharing Internet Access

Multiple Subnet VLAN's sharing Internet Access

Forum General Networking : General Gateways, Routers and Firewalls - Multiple Subnet VLAN's sharing Internet Access

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
ryanz   04-20-2007 at 09:23:39 PM

Hi guys,

This post seems to be closest to what we need.
http://forumz.tomshardware.com/net [...] 21617.html

Could someone check or advise if this is correct using a Netgear FSW7326P L2/L3 switch.

We need to give 3 Subnets Internet Access through a pre-configured Firewall Gateway but the 3 Subnets must NOT be able to share data between each other (unless enabled later)

Here are some basic network details:
-------------------------------------------
Firewall Green IP : 192.168.0.1 (Internet Gateway)
Netgear Layer2/3 Switch IP : 192.168.0.254

Subnet-0 : 192.168.0.0/24 (Switch & Firewall Gateway)
Subnet-1 : 192.168.10.0/24
Subnet-2 : 192.168.11.0/24
Subnet-3 : 192.168.12.0/24

All subnet masks : 255.255.255.0
All IP's assigned statically, no DHCP running.


VLAN SET UP (SWITCH, VLAN, CONFIG):
-----------------------------------------------

MODIFY VLAN 1 (UNTAGGED):
Ports 1-24 "Default"

Create VLAN 2 (UNTAGGED):
Ports 1-4 "Switch & Firewall Gateway VLAN"

Create VLAN 3 (UNTAGGED):
Ports 5-9 "Subnet-1 VLAN"

Create VLAN 4 (UNTAGGED):
Ports 10-14 "Subnet-2 VLAN"

Create VLAN 5 (UNTAGGED):
Ports 15-19 "Subnet-3 VLAN"

Create VLAN 6 (UNTAGGED):
Ports 1-20 "Internet VLAN"


VLAN PORT CONFIGURATION (SWITCH, VLAN, PORT CONFIG):
------------------------------------------------------------------------

VLAN 2 (ADMIT ALL):
Ports 1-4

VLAN 3 (ADMIT ALL):
Ports 5-9

VLAN 4 (ADMIT ALL):
Ports 10-14

VLAN 5 (ADMIT ALL):
Ports 15-19

VLAN 6 (ADMIT ALL):
Ports 20

Is this the correct setup to allow all subnets access to the internet on Subnet-0 while preventing inter-subnet access?

Add a reply
Sponsored Links
Register or log in to remove.
El0him   04-22-2007 at 04:42:36 AM
- 0 +

This deployment is not correct. You need to create all layer 3 vlans, filter traffic between the three vlans, and route all internet bound traffic through a point to point between the firewall and a layer three interface on the switch. You could also create three layer 2 vlans, doing router on a stick with the firewall, assuming the firewall understands vlan tagging or you need to put a router between the firewall and switch and do router on a stick. Either way you need to deny all traffic inter-vlan.


Quote :

Hi guys,

This post seems to be closest to what we need.
http://forumz.tomshardware.com/net [...] 21617.html

Could someone check or advise if this is correct using a Netgear FSW7326P L2/L3 switch.

We need to give 3 Subnets Internet Access through a pre-configured Firewall Gateway but the 3 Subnets must NOT be able to share data between each other (unless enabled later)

Here are some basic network details:
-------------------------------------------
Firewall Green IP : 192.168.0.1 (Internet Gateway)
Netgear Layer2/3 Switch IP : 192.168.0.254

Subnet-0 : 192.168.0.0/24 (Switch & Firewall Gateway)
Subnet-1 : 192.168.10.0/24
Subnet-2 : 192.168.11.0/24
Subnet-3 : 192.168.12.0/24

All subnet masks : 255.255.255.0
All IP's assigned statically, no DHCP running.


VLAN SET UP (SWITCH, VLAN, CONFIG):
-----------------------------------------------

MODIFY VLAN 1 (UNTAGGED):
Ports 1-24 "Default"

Create VLAN 2 (UNTAGGED):
Ports 1-4 "Switch & Firewall Gateway VLAN"

Create VLAN 3 (UNTAGGED):
Ports 5-9 "Subnet-1 VLAN"

Create VLAN 4 (UNTAGGED):
Ports 10-14 "Subnet-2 VLAN"

Create VLAN 5 (UNTAGGED):
Ports 15-19 "Subnet-3 VLAN"

Create VLAN 6 (UNTAGGED):
Ports 1-20 "Internet VLAN"


VLAN PORT CONFIGURATION (SWITCH, VLAN, PORT CONFIG):
------------------------------------------------------------------------

VLAN 2 (ADMIT ALL):
Ports 1-4

VLAN 3 (ADMIT ALL):
Ports 5-9

VLAN 4 (ADMIT ALL):
Ports 10-14

VLAN 5 (ADMIT ALL):
Ports 15-19

VLAN 6 (ADMIT ALL):
Ports 20

Is this the correct setup to allow all subnets access to the internet on Subnet-0 while preventing inter-subnet access?

Reply to El0him
ryanz   04-22-2007 at 03:00:39 PM
- 0 +

Thanks for the reply el0him,

I don't think Smoothwall can handle vlans so I'll need to make another plan or get another type of firewall. Can you suggest an open source firewall or other?

Anyway, I've now played with two setups, one as detailed by the thread from spiralclimbing and one where I setup the Netgear L3 to handle multiple vlans with inter-vlan routing.

The inter-vlan routing option is nice because it allows us to have various subnets but I'm not sure its the otion as the other subnets have access to all services on the main + internet subnet, I think due to the inter-vlan routing function.

The otion from spiralclimbing is more strict and keeps the vlans locked down due to no inter-vlan routing but all vlans are on the same subnet.

Reply to ryanz
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > General Gateways, Routers and Firewalls > Multiple Subnet VLAN's sharing Internet Access
Go to:

There are 1340 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.319 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them