Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[JayCee]

Here's my scenario:

I have 2 PCs connected to a dumb switch. Their purpose is for internet kiosk use, so I only want them to be able to access our gateway.

The switch is in turn connected to a DGS-1224T, port 22.
Port 23 on the DGS-1224T is connected to Port 17 on a DGS-3100-24TG (our main backbone switch)
Port 5 on the DGS-3100-24TG is connected to our gateway.

So the gateway needs to be shared across the entire network, but I don't want any communication between port 22 on the DGS-1224T and the rest of the network.

Can someone please explain how I should configure the VLAN settings on both the DGS-1224T and the DGS-3100-24TG? Do I need to use the asymmetric feature? If I've got VID 1 and VID 2, which ports need to be tagged/untagged on which VIDs to achieve the result I need?

Thanks in advance,
JayCee

[Fatman]

Here is the main problem, unless your gateway supports tagged VLAN interfaces, or has multiple Ethernet interfaces you can connect we are going to run into issues with having the gateway accessible to both VLANs.

Asymmetric VLANs could potentially help, but I would advise against them.  I would have to be held at gun point to configure them personally.

Also, I don't think we have a model DGS-3100-24TG, you must either be thinking of the DGS-3100-24 or the DGS-3224TG.

The key is to have ports between managed switches be tagged on every VLAN that must pass over that physical link.  Untagged ports are for connecting VLAN unaware devices (your unmanaged switch, or PCs for example).

[JayCee]

http://www.dlink.com.au/Products.aspx?Sec=1&Sub1=14&Sub2=26&PID=364

  You definitely have a DGS-3100-24TG! Maybe it's only sold in Australia?

Anyway the gateway has a 4-port hub built into it, and it can be multihomed, but I'm guessing even this won't provide true separation between networks, because they'll be linked via the hub in the gateway.

My thought was to have 2 links from the gateway to the DGS-3100-24TG, one connected to a port untagged on VID1, and one connected to a port untagged on VID2. I would then have my 2 Internet-only PCs on a separate subnet to the rest of the network, and have the gateway multihomed on the LAN so it has an IP address in both subnets and is the gateway for both. But as I said, even though the two networks would be on a different subnet, the two networks would still be physically connected by the hub in the gateway.

Ok so, I need a gateway that either supports 802.11Q or has 2 separate LAN ports that can't see each other, and has at least 2 WAN ports (we have 2 separate internet connections, one for main connectivity, one dedicated for a VPN to a remote office). Are you able to recommend any D-Link products that can achieve that?

[Fatman]

Wow, you get all the cool equipment down under.

Unfortunately I can't suggest products, and even if they did the product offering is apparently way different for you than it is for me.  That said our NetDefend Firewall line is awful spiffy.