• February 18, 2020, 04:12:40 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Question about Public IP(s) & Private IP(s) coexisting in the same switch  (Read 5551 times)

ulasozcelik

  • Level 1 Member
  • *
  • Posts: 1

First of all let me begin by saying that I'm a total noob when it comes to smart/managed switches. So forgive me if this is not even possible to accomplish.

Also, I know that this could easily be achieved by utilizing another switch by placing it between the cable modem and router, but I want to know if I can make do with just one switch. In the process, learn some of the more advanced techniques involved.

                      (internet)
                           ||
                          \  /
                   (cable modem)(which serves 10 usable Public IP(s))
                           ||
                           ||
                           ||
This CAT5e line with get connected to DGS-1224T's Port #1
                           ||
                          \  /
                    (DGS-1224T)

From here, I would like to connect a line between Port #2 of the DGS-1224T and my router's WAN port to obtain the first public IP. So far so good.

Here where it gets interesting. I then want to connect a line between Port #12 of the DGS-1224T and my router's (switch part - LAN segment) Port #1.

So basically I want to use Port #1 ~ #11 for Public IP addresses coming from the cable modem and use Port #12 ~ #24 for Private IP addresses that are controlled by my router/firewall (which is connected to Port #2).

Is this possible? If so, will there be any drawbacks?
Logged

Fatman

  • Poweruser
  • Level 9 Member
  • ****
  • Posts: 1675

Possible, simple even.

Just set up 2 VLANs, as it sounds like your equipment isn't VLAN aware except for the switch just make sure that every port you want to be able to talk is untagged on the same VLANs.
Logged
non progredi est regredi

Fatman

  • Poweruser
  • Level 9 Member
  • ****
  • Posts: 1675

The problem here is that if something goes wrong it could go really wrong.
Logged
non progredi est regredi

lizzi555

  • Level 5 Member
  • *****
  • Posts: 605

The problem here is that if something goes wrong it could go really wrong.

Why ? I'm running a similar configuration with 4 VLANs on the 1224T for more than 6 months now.
Works perfectly.
Logged

Fatman

  • Poweruser
  • Level 9 Member
  • ****
  • Posts: 1675

Because if the VLAN setup is incorrect you could end up with a WAN->LAN leak which could be a problem in a lot of deployments.

Even if that's up fine if you call in to troubleshoot they will almost certainly reset the device as part of troubleshooting (unknowing of the level of issue they might be causing).

The dangerous part of these leaks is that they could go unnoticed until they lead to big security issues.
Logged
non progredi est regredi

lizzi555

  • Level 5 Member
  • *****
  • Posts: 605

Thanks, now I understand what you are meaning.
So I won't call in for troubleshooting  ;D
Logged

Fatman

  • Poweruser
  • Level 9 Member
  • ****
  • Posts: 1675

I like that plan!
Logged
non progredi est regredi

Fatman

  • Poweruser
  • Level 9 Member
  • ****
  • Posts: 1675

Though strictly speaking the correct answer is that you should simply inform the tech person completely about your environment before troubleshooting and all will be well.
Logged
non progredi est regredi