Home / server / Questions / 184731
Accepted
Alexey Shatygin
Asked: 2010-09-26 20:42:32 +0800 CST

Internet access for a number of diffirent VLAN's

  • 772

There is about 60 UTP cables coming from some different offices into a server room. Every cable could be lead to a single computer or the unmanaged network switch. I need to give them all an Internet-access, but the one thing I don't need is some of them must not be in the same subnet, like the others.

The second thing, is the number of the subnets could be changed time after time and I need to be able to move the relevant ports on the switch into a new subnet quickly.

So I need some managed network switches, to be able to manage all of the cables in such a way, to be able to put them all in one subnet, or split all of them by 60 different subnets. I choose the FreeBSD server as a router.

For example, we've got five subnets:

  1. 192.168.0.0/24 takes 30 ports, gets 192.168.0.1 VLAN interface as the gateway
  2. 192.168.1.0/24 takes 10 ports, gets 192.168.1.1 VLAN interface as the gateway
  3. 192.168.2.0/24 takes 5 ports, gets 192.168.2.1 VLAN interface as the gateway
  4. 192.168.3.0/24 takes another 5 ports, gets 192.168.3.1 VLAN interface as the gateway
  5. 192.168.4.0/24 takes 10 ports, gets 192.168.4.1 VLAN interface as the gateway

Can I do this with only two stacked L2 switches (48+24 pots, and if I can, how can I do this) or I have to use at least one L3 switch? Which hardware is better to use in that case (has to be not too expensive)?

hardware networking vlan switch

2 Answers

  1. Best Answer

    As long as your switches and private interface of your router support 802.1q, then you should be fine with L2 switches. I've put together networks very similar to this using cheap Cisco L2 switches, connected to pfSense running on an embedded Alix 2d3 board. I can create and destroy VLANS on the router at will, and maintain very fine-grained ACLs as to what type of traffic is allowed to/from each VLAN.

    When I implemented this, I used Cisco Catalyst 2950s. You'll have one switch serving as the "core". This switch will have one 802.1q trunk to your router, and one (or more) 802.1q trunks to each of the other switches. All of the access ports (ports that the end systems connect to) will be untagged member ports of whatever VLAN they need to be assigned to.

    • 4

  2. Use Cisco Base Layer 2 switch(Catalyst 2960 Series) and 1U rack server(Dell,HP or Intel server chassis) with two NIC.

    • 0