ok for the last week I've tried racking my head around this... I have a SRW208P with 802.1q support, and a virtual endian appliance.
I would like to be able to have 3 vlans having everything routed through the endian appliance..
i.e. The Virtual server has 2 bridged NIC's to the switch. This is where I'm getting confused .. On the 8 port switch I've got the 3 vlans set up ok (all being untagged as they are not going to be vlan aware), it's the port I'm connecting the endian firewall to the switch I'm having trouble with (second nic goes to the adsl modem and NAT'd) Is it meant to be a trunk, "Genereal" or "Access" then untagged or tagged?
the end goal is to have vlan traffic routing through the single NIC and have endian route vlan traffic according to the rules.
Any one have any ideas on the cisco small business stuff?
Thanks
If you have 802.1q set up on your server then the port connecting to the server needs to be tagging the VLAN's and would be a trunk. The connection to your ADSL modem would be an access/untagged port belonging to one of the VLAN's you're sending to the server.
Setting up the trunk should be something like the following,
If you can let us know the make/model of the device your using and provide the config it would help further investigate if this doesn't work
So you have a port with three VLANs conneected to a firewall so that the firewall can arbitrate access to / between the VLANs. This is a good thing.
The firewall is smart, and trusted, and you're dealing with multiple VLANs on a single port. Typically this indicates that you should use "trunk" mode, and that all of the VLANs should be tagged on that port. The firewall will then be configured to tag all packets on that interface, do its duty, and everything will be both hunky and dory.
Access mode is appropriate if you are using a single port, have a single VLAN associated with it, and the device connected to that port is dumb and / or untrusted. Usually access mode ports are untagged.
General is a bit more middle-of-the-road. It permits you to have a default VLAN that is untagged (untagged packets are automatically assigned to that VLAN) as well as tagged VLANs associated with it. It really isn't a great choice unless you need it, in which case you don't have a choice.