Setting up dedicated network for infected machines - who does this?

allanc said:
You have piqued my interest;)
Which specific model of D-Link? ... please.
Click to expand...

The DGS-1210-24 to be exact. However after a quick look at the data sheets for both the DGS-1210-24 and the SG200-18 I think I know what the difference is. The DGS-1210 series from D-Link supports Asymmetric VLAN's. I think the cisco similar feature is called Multi-VLAN Port segmentation or something along those lines which the SG200-18 doesn't support.
 
Nerm said:
The DGS-1210-24 to be exact. However after a quick look at the data sheets for both the DGS-1210-24 and the SG200-18 I think I know what the difference is. The DGS-1210 series from D-Link supports Asymmetric VLAN's. I think the cisco similar feature is called Multi-VLAN Port segmentation or something along those lines which the SG200-18 doesn't support.
Click to expand...

I came to the same conclusion when looking through the documentation on your switch... Asymmetric VLANs.

It appears the Cisco flavour is called just "Multi-VLAN Port" but it is only supported on a limited number of Cisco switches not including the 300 series either.

I can see the appeal of it for those whose configuration can take advantage of it and are on a limited budget. I still prefer the more traditional segmentation route (pun intended ;)) but its exactly that… a preference.

I suspect the feature will find its way to 200/300 series switches eventually but being version 1.1 of the O/S was just released, it probably won't be anytime soon.

Allanc, I guess you have a decision to make. :)
 
geekgee said:
I came to the same conclusion when looking through the documentation on your switch... Asymmetric VLANs.

It appears the Cisco flavour is called just "Multi-VLAN Port" but it is only supported on a limited number of Cisco switches not including the 300 series either.

I can see the appeal of it for those whose configuration can take advantage of it and are on a limited budget. I still prefer the more traditional segmentation route (pun intended ;)) but its exactly that… a preference.

I suspect the feature will find its way to 200/300 series switches eventually but being version 1.1 of the O/S was just released, it probably won't be anytime soon.

Allanc, I guess you have a decision to make. :)
Click to expand...

Well, the SG300-20 is $423 CDN$ and the Dlink DGS-1210-24 is $270.

I am definitely not a networking expert.
Other than '$' - what are the advantages of a layer-3 switch versus 'Asymmetrical Vlans'?
 
Seperate domain and restricted firewall

I use a doamin for my systems.

I put the cleaned systems on a seperate Lan Segment with very restricted firewall and internet access only.

Only shared network componnet are switch, router, cables.
 
I use an IPCOP firewall with a DMZ interface in addition to the one for my server 192.168.0.0/24, rest of network is on an different subnet .Only allows access to port 80 outbound and is completely isolated from the rest of my network. Viruses are becoming more and more sophisticated especially with most people having their "network" why risk it.
 
Nerm said:
It is strange that the SMB layer 2 cisco cannot do what you were trying to do but SMB layer 2's from other brands can, specifically a $200 24-port D-Link. You would think if any brand would be more robust it would be the cisco.

If you can return the SG200-18 and get an SG300-20 for less than the combined price of the sg200-18 and the sg300-10 then that is the way to go I think.
Click to expand...
I purchased the SG300-20 and I am having exactly the same problem.
When I specify that the PVID of port 16 is PVID 1016, port 16 is automatically removed from VLAN 1 and therefore looses Internet access.
I am missing something very basic and I do not know what it is that I am not understanding - I do not know the question to ask.
All assistance is greatly appreciated.
 
Can you post your config again Allanc? Should make it easier to see what you are trying to do with each port. :)
 
TLE said:
Can you post your config again Allanc? Should make it easier to see what you are trying to do with each port. :)
Click to expand...
Let us start with 'baby steps' first.
With this configuration, a PC on port 5 cannot see the router on port 1 and therefore has no Internet access.
 

Attachments

  • 01.jpg
    01.jpg
    82.9 KB · Views: 103
  • VLAN_01.jpg
    VLAN_01.jpg
    42.9 KB · Views: 100
  • VLAN_20.jpg
    VLAN_20.jpg
    47.8 KB · Views: 90
  • VLAN_30.jpg
    VLAN_30.jpg
    42.3 KB · Views: 86
Nerm said:
If you change port 1 mode to trunk does the same issue still occur?
Click to expand...
After many, many hours of reading and getting nowhere....
I 'think' that layer-3 has to be enabled on this (Cisco SG300-20) switch.
According to what I have been reading - the switch is set to layer-2 out-of-the box.
Does this make sense?
 
I have 2 Netgear GS108T 8-port smart switches ($99) to segregate my network. On the first switch I have office and work computers on one VLAN, a second VLAN for wireless and a third VLAN going to the second switch.

On the second switch each port is isolated on its own VLAN. It took some trial and error to set it up - about 1 -1.5 hours but I am pleased with the results.
 
allanc said:
After many, many hours of reading and getting nowhere....
I 'think' that layer-3 has to be enabled on this (Cisco SG300-20) switch.
According to what I have been reading - the switch is set to layer-2 out-of-the box.
Does this make sense?
Click to expand...

Yes... that's correct. The switch comes from the factory in "Layer 2 Mode".

You use the "Console Menu Interface" to change it to "Layer 3 Mode". I believe it can be done using the CLI too if on the 1.1 version of the firmware.
 
geekgee said:
Yes... that's correct. The switch comes from the factory in "Layer 2 Mode".

You use the "Console Menu Interface" to change it to "Layer 3 Mode". I believe it can be done using the CLI too if on the 1.1 version of the firmware.
Click to expand...
Still no success.
I have checked that the switch is in layer-3 mode.
Basically, the only way that a port can see the router is if it is in the same VLAN, untagged with the same PVID.
Are there any other settings that I could be missing at a very basic level?
Is there some check box that I am missing in the 400+ pages of documentation?

Thank you very much in advance.
 
allanc said:
Still no success.
I have checked that the switch is in layer-3 mode.
Basically, the only way that a port can see the router is if it is in the same VLAN, untagged with the same PVID.
Are there any other settings that I could be missing at a very basic level?
Is there some check box that I am missing in the 400+ pages of documentation?

Thank you very much in advance.
Click to expand...

Yes, each port that you want to access the internet would have to be a member of the VLAN the WAN port is in.

Example port memberships: (port1 is WAN port, port2 is connected to PC1, and port3 is connected to PC2. Ports 2 and 3 are in seperate VLAN's so they cannot communicate with each other.)
port1: VLAN1
port2: VLAN1 and VLAN2
port3: VLAN1 and VLAN3

Regardless to accomplish what you are wanting to do you will have to tag ports to multiple VLAN's. Assigning each port on the switch to only one VLAN will not work in this scenario.
 
You must log in or register to reply here.

Similar threads

K
Anyone currently using MeshCentral?
Replies
1
Views
568
Sky-Knight
Sky-Knight
HCHTech
Slow opening times for files on a network drive
Replies
10
Views
2K
trevm999
trevm999
GTP
No going back!
2 3 4
Replies
60
Views
3K
Sky-Knight
Sky-Knight
callthatgirl
Does Classic Outlook and New Outlook share any data files?
Replies
0
Views
269
callthatgirl
callthatgirl
HCHTech
Comcast Business Service - What am I looking at?
Replies
4
Views
805
Markverhyden
Markverhyden
Back
Top