9

I'm trying to plan for the following Small Office network setup:

enter image description here

  • 3x Internet connections
  • Things connected to the port in each colour can only get routed through their corresponding internet port.

for example:

Internet 1 (RED) - ports 4, 6, 8, 10 ... 22, 24 only go out via port 1.

I don't care if a device from the RED ports can see a device from another colour.

Is this called VLan segmenting? Do I need to tag each port a VLAN ID?

Yes, I'm new to this so please be kind. Of course, I've got the wrong terminology so I would also be grateful for any help in getting corrected on the terminology used, here.

Further notes: - I'm only using one switch. not two or more than need to joined. - 3x internet connections because it's cheaper in AU to get 3x ADSL connections that 1x 'fast office' internet (like 40/10 or 100/10, etc)... - Each internet connection is doing something unique (eg. voip vs internet vs multimedia)

UPDATE 1:

Also, I'm assuming each colour would have it's own IP range? eg.

  • RED : 192.168.0.1/24
  • YELLOW: 192.168.1.1/24
  • BLUE: 192.168.2.1/24

(and the modem/routers are acting as the DHCP servers for those coloured ports).

UPDATE 2: Switch is a brand spankin' new Ubiquiti Unfi 24port Switch.

fukawi2
  • 5,327
  • 3
  • 30
  • 51
Pure.Krome
  • 6,338
  • 17
  • 72
  • 86
  • 3
    Yes, this is an example of using VLAN's. No, you would not tag the ports. You need to assign the ports to the appropriate VLAN's. – joeqwerty Sep 23 '15 at 00:33
  • Tag the ports? that's different to vlan's? – Pure.Krome Sep 23 '15 at 00:34
  • 1
    I don't understand what you're asking. Each port would be assigned membership in the appropriate VLAN. Those ports are untagged. A trunk port (a port connecting two switches together) would be tagged so that it tags each Ethernet frame passing through it so that a switch on the other end of the connection knows to which VLAN the frame belongs. Access/Host ports do not normally get tagged. – joeqwerty Sep 23 '15 at 00:38
  • 1
    And just to keep you up to speed, hosts in one VLAN cannot communicate with hosts in another VLAN except through a router that has connectivity to both VLAN's. – joeqwerty Sep 23 '15 at 00:40
  • And some additional information: If the hosts in each VLAN never need to communicate with the hosts in any other VLAN then technically you could use the same Layer 3 subnet/ip addressing scheme in each VLAN, but this wouldn't be considered an orthodox way of doing it. – joeqwerty Sep 23 '15 at 00:43
  • "tagging" is a VLAN term to describe adding an extra header to each packet to identify the specific VLAN it's going to/coming from. You want this all done in the switch if possible so you don't have to mess with assigning VLAN ids on the client NICs. – Brandon Xavier Sep 23 '15 at 00:44
  • There are also commercial offers for combining the three uplinks by creating tunnels and then balancing the load, which would give higher peak throughput and better handling of link failures. – Simon Richter Sep 23 '15 at 12:44
  • Also see, http://networkengineering.stackexchange.com/ – MrDuk Sep 23 '15 at 13:31

1 Answers1

12

VLANs are a technology used to sub-divide physical switches into smaller logically-isolated layer 2 broadcast domains, and also to enable one switch to inform other connected switches which VLANs each ethernet frame is assigned to.

Whether or not your switch supports 802.1q VLANs is something you will need to determine on your own. Not all switches do support 802.1q. Generally-speaking, user-facing ports get assigned as un-tagged VLAN members, and ports between switches get assigned as tagged VLAN members.

As for routing, this is something that VLANs (in your case) have no influence on. You will still need a router connected to each VLAN to serve as the default gateway for each VLAN/subnet.

As a small example of how this might go, if you want three VLANs connected to three different routers, you create the three VLANs and then assign switch ports as untagged members of their VLAN. One port on each VLAN gets connected to the router, and the rest of the ports are available for other devices: Wireless Access Points, Workstations, printers, etc.. The router for each VLAN will need to fulfill DHCP, DNS, NAT, etc. duties for its assigned subnet. Keep in mind that in this situation (with three different independent and isolated routers), systems on one VLAN will have no way of communicating with systems on another VLAN. To remedy that situation, you will likely need to have a single router which is uplinked to the switch via a VLAN trunk (tagged interface), and which serves as a router for all of your networks.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • @FilipEkberg Comments are not the place to discuss how the site is run. You can post on meta, or you can stay away from the site altogether as you said. Keep in mind that this is _not_ [so] and you should not treat it as such. – Michael Hampton Sep 23 '15 at 01:54
  • @Pure.Krome For a beginning, see [What's the difference between a switch, a router, and a modem?](http://serverfault.com/q/11807/126632) To send traffic between VLANs you need either a router, or a layer 3 switch (which includes a very basic router). The switch you named is _not_ a layer 3 switch and includes no routing functionality. – Michael Hampton Sep 23 '15 at 01:58
  • Thanks @EEAA for the updated answer (above) - that _really_ helps. I was planning on the routers doing dhcp, etc .. so that's all great :) I didn't know about the last part of your answer -> having a single _middle_ router (trunked) handle all three vlans and then do whatever it needs to do. very interesting! – Pure.Krome Sep 23 '15 at 02:10
  • @michaelhampton : thanks for the link also :) Very helpful and thoughtful. – Pure.Krome Sep 23 '15 at 02:10