Help: Low-Cost Switch with VLAN routing / LAN Segmentation?

Hi All,

We have a SonicWall 3060 Firewall with Zone support (Port-based LAN segmentation) and we like to connect a switch to this firewall. Zones on the firewall allow filtering of database between subnets - and this is very important for us.

We like to use one switch to handle all the subnets.

Are there any switches that support LAN segmentation by port? (i.e. Port 1

- 12 = 192.168.1.x, Ports 13 - 24 = 192.168.2.x?). Ideally we like to segment the switch phyiscally (i.e. split a switch in 2, 3, etc?).

Unfortunately our firewall doesn't support VLANs... Can switches do VLAN routing on their own?

Any suggestions on what switch to buy?

Thanks!

Reply to
Lucas Tam
Loading thread data ...

I'm pretty sure that any switch that supports VLANs will support port based VLANs. The other ways of assigning VLANs are more advanced features and will require a higher-end switch.

A simple switch cannot route traffic between VLANs but you would be using your Sonicwall to do that. I think the latest SonicOS does support VLANs, but this is really only helpful if you want to do multiple Zones per interface.

Setup a VLAN for each Zone. Each VLAN will have one port which will be connected to that Zone's interface and other ports to connect to the users you want in that Zone. If you need to move a user from one Zone to another you just change the VLAN their port is associated with.

We use 3Com 4200 series switches for this but any VLAN aware switch should work.

Note that while VLANs can make a single switch appear as several distinct switches, their focus isn't security. The VLAN separation inside a switch isn't nearly as secure from attack as actually using separate switches would be. Closed VLANs are slightly more secure than Open VLANs, but it may be that neither are secure enough for your needs.

Reply to
Jim Prescott

802.1Q VLANs _are_ port-based. Additionally, the VLAN for untagged frames may also be inferred from protocol type in the Ethertype or SNAP headers.

When the manufacturer of switch says it does 802.1Q VLANs, it is safe to assume they do port-based VLANs or they are in violation of the standard.

Anoop

Reply to
anoop

In article , Jim Prescott wrote: :I'm pretty sure that any switch that supports VLANs will support port :based VLANs. The other ways of assigning VLANs are more advanced :features and will require a higher-end switch.

Possible exception: Cisco Cat2900XL (or some model nearish there). There are a few old Cisco switch + software versions that support VLAN Trunking but not assignment of VLANs to ports. [I never did figure out what good this feature limitation would do you...]

But for anything built within recent years that supports VLANs, Yes, I too would -expect- port-based VLANs.

Reply to
Walter Roberson

snipped-for-privacy@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in news:dj0vbv$g7l$1 @canopus.cc.umanitoba.ca:

Thanks for clearing this up! That's the feature I want - Port-based VLANs rather than 802.1q VLANs.

It seeme that most makers only talk about 802.1Q VLANs and they rarely mention port-based VLANs. I guess it's such a standard feature that it's not worth mentioning?

In anycase, thanks for clarifying it for me!

Reply to
Lucas Tam

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.