Dividing the network into VLANs?

U

UBERZLO2019-10-28 22:13:41

Network administration

UBERZLO, 2019-10-28 22:13:41

Hello. Let's assume you have a D-LINK L3 managed switch.
A router for Internet distribution, a server with a local database and about 20 PCs are directly connected to it.
Tell me how to properly divide the network into VLANs so that all PCs have a connection with the server and each other, and PCs from 1 to 10 (and the server inclusive) also have Internet access?
There is such an assumption:
VLAN1: server, pc 1 to 10, pc 11 to 20, server
VLAN2: server, pc 1 to 10, internet.
Is there a place for this to be or is it nonsense?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

V

vreitech, 2019-10-28
@fzfx

VLAN10 R     01 02 03 04 05 06 07 08 09 10
VLAN20 R                                   11 12 13 14 15 16 17 18 19 20
VLAN99 R  S

and configure routing and/or firewall on the router in such a way that:
a) there is a connection between all three VLANs;
b) VLAN10 and VLAN99 could access the Internet, but VLAN20 could not.

K

Korben5E, 2019-10-29
@Korben5E

If this is the internal VLAN of the switch, then it works like that.
If VLAN in terms of labeling packages - then no.

R

ru6ak, 2019-10-29
@ru6ak

Rave.
You can of course create two VLANs with different networks. And for one network to make routing to the street, for the other not, but for organizing Internet access it is better to use other solutions than vlan and routing, and also set up ACLs for networks

A

Alexander, 2019-10-29
@Adorne

If you want routing directly on this D-Link, then you need to get ipifs for each VLAN (IP interfaces, if humanly). This is done by the team create ipif <name> <ipaddress> vlan <name>(if memory serves).
Well, I didn’t understand how you want to distribute the VLANs themselves. The main thing is that you know about the concepts of "tagged" and "untagged". Internet access to steer the firewall.