8 And Switch

The Test Center redefined an existing LAN to take advantage of VLANs for bandwidth and security purposes. The network, designed to approximate the kind of environment found in small businesses, consisted of several servers, desktops and laptops, all running either Microsoft Windows XP, Windows Vista or Debian Linux. The LAN included both wired and wireless networks. For this VLAN setup, Test Center staff used the NetGear Inc. Prosafe 48-Port Gigabit Stackable Smart Switch GS748TS. Here's how it should go:

Step 1: Design the VLAN on paper and assign ports For this step, Test Center staff conceptually laid out exactly what the network would consist of. Depending on usage, number of users and type of devices, the network design can vary in its level of complexity. For this setup, staff identified four different groups: the broadband connection, the wired network, wireless connectivity and an isolated testing network.

With the various groups identified, staff divided up the ports and assigned them to each group. To allow traffic to pass from one group to the other, or access the Internet, the broadband router had to be connected to a port that was a member of all of the VLANs. Port 1 was set aside to be part of VLAN1, VLAN2, VLAN3 and VLAN4 since that is where routers would go. Ports 2 to 7 also would be part of VLAN2 for other sources of broadband. The bulk of the ports, from ports 8 to 36, were allocated for the internal wired network, VLAN1. The wireless VLAN3 had ports 37 to 42. And finally, the design assigned VLAN4, the testing network, to ports 43 to 48.

Step 2: Set up the switch Test Center staff plugged a laptop directly into the switch and powered up both the switch and the laptop. Both the NetGear Smart Wizard Discovery program and the Web browser interface can be used to configure the switch. The Smart Wizard Discovery program can find all the switches on the network without using the IP address. The Web browser interface can be accessed from any location via the switch's IP address, supports password protection and allows more extensive configuration and backup of the settings. The switch has been preconfigured from the manufacturer with a default IP address of 192.168.0.239 and subnet mask of 255.255.255.0.

id
unit-1659132512259
type
Sponsored post

A static and valid IP address can be manually assigned to the switch using the Smart Wizard Discovery program. For networks with DHCP, the program can "discover" the switch and have the DHCP assign a dynamic address. After the switch has received a new address, clicking on Web Access from the program opens up the browser-based interface.

Test Center staff manually configured the laptop to be on the switch's default subnet and opened up the Web configuration tool. Changing the machine's subnet is necessary to access the Web configuration tool without using the Smart Wizard Discovery program. The default password is "password."

At this point, a better IP address that fits the rest of the network can be assigned. If a static address has already been assigned, there's no need to put in a new IP address. For security reasons, staff changed the password to the Web-based configuration.

Step 3: Create VLANs From the Web tool, there's a section in the left pane for VLAN. Click on Properties to open the VLAN Properties Page. All existing VLANs, the ID, name and type are listed in a table. There's also the option for deleting VLANs. Clicking on the button marked Add opens the Add VLAN Page where a number (for the ID) and a name (any text) is entered to create a new VLAN. This is done three times to create VLAN2, VLAN3 and VLAN4. VLAN1 comes in default.

Next: Step 4: Assign the ports Step 4: Assign the ports It's not enough to just create the VLAN. The switch needs the port assignments that had been made in the previous step. The information is entered via the VLAN Membership Page, accessible under VLAN | Membership link. The page shows a table with VLAN information and a schematic of all the ports on the switch. The boxes representing the ports are either blank or marked with a T or U. The T indicates the port is tagged with egress packets and is a member of a VLAN. All packets forwarded by the interface are tagged with VLAN information. The U indicates the port is untagged with egress packets and is an untagged VLAN member. Packets forwarded by the interface are untagged. A blank box indicates the port is not a member of any VLAN.

A tagged egress port means packets for any VLAN are sent out on this port. A special data bit accompanies the packet indicating which VLAN it is meant for. An untagged egress port means packets for a VLAN get sent out without this special tag data.

Step 5: Configure the ports Staff configured the PVID settings for each port. Each port is assigned to a default VLAN that an incoming untagged packet would be forwarded to. All ports must have a defined PVID; otherwise, the default VLAN PVID, VLAN1, is used. Basically, any incoming packet on a port would go to the other ports in that VLAN. Since port 1 is included in all VLANs, they all have access.

Step 6: Install the router The router that connects the LAN to the Internet is plugged into port 1. As a side note, there was no requirement to make port 1 the router's port. The router needed IEEE 802.1Q support installed so that it would be aware of the four VLANs. The router is configured to route packets between VLANs.

Step 7: Secure the network A firewall would protect the internal VLANs from the outside. The wireless access should have WPA security enabled. At this point, the network is up and running, passing information between and across the VLANs. If the machines have Gigabit cards inside, then the port will be working at Gigabit speed.

Step 8: Back up the configuration The configuration should be backed up in case of a future problem, or if another switch needs to be deployed with an identical configuration. Unlike many other Web-configured networking products, NetGear doesn't allow the configuration to be downloaded from the browser. The only way to get the configuration file is through a Trivia File Transfer Protocol (TFTP) server.

Under the File Management link on the left pane, there is an option to upload files. The File Management pane gives the option to either download new firmware to the switch or to upload the configuration file off the switch. You can select the configuration upload option and enter the IP address of the TFTP server. The switch uploads the configuration data and a copy of the firmware.

If there's any reason to think there is new firmware available, this page can be used to download it onto the switch. The firmware can be downloaded manually and installed using the Smart Wizard Discovery program. It can also be copied to the TFTP server, from where the Web tool can download and install from the File Management pane.

And that's it--the switch has been configured to treat the logical VLANs separately, and there are further monitoring options for anyone worried about how the VLANs are working.

Next: VLAN SWITCH AVAILABILITY VLAN SWITCH AVAILABILITY NetGear Inc., Santa Clara, Calif., is not the only choice for VLAN-capable switches. San Jose, Calif.-based Cisco Systems Inc.'s line of Catalyst switches and Santa Clara, Calif.-based Hewlett-Packard Co.'s ProCurve Networking product line also support VLANs.

NetGear's GS748TS is a stackable smart switch with 48-Gbit Ethernet ports and four SFP combo fiber ports. Two dedicated ports provide a 20-Gbps, dual-ring, stacking bus to allow up to six switches to be stacked, for a grand total of 288 available ports. The NetGear ProSafe switch includes a suite of robust security features, high quality of service and high availability. It also supports Access Control Lists, 802.1x port authentication, rate limiting and IGMP Snooping. All the devices connected to this switch (and all the stacked switches) can be managed from a single IP address through a comprehensive Web-based management interface.