[SunHELP] Re: VLAN in SUN FastEthernet
Saily Cedre
saily at etecsa.net
Wed Jul 16 15:35:02 CDT 2003
Ok, here is the graffic
INTERNET
|
_____|_____
| |
| SUN |
| FW-1 |
| |
|
SUN hme0-> |
__________________________________ Cisco Switch
|| || || || || || || ||
Hosts VLAN1 Hosts VLAN2 Hosts VLAN3
So, the only thing I need to know is if CheckPoint supports VLAN tagged
traffic.
Thanks a lot.
Saily.
----- Original Message -----
From: "Ido Dubrawsky" <ido at dubrawsky.org>
To: "Saily Cedre" <saily at etecsa.net>
Sent: Wednesday, July 16, 2003 3:23 PM
Subject: Re: VLAN in SUN FastEthernet
> On Wed, Jul 16, 2003 at 01:25:03PM -0400, Saily Cedre wrote:
> > Sorry, but I dont understand the answer.
> > I4m goin to explain all again , with more details (this is the first
time I
> > send messages to a this kind of list)
> >
> > I4ve got a Cisco switch that supports VLAN, a SUN Ultra SPARC with
Solaris
> > 2.6 and a Firewall CheckPoint.
> > I want to connect differents hosts to that switch, and I want to do
VLAN,
> > because those hosts will not belong to the same network.
> > The Firewall has to be part of those VLANs because I need to apply some
> > policies to protect those networks from Internet and from the others
VLANs.
> >
> > That4s why I need to know if the SUN4s FastEthernet (hme) can be used to
> > this proyect.
> >
> > Thanks again.
> > Saily.
> >
> Okay, so here is how I understand you:
>
>
> Sun UltraSPARC CheckPoint FW-1
> (Solaris 2.6)
>
> -------- --------
> | | | |
> | | | |
> -------- --------
> | |
> | | |------------------> Internet
> -------------------------------
> | Cisco Switch (VLAN capable)|
> -------------------------------
> | |
> | |
> -------- --------
> | | | |
> | | | |
> -------- --------
> Other Host #1 Other Host #2
>
>
> You want the Sun UltraSPARC and the other hosts to be on separate VLANs.
That's
> fine. You can do that through the Cisco Switch. Say you want the
following
> configuration:
>
> Host IP Address default gateway VLAN
> ------------------------------------------------------------------------
> Sun UltraSPARC 10.100.100.1 10.100.100.254 100
> Other Host #1 192.168.155.1 192.168.155.254 200
> Other Host #2 172.25.150.1 172.25.150.254 300
> CheckPoint Firewall-1 10.1.1.1 10.1.1.254 400
>
> That can all be done through the Cisco Switch. The end hosts do not need
to
> know anything about the VLANs because that occurs at Layer 2 of the OSI
stack.
> The thing you will need in order to have inter-vlan traffic passing from
one
> VLAN to another is a router that will understand 802.1q tagged traffic and
> will route packets between VLANs. Your original question of whether you
have
> to do something special on the Sun FastEthernet interface in order to get
it
> to participate in this setup is still the case. The answer is no. The
Sun
> box doesn't know anything about the VLANs. To it, the other VLANs look
like
> separate, physical LANs rather than VLANs. It needs to know the default
> gateway for its VLAN so that if it sends traffic to one of the "Other
Host"s
> it will send it to the default gateway (can be a router as I stated
earlier
> or it can be a VLAN aware firewall). I don't know if CheckPoint
FireWall-1
> supports VLAN tagged traffic, but if you wanted all of the traffic to be
> passed through the FW-1 box, you would need to specify it as the default
route
> for all of the VLANs and configure multiple IP addresses (each within the
range
> of IP addresses associated with the various VLANs) on it so that it is the
> default gateway for the VLANs. Given what you asked, I hope this helps
clear
> things up for you.
>
> Best Regards,
> Ido
> --
>
============================================================================
===
> Ido Dubrawsky E-mail: ido at dubrawsky.org
> Network Security Architect idubraws at cisco.com
> dubrawsky.org
> 500 Hermleigh Rd
> Silver Spring, MD. 20902
> (301) 651-5441 (cell)
>
============================================================================
===
More information about the SunHELP
mailing list