Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
VLAN's and ISA
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
VLAN's and ISA - 11.May2007 6:03:37 AM
|
|
|
JesusisLord
Posts: 62
Joined: 19.Aug.2006
Status: online
|
Dear All,
Just a quick question regarding VLAN's and physical interfaces. Say I wanted to create four VLAN's. would I be right in assuming that the four physical Interfaces on the ISA server, would need to be patched into the switch that supports VLAN's, and in order to make the VLAN, I would need to specify the physical port that one of the interfaces are pacthed into, and the other ports on the switch which I want in the VLAN to make the VLAN.
Then I'm assuming I would need the VLAN to point to the IP of the interface for it's gateway if that makes any sense.
So basically, first ten ports of the switch could be called VLAN 1, and one of the ISA interfaces will be patched into one of those ports. Say the ISA interface has an IP of 192.168.0.1, that VLAN's gateway would need to be 192.168.0.1 in order for the devices to only use that ISA interface.
I'm thinking of creating four VLAN's, one for Wireless AP's, one for Servers, one staff and one for students. If anyone has got any advice or see any problems in this i would appreciate it. I'm sort of thinking that for the servers and for the AP's I could do port based VLAN's but for the staff and students that might need to be done at IP or MAC layer, not sure really because the staff and students will be using the wireless AP.
I would be so grateful for some wise advice :)
Thank you ever so much,
JIL
|
|
|
|
|
RE: VLAN's and ISA - 23.May2007 10:50:03 AM
|
|
|
JesusisLord
Posts: 62
Joined: 19.Aug.2006
Status: online
|
Dear Tom,
I was thinking of keeping the ISA server with it's two nics, and then create the vlans on the layer 3 switch, but making the default gateway for all the VLANS the internal NIC of the ISA server, have u seen that config before? I spose if I do that, I won't be able to create a seperate network on the ISA server for my servers, unless of course I add a 3rd NIC in the ISA box, put it on a subnet, basically the same subnet of my VLAN for the servers and do it that way.
You said that ISA see's VLAN's as different NIC's, but does that mean I would need a physical nic for each VLAN? or does it do it logically, probably a stupid question but VLAN's with ISA is new to me :)
Kindest Regards
JIL
|
|
|
|
|
RE: VLAN's and ISA - 23.May2007 11:24:02 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi JIL,
When you enable VLAN tagging on the ISA Firewall's NIC(s), each VLAN will appear on the ISA Firewall as a different logical NIC. Each logical NIC will need to be on a different network ID, as the ISA Firewall makes its spoofing decisions based on the network ID of the NIC receiving the connection attempt.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
