Setting Up Vlans

I have a pc in my office connected to the corporate network and one connected to the machine network. I need internet access for the pc connected to the machine network so i was planning to install a second nic for internet access.The machine network pc will not be managed by IT so it will not be a member of the corporte domain/network so to speak.

IT will setup my machine network pc on a seperate vlan and pass all traffic from them through the firewall and on to the internet.So can i connect both pc in my office to a swich and use the same port that goes to the IT switch or do i have to run a different port? are vlans setup by ports on it switchs or just mac id? In other words can i have traffic from multiple vlans on one port?

The vlans that I've dealt with have always been port specific to the main intelligent switch. So the answer would be no, you can't have them plugged into the same port in your office.

It would seem like you are going to have three ports now in your office. One for the corporate network, one for the corporate vlan, and one for the machine network.

I found some documents on vlan tagging on cisco swithes that looks as if you can have multiple vlans on a single port but this may just be something that cisco has and i currently do not know what type of switches our IT dept uses.

Depends how IT sets up the network, and what the capabilities of your NIC are. There are 2 types of VLANing, Tagged and Untagged. If your NIC supports tagging, and the port on the switch is plugged into a port set up for tagging, then you can access 1,2,10,100 different networks depending on what VLANs that port has been allowed to. If your NIC does not support VLANs, then the port on the switch you are connected can "Tag" your packets, but this will only let you connect to that one VLAN.

learn something new everyday. I never knew it mattered with the nic.

Thanks

The relevant standard is called 802.1Q - VLAN tagging. Typically it's used for connections interconnecting switches/routers/both (a "trunk" in Cisco talk). It's also cool for virtual machines especially servers where you have fast, shared physical connections (1 Gig or 10Gig) to share. For your desktop, it may be possible, but I wouldn't recommend it unless IT implements it completely. Even so, I'd just go with a second NIC.

Also to note, trunks are a vulnerability to watch for, protect, and minimize from a security perspective.

Dunno if this is applicable, but it works for me when I have one computer that needs internet access on a company network while also it needs to talk to a machine network that is a completely different IP scheme.

http://www.plctalk.net/qanda/showpost.php?p=352440&postcount=22

That "might" be applicable...You can bind multiple IP addresses to a single adapter. This would work if there are different IP address schemes (layer 3) on the same physical switches, which is typically not a good idea. VLANs apply at layer 2, so ports on different VLANS appear as if they were separate physical switches. A professional implementation would separate VLANs and each would have corresponding IP schemes. You can mix it up, but it doesn't make sense.

Paul B said:

Dunno if this is applicable, but it works for me when I have one computer that needs internet access on a company network while also it needs to talk to a machine network that is a completely different IP scheme.

http://www.plctalk.net/qanda/showpost.php?p=352440&postcount=22

Click to expand...

The problems i have had in the past with dual nic or binding to a single nic were defining which applications go to each adapter.

How can you control which adapter or ip address a specific application uses. I know this is not a problem with most automation software but with other apps it uses the address or adapter that is highest on the list which can be viewed when doing an ip config. In the past i have had to change priority of a nic for one application then change it back. There must be a better way.

The situation you describe above wont be solved by using VLANs, because it essentially adds a NIC to your machine. If it doesnt work properly with 2 NICs on seperate lans, its wont work with 1 NIC connected to 2 seperate VLANs (which is the same as 2 NICs connected to 2 seperate LANs). The issue you are having sounds like a routing issue.

Agreed. You shouldn't ever have to "prioritize" NICs. It tries both initially and caches the path.

ghettofreeryder said:

The situation you describe above wont be solved by using VLANs, because it essentially adds a NIC to your machine. If it doesnt work properly with 2 NICs on seperate lans, its wont work with 1 NIC connected to 2 seperate VLANs (which is the same as 2 NICs connected to 2 seperate LANs). The issue you are having sounds like a routing issue.

Click to expand...

I think maybe i need to explain the issue a little better. An example is that i wanted to use some software to generate wake packets for WOL wake on lan on a pc with 2 nics and there is no way in this software as well as many others to designate which nic or network to use it simply uses the one with highest priority or highest on the list.

If you install vnc on the machine it will not work for both nics only the highest priority even though both nics or networks show up in vnc only the highest priority will respond.

With applications like linx you can designate which network or nic you are connecting to and connect to many but most applications do not work like that thus the need to change nic priority.

This is the only way i have been able to get these apps to work.

What am i missing guys? Is there an easier way to do this?

Bump

I think you can just change your interface metric. The one you want to talk to, set it to a lower number. Right click on the interface in the network config screen, click tcp/ip v4 > properties > advanced > uncheck automatic metric, and enter your desired number. Pick a number below 25 i think, but Im not sure. The lower the number, the higher priority the interface has.