many VLANs (Virtual Local Area Networks)

Primary tabs


Three ethernet switches form the heart of the LIC data networks. This is a problem. The design of the LIC requires six switches, not three. This is shown in the firewall diagram.

These few switches pretend to be many switches by creating VLANs.

what it is

I got my lack of switches by buying ethernet switches that understand VLANs. A VLAN (Virtual Local Area Network) on each ethernet switch is a few interfaces that pretend they are one switch. One switch pretends to be two switches. I defined these VLANs.

LIC table: VLANs
name switch ports description
int2biz ces01 1-3 from the Internet to the biz01 network
dmz2biz ces01 4-6 from the Internet DMZ to the biz01 network
int2biz ces02 1-3 from the Internet to the biz02 network
dmz2biz ces02 4-6 from the Internet DMZ to the biz02 network
int2adm ces03 1-2 from the Internet DMZ to the adm01 network
ent2adm ces03 3-9 from the enterprise to the adm01 network

many switches in one VLAN

Two ethernet switches are in one LAN. The int2biz VLAN spans both ces01 and ces02. This is a way of making sure that the LAN still works if one of the switches goes up in flames. I only did this complicated stuff for business traffic; I didn't bother for the administrative LANs.

This is where the concept of the biz01 and biz02 networks starts to break down. The firewalls ifw01 and ifw02 are connected to both networks. The switches ces01 and ces02 are in the same LAN. It is not clear where one network starts and the other ends.

LIC topology: ethernet switches
VLAN switch
wireless router
ces01 (int2biz)
ces01 (dmz2biz)
ces02 (dmz2biz)
ces03 (ent2adm)
ces02 (int2biz)
ces03 (int2adm)

what it isn't

The VLAN idea was specified by IEEE 802.1Q. It describes how to separate traffic on a LAN by tagging the Ethernet frames. I don't use tagging in this design.