General Networking/Lan/Wan/VLANs Port-Based Access

Advertisement


Question
I am trying to understand VLANs, but have a hard time seeing them in action.  I have no test equipment and we are planning a network overhaul.  So I have to theorize on a physical and logical layout and understand its implementation without having any testing equipment.

I understand that I need a router to tell one VLAN where another is, and how to talk to it.  I don't understand configuration that allows that to happen, nor have I found any examples.  We use Juniper for routing and HP for switching.  Though my understanding is that our new switch will have the capability to route for itself.

Now on to what really confuses me about networking.  VLANs, how do they actually work?  I have read article after article and they still confound me.  Since I work with HP switches, I use the U and T descriptors(though I don't understand them).

If I have 5 VLANs, 10, 20, 30, 40, and 50, and I set port 1 to the following:

10 U, 20 T, 30 T

Does that mean that any device that does not specify it's own VLAN will be tagged as VLAN 10, any traffic tagged as VLANs 20 or 30 will be allowed through, and traffic tagged VLANs 40 or 50 will be denied access when plugged in to port 1?  

Furthering this question, if I want a computer in VLAN 40 to access a computer in VLAN 20, does the port that each computer is plugged in to need to allow the other VLAN through?  For instance:

40 U, 20 T - For the VLAN 40 PC
20 U, 40 T - For the VLAN 20 PC

I appreciate any clarification you can make.

Thanks!
Jesse

Answer
It's been a few years since I've configured a VLAN on a router/switch.  I'd get my hands on something like a 1902 router (or what replaced it) and play with it.  

Is this accurate?
    " ... no test equipment and we are planning a network overhaul.  So I have to theorize on a physical
      and logical layout and understand its implementation without having any testing equipment."

Planning a rollout demands hands-on experience.  Simply "winging it" based on theory doesn't make sense to me.

- John

General Networking/Lan/Wan

All Answers


Answers by Expert:


Ask Experts

Volunteer


John Crout

Expertise

Can answer questions about Architecture, FedRamp, NIST requirements, and actor roles. Cannot answer questions that are platform-specific to Windows.

Experience

Securing systems since 1982. Tip: Switching from a system that is (statistically) more prevalent to one that is less prevalent will help. 15 years supporting small business use of Windows and Linux networks and systems. Development software. NIST Cloud Security Working Group Contributor.

Organizations
Information Systems Security Association, (ISC)2, ACM

Publications
www.nist.gov/itl/cloud/upload/SP_500_293_volumeII.pdf

Education/Credentials
MPH, BSEE

©2016 About.com. All rights reserved.