Jump to content

New managed switch. Now what?

Reece Pounder
By Reece Pounder
in Networking
 Share
Go to solution Solved by mynameisjuan,

Start with the basics with VLANs, native VLANs, SVI (VLAN interface). These will get you familiar with the switch and you can use them to separate your test devices from the firewall. 

 

If you are getting into security, move to L2 security. MACSEC, 802.1x, STP, BDPU guard, root guard, stormcontrol. All L2 best practice security protocols used in production.

Posted
  • Solution

Start with the basics with VLANs, native VLANs, SVI (VLAN interface). These will get you familiar with the switch and you can use them to separate your test devices from the firewall. 

 

If you are getting into security, move to L2 security. MACSEC, 802.1x, STP, BDPU guard, root guard, stormcontrol. All L2 best practice security protocols used in production.

Link to post
Share on other sites
Posted
20 minutes ago, Reece Pounder said:

For now, would a VLAN suffice to separate our network from the organizational systems?

Yes its will. Please note that when you create your own VLAN for your purpose and its not trunked back to the firewall, devices will have no connectivity to the outside world. 

 

20 minutes ago, Reece Pounder said:

And, how would DHCP leases work in that case

This is where SVIs or VLAN interfaces (whatever HP refers to them as) come in. You can configure DHCP on the switch and that SVI will be used to respond to the DHCP request.

 

20 minutes ago, Reece Pounder said:

switch route packets in the same VLAN directly

VLANs are layer 2, they are as their name implies, virtual lans. Devices in the same subnet and VLAN talk to each other directly via switching, routing is never involved. You only need to route when you need reach a device in a different subnet. If you want routing, this is where the SVIs again come into play or if you trunk the VLAN back to the firewall which in your scenario is highly advised against doing.

Link to post
Share on other sites
Posted
1 minute ago, Reece Pounder said:

So, what's the deal with subnets?

In a nutshell, subnets are a range of IPs considered to be within the same network. Devices within the network can communicate directly with each other. 

 

Like you mentioned, take 192.168.1.0/24 as an example. 192.168.1.0 is the network and the /24 is the subnet mask, AKA, the size/range of the subnet. That would mean 192.168.1.0 - 192.168.1.255 is the entire network range. All devices within that IP range are on the same subnet and talk directly with each other.

 

7 minutes ago, Reece Pounder said:

If I setup SVIs or whatever they're called, would IP conflicts be an issue?

As long as the VLAN exist only on that switch and is not trunked into the network, IP conflicts will not be a thing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×