I'm putting together a small active directory implementation for a buddy of mine. I currently have 2 servers (one is the primary domain controller) and a couple clients. I need to test and run updates on every machine on this domain, but I would have plug them into my current LIVE domain to get it internet access. From what I've read having two separate domains on a single subnet is a bad idea (even though it is temporary) so I don't want to risk messing anything up on my production domain.
I'm pretty sure I can create a separate VLAN on my extreme 48 port switch and plug this smaller domain into it on a different subnet, but I don't know the commands. Both subnets would need internet access of course (one of the things I can't wrap my head around is routing internet traffic between subnets (gateway is on production subnet).
Switch is a Summit x450e-48p
My production domain is on subnet 192.168.200.0.
My new domain I want to put online would go into subnet 192.168.10.0.
A shove in the right direction would be greatly appreciated. Thank you!
Best Answer
Some background information...
I think the thing you're missing is that a VLAN behaves exactly as if you got another switch. If you have ports 1-46 in the default VLAN (usually 1), and ports 47 and 48 in another VLAN (say, VLANID=2), it's exactly the same as if you had two completely separate switches, a 46 port and a 2 port.
So, if you want one switch to talk to the network on the other, you need to connect the two via a router.
The really powerful thing about VLANs is that you can have ports that are in multiple VLANs, via VLAN tagging. This causes all tagged packets to be specially formatted in such a way as that they include information on what VLAN the packet is in. You then configure the machines that are connected to this port so that it understands these tagged packets, usually by adding a virtual network interface for each VLAN. In Linux this would be done via the "vconfig" command (with helpers built into the network scripts to make this happen at boot time).
So, on these tagged ports, your machine connecting to it looks like it has a network interface for each VLAN it is connected to.
For example, at home I have a firewall with one physical network interface, that connects to a VLAN-aware switch. Because of this, I effectively have up to 23 network interfaces on this firewall (24 port switch). I only have it broken up into a few interfaces though: wired LAN, guest wireless, private wireless, VoIP phones, one for the cable modem and one for the DSL line.
Now, if your switch supports layer 3 routing, you can configure it to have IP addresses in both of these networks, and route traffic between them. In this case the switch is effectively in the multiple VLANs.