Configuring a switch with WAN and LAN

networking switch hp-procurve

Solution 1:

Does my question itself indicate I am missing some key concept here?

Yes. You are dealing with a switch: it's not a router. You can use a L2 which for

  • a private network
  • a public network
  • both, using VLANs.

A L3 switch like HP Procurve 8212 is additionally capable to

  • route between private networks
  • route between public networks.

But you can't use it as a gateway here, as it wouldn't do network address translation (NAT) between public and private networks. Your router is supposed to do that.

Solution 2:

Networking is generally approached in terms of "layers". Each layer builds on the last.

Wires move electricity around; this is called layer 1, or the "physical" layer. This is stuff you can touch with your fingers.

Switches move Ethernet frames around; this is called layer 2, or the "data link" layer. This layer knows nothing of IP addresses or routers. (More recently, this is a "layer 2 switch".)

Routers move IP packets around, this is called layer 3, or the "network" layer. A gateway is another term for a router. (More recently, "layer 3 switch" became another term for a router. It gets confusing.)

Very loosely speaking, you can think of Ethernet cables as roads, Ethernet frames as vehicles on those roads, and switches as intersections with traffic signals. IP packets would be cargo inside the vehicles, and routers would be the shipping manifests. Switches and frames (vehicles and roads and traffic lights) go together, but the cargo and the manifests are outside of the scope of the people designing the roads. (This is not a perfect analogy.)

Nominally, switches (layer 2 switches) are completely unaware of the network/IP layer. One only needs to assign an IP address to a switch (layer 2 switch) to manage it. Cheaper switches are not managed, and will not have an IP address associated with them at all.

Conceptually, think of a managed switch (layer 2 switch) is a layer 2 device with an itty-bitty computer inside it. The switch part moves frames aroumd; the computer is used for management, and is plugged into an internal switch port using an itty-bitty Ethernet cable. (This is not a perfect analogy.)

It's not clear what the gateway/router your ISP gave you looks like, i.e., physical ports, and IP address configuration. They may be doing routing on the gateway, they may be doing NAT, too; or both, or neither. So I can't speak to that very well.

If you have public, routable IP address on an Ethernet port on the gateway, as provisioned by your ISP, then you have a tiny corner of the Internet you can put whatever you want on. That might well be something you put in one VLAN on the switch.

You then will likely want a firewall somewhere, likely with NAT, for your private network. That model switch does have some basic routing capabilites (layer 3 switch), but I believe it lacks even NAT capability, and certainly has nothing I would trust as a firewall.

So typically you would get another device to act as a firewall, and plug that into the switch. You would put both the gateway/router and the firewall both on the same public/WAN/whatever VLAN, and assign the firewall a public IP address on that VLAN.

Then you would make another connection between the firewall and switch, for the segregated private/local/whatever VLAN. This could be with a second cable and switch port, or, if the firewall supports it, you can put all the VLANs on one cable to the firewall (sometimes called "router on a stick").

If you need more specific answers, please ask more specific questions. :-)

Solution 3:

What you're missing is a NAT-capable gateway/firewall. You want a server with multiple network ports running something like pfsense or Untangle, an appliance like a Watchguard or Sonicwall, or a real router like an HP MSR-50 or Cisco ISR.

Once you have that, you setup one interface on your new router/firewall with an external address from your ISP, connect it to your ISP modem, and setup NAT on the connection. Then you can assign internal addresses to your switch and another port on the firewall, and connect the two. When setting up the rest of your network, have your dhcp server hand out the firewall's internal address as the default gateway.

If multiple vlans are involved, you need to decide whether the firewall or the switch will handle inter-vlan traffic. That will determine whether you need additional (possibly virtual) interfaces on the firewall (that are also configured on that switch port), as well as what the dhcp server hands out for the router/default gateway address, and other configuration items in the switch.

Related

Finding hosting provider, basic criteria?
Mystery stack traces in /var/log/messages
SQL authentication not authenticating in MS SQL Server 2008
EC2 instance store cloning or to ebs via gui management console
Apache Canonical Rewrite with Passenger (mod_rails)
rsyslog from Heroku drain creates empty log files
Install Google tracking, apache level
Nginx redirect failure for icingaweb2
Running root script upon ssh'ing as a particular user, but not upon standard login
Text editor to search/replace newlines and tabs
Stop macOS VNC server from rendering remote mouse pointer
Time Machine backups to Time Capsule use internet data. How to stop this?