Network setup assistance

Dashrender

I need to setup a network as seen below.

My question is - can the ER-X be setup in such a way to allow VLAN 200 to be tagged on the connection to the hospital, while the other ports (switch mode) are VLAN 200 native.

*note - the ER-X is the picture of a switch, because I'm basically using it as a switch, not as a firewall in this situation.
https://i.imgur.com/pqK1fgo.png

Dashrender

Option 2 (more work for me) is to use the ER-X as a firewall/router device and have the hospital connection NAT to an internal network.
https://i.imgur.com/14Ex9Y4.png

This is more work because there is already a network setup between the hospital and us, and our radiology equipment is on that network assigned by the hospital in the OP.
Using option 2 would require re-IPing all of my radiology equipment (not the easiest thing).

thwr

Why would one use an ER-X as a switch? It's a router.

What would you like to accomplish? Route between networks? Or do you want to work on L2 only?

Dashrender

@thwr said in Network setup assistance:

Why would one use an ER-X as a switch? It's a router.

Because it's hardware I already have. Granted, it's not the end of the world, I can ditch it if I must.

What would you like to accomplish? Route between networks? Or do you want to work on L2 only?

This is a great question. I suppose for security purposes I should protect my equipment from the hospital network. It just makes the setup a bit more complicated.

Dashrender

The connection to the hospital terminates in building 2, but the equipment that needs access to this is on the other end of a private fiber link in building 1. So I purchased a ER-X SFP for the side near the corporate firewall, and a ES SFP for the radiology side. The ER-X SFP was the least expensive way to get the fiber connections for the building 2 side.

thwr

@dashrender said in Network setup assistance:

@thwr said in Network setup assistance:

Why would one use an ER-X as a switch? It's a router.

Because it's hardware I already have. Granted, it's not the end of the world, I can ditch it if I must.

What would you like to accomplish? Route between networks? Or do you want to work on L2 only?

This is a great question. I suppose for security purposes I should protect my equipment from the hospital network. It just makes the setup a bit more complicated.

Not much. I would go for a routed network, your second picture.

thwr

@dashrender said in Network setup assistance:

The connection to the hospital terminates in building 2, but the equipment that needs access to this is on the other end of a private fiber link in building 1. So I purchased a ER-X SFP for the side near the corporate firewall, and a ES SFP for the radiology side. The ER-X SFP was the least expensive way to get the fiber connections for the building 2 side.

The equipment would be fine. A little benefit: You could run a VPN tunnel too to secure traffic, if that's a requirement.

Dashrender

@thwr said in Network setup assistance:

@dashrender said in Network setup assistance:

The connection to the hospital terminates in building 2, but the equipment that needs access to this is on the other end of a private fiber link in building 1. So I purchased a ER-X SFP for the side near the corporate firewall, and a ES SFP for the radiology side. The ER-X SFP was the least expensive way to get the fiber connections for the building 2 side.

The equipment would be fine. A little benefit: You could run a VPN tunnel too to secure traffic, if that's a requirement.

I suppose I could. It is provided by Cox, so it's like the NSA has taps in their DCs just like everywhere watching all traffic flowing.

thwr

@dashrender said in Network setup assistance:

@thwr said in Network setup assistance:

@dashrender said in Network setup assistance:

The connection to the hospital terminates in building 2, but the equipment that needs access to this is on the other end of a private fiber link in building 1. So I purchased a ER-X SFP for the side near the corporate firewall, and a ES SFP for the radiology side. The ER-X SFP was the least expensive way to get the fiber connections for the building 2 side.

The equipment would be fine. A little benefit: You could run a VPN tunnel too to secure traffic, if that's a requirement.

I suppose I could. It is provided by Cox, so it's like the NSA has taps in their DCs just like everywhere watching all traffic flowing.

They shouldn't be able to. Health data should be kept private.

Dashrender

@thwr said in Network setup assistance:

@dashrender said in Network setup assistance:

@thwr said in Network setup assistance:

@dashrender said in Network setup assistance:

The connection to the hospital terminates in building 2, but the equipment that needs access to this is on the other end of a private fiber link in building 1. So I purchased a ER-X SFP for the side near the corporate firewall, and a ES SFP for the radiology side. The ER-X SFP was the least expensive way to get the fiber connections for the building 2 side.

The equipment would be fine. A little benefit: You could run a VPN tunnel too to secure traffic, if that's a requirement.

I suppose I could. It is provided by Cox, so it's like the NSA has taps in their DCs just like everywhere watching all traffic flowing.

They shouldn't be able to. Health data should be kept private.

LOL - just like no one should have been looking at private data flowing between Google Datacenter just because it was flowing through AT&Ts DCs... but it was happening.

thwr

@dashrender said in Network setup assistance:

@thwr said in Network setup assistance:

@dashrender said in Network setup assistance:

@thwr said in Network setup assistance:

@dashrender said in Network setup assistance:

The connection to the hospital terminates in building 2, but the equipment that needs access to this is on the other end of a private fiber link in building 1. So I purchased a ER-X SFP for the side near the corporate firewall, and a ES SFP for the radiology side. The ER-X SFP was the least expensive way to get the fiber connections for the building 2 side.

The equipment would be fine. A little benefit: You could run a VPN tunnel too to secure traffic, if that's a requirement.

I suppose I could. It is provided by Cox, so it's like the NSA has taps in their DCs just like everywhere watching all traffic flowing.

They shouldn't be able to. Health data should be kept private.

LOL - just like no one should have been looking at private data flowing between Google Datacenter just because it was flowing through AT&Ts DCs... but it was happening.

Sadly, yes