This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rafal_N
Contributor
‎2018-11-23 07:02 AM

1400 - VLAN trunk on LAN ports?

I can't find way how to configure multiple ports to that same VLANs. Is it possible?

I want to have two first ports configured for exmaple in vlan 2 and vlan 3.

10 Replies
PhoneBoy
Admin
Admin
‎2018-11-23 09:41 AM

In a VLAN trunk? Product does not currently allow this.

See related discussion here:

Redundant connection to switch with 802.1q tag based VLAN on 730

0 Kudos
Rafal_N
Contributor
‎2018-11-23 11:00 AM
In response to PhoneBoy

Thank you for your answer. I couldn't believe there isn't any workaround. I missed that discussion because there was something about bonding, lacp and rendundand connections etc and I was looking simple access switch feature.

Lets assume that on small remote office we have 4 users with 4 IP Phones. Normally on switch you configure every access port as unntaged for computers and tagged for Phones or on site where we have 2 Acess Points that have 2 ssid mapped to VLANs. In that cases we have to put switch and this is not cost effective. It is really strange limitation.

0 Kudos
18568
Collaborator
‎2018-11-24 02:49 AM
In response to Rafal_N

Normally on switch you configure every access port as unntaged for computers and tagged for Phones or on site where we have 2 Acess Points that have 2 ssid mapped to VLANs. In that cases we have to put switch and this is not cost effective. It is really strange limitation.

But a Checkpoint gateway is not a switch so it is an odd comparison. You can't have several Layer 3 interfaces in the same network (where would the packet be routed), it would be the same for any router for example.

0 Kudos
Rafal_N
Contributor
‎2018-11-24 02:52 PM
In response to 18568

Benjamin Carrier napisał(-a): 

But a Checkpoint gateway is not a switch so it is an odd comparison. 

For me it is not odd comparision, please take look in datasheet or in manual or any flayer where there is information about:

1430/1450 - LAN Switch 6x 10/100/1000Base-T RJ-45 ports

1470/1490 - LAN Switch 16x 10/100/1000Base-T RJ-45 ports (total)

Tell me what for are 16 ports on device 1470, adding PoE on few ports, adding spannig tree configuration if we have to think about 1400 series as ONLY gateway layer 3 not as switch also??

It won't be the same for any SMB router, check any model  form TP-Link to Cisco You would be suprise.

0 Kudos
18568
Collaborator
‎2018-11-24 02:58 PM
In response to Rafal_N

I missed that your question was for SMB appliances. I never used these but it looks like it is indeed a weird mix of router/firewall and switch.

HristoGrigorov
MVP Gold
MVP Gold
‎2018-11-24 08:48 PM

I am almost sure 1470/1490 SMBs does not have real LAN switch inside. It is like one hardware chip that is handling all LAN ports and another one for WAN/DMZ. Switching is mostly software based. I would really like to see test on 1470 switching capacity by the way Not that this is a limitation to do what you are asking for but just a thought on what device it is actually.   

I am myself using VLANs on our 1470s but that is because I am limited on number of ports on core switches. If not, I would drop the VLANs because that is causing a lot of slow-to-handle software interrupts on SMB with limited CPU support.

Narcisse
Explorer
‎2019-08-28 03:18 PM
In response to HristoGrigorov

Port aggregation+trunking?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-08-30 02:47 AM
In response to Narcisse

On 1400 ? See sk105380 - Check Point R77.20 for 600 / 700 /1100 / 1200R / 1400 Appliance Known Limitations

Blade / Feature Locally
managed		 Centrally
managed		 Comments
Bond / Link aggregated interface No No Refer to sk114217
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Rafal_N
Contributor
‎2019-09-30 01:03 PM
In response to G_W_Albrecht

I was not talking about Bond / Link aggregated interface.

Once again if you want to have two ports configured in that same way for example :

port 1 and 2:

vlan 1 untagged

vlan 2 tagged

You can't do that!

Administrator wanted to configure all LAN ports as follow: untagged Users vlan and tagged Voice vlan just not to worry about that phone should be only on that ports and computer on other. It standard set up on any switch or branch router but You cant do that on 1400 devices.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-09-30 01:36 PM
In response to Rafal_N

Nope you cannot, you would need to add port 1 and 2 to a switch and then you need add VLAN's to a switch, which is not possible on a 1400.
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events