NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Port Based VLANs not isolated
I
Hi,
I'm trying to configure port based vlan on netgear m4300 8x8f. According to this tutorial : https://kb.netgear.com/29997/How-to-create-Layer-2-VLANs-on-NETGEAR-ProSAFE-Switches, but there is no isolation between subnet.
Consider this graphics, with A = 192.168.2.X subnet, B = 192.168.4.X subnet and C = 192.168.5.X subnet :
I want two VLANs : VLAN2 = A + B and VLAN3 = A + C, and a trunk link between A and the switch. So, I've configure port 1/0/9 and 1/0/11 in VLAN2 (untag) and port 1/0/13 and 1/0/11 in VLAN2 (untag) with the VLAN membership menu. After that, I've configure PVID = 2 / Vlan tag = 2 for 1/0/9 and PVID = 3 / Vlan tag = 3 for 1/0/13. But i still ping C from B and i don't understand why ...
Any advises will be welcome.
Best regards
4 Replies
- It's unusual for VLANs to span multiple IP subnets. I'm guessing that you are trying to use VLANs to block traffic between the subnets. That may work from a Layer 2 perspective, but it can be completely undone by the router, which you haven't identified.
The router is where you need to implement policies to block inter-subnet traffic. Otherwise, a ping from B will go the router, which will happily forward it to C and back.- Even though your switch is a Layer 3 switch, AFAICT, no it has no way of isolating subnets beyond the simple act of putting them in separate VLANs.
Does your router support VLANs?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
