NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
VLAN Internet Connection and Access To Another VLAN
Hello, This is my first time setting up VLANs and I need help. I have the following equipment and IP settings: M6100 Chassis with XCM8944 Managed Switch Firmware Version 11.0.0.18...
Hi hamajang,
Please add Named IP ACL such as:"VLAN_60" or special number IP ACL with "101-199" in Page (Security>ACL>Advanced>IP ACL)
Because only advanced ACL support extend rules to control destination IP address.It's my bad that missed this step.:smileyindifferent:
Hi Hamajang,
Welcome to NETGEAR community!:smileyhappy:
We had analyze your concern carefully so let me clear it for you.
For 1st question,
"I would like to connect a laptop to port 2 giving me a IP address with the range for VLAN 30 (19.67.30.xxx), be able to access the internet".
First of all, I want to to remaind you that the cable modem must support IP address NAT/PAT function to convert private IP address to public IP address.
A default route need to configure on M6100 that the destination next hop should be the cable modem.
Please Ignore above remaind if your IP address are all public for Internet or a firewall standready in your topology..:smileysurprised:
Let's begin my answer:
All the clients which need to access Internet should make the DNS server to 16.67.0.1(cable modem is the gateway)
In VLAN 1 ,
the GW and DNS(16.67.0.1.) will offer by DHCP pool but VLAN 30 will offer a wrong DNS (19.67.30.1).
So please modify the DNS server to 16.67.0.1 of every DHCP pool on all VLAN except 1.
For 2nd question, " be able to access resources in VLAN 10"
The Private VLAN function will help you to control VLAN communication which support on M6100 chassis switch.
Such as:
VLAN 1 -> primary VLAN, could connect to VLAN 2/3/4,clients could talk with each other in this VLAN.
VLAN 2 -> community VLAN,could connect to VLAN 1 and VLAN 3, clients could talk with each other in this VLAN.
VLAN 3 -> community VLAN,could connect to VLAN 1 and VLAN 2, clients could talk with each other in this VLAN.
VLAN 4 -> Isolated VLAN, could connect to VLAN1 only, clients can't communicate with each other in this VLAN.
There are also three port type to control VLAN communication:
•Promiscuous port. belongs to a primary VLAN and can communicate with all interfaces in the private VLAN, including other promiscuous ports, community ports, and isolated ports.
•Community ports. These ports can communicate with other community ports and promiscuous ports.
•Isolated ports. These can ONLY communicate with promiscuous ports.
Anyway please refer to M6100 manual as below for more details:
M6100 Software Administration Manual (Software Version 11.x)
-->page 54, private VLAN.
M6100 Command Line Interface (CLI) User Manual (Software Version 11.x)
Just remained that make the management connection alone to M6100 during this VLAN deploying.
Let us know if you have new concern.:smileyhappy:
Regards,
Daniel.
Hello Daniel,
Thank you for your reply. Thank you also for steering me in the correct path. I will be going on site to apply fixes later today. I will let you know how I do.
I also found this kb article: https://kb.netgear.com/app/answers/detail/a_id/30818
I will see what I can do with the existing router. Worst case, I will have to purchase a router which can handle the seperate VLANs I have created.
I will also attempt to use ACLs to allow/deny access to other VLANs as well as access to the internet.
Thanks again.
Hi hamajang,
It's good way to add new router about for the separate VLANs traffic forwarding.
And ACL will also make same function with private VLAN.
Look forward to your update:smileyhappy:
Regards,
Daniel.
HI Hamajang,
Totally agree with Daniel , the IP ACL are similar to a firewall rules, just wanted to share with you a good article about how you can implement it:
Hope that it helps!
Regards
Xavier Lleixa
NETGEAR CBU PLM
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
