NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
hamajang
Nov 15, 2016Aspirant
VLAN Internet Connection and Access To Another VLAN
Hello, This is my first time setting up VLANs and I need help. I have the following equipment and IP settings: M6100 Chassis with XCM8944 Managed Switch Firmware Version 11.0.0.18...
- Nov 19, 2016
Hi hamajang,
Please add Named IP ACL such as:"VLAN_60" or special number IP ACL with "101-199" in Page (Security>ACL>Advanced>IP ACL)
Because only advanced ACL support extend rules to control destination IP address.It's my bad that missed this step.:smileyindifferent:
hamajang
Nov 16, 2016Aspirant
Hello Daniel,
Thank you for your reply. Thank you also for steering me in the correct path. I will be going on site to apply fixes later today. I will let you know how I do.
I also found this kb article: https://kb.netgear.com/app/answers/detail/a_id/30818
I will see what I can do with the existing router. Worst case, I will have to purchase a router which can handle the seperate VLANs I have created.
I will also attempt to use ACLs to allow/deny access to other VLANs as well as access to the internet.
Thanks again.
DanielZhang
Nov 17, 2016NETGEAR Expert
Hi hamajang,
It's good way to add new router about for the separate VLANs traffic forwarding.
And ACL will also make same function with private VLAN.
Look forward to your update:smileyhappy:
Regards,
Daniel.
- XavierLLNov 17, 2016NETGEAR Employee Retired
HI Hamajang,
Totally agree with Daniel , the IP ACL are similar to a firewall rules, just wanted to share with you a good article about how you can implement it:
Hope that it helps!
Regards
Xavier Lleixa
NETGEAR CBU PLM
- hamajangNov 18, 2016Aspirant
Great news
I was able to configure the router at the site. I now have internet access for all VLANs. Thank you for your advice.
Now to my other problem.
I basically want to allow VLAN 60 to access the internet only without having access to any other VLAN. Here is what I didn't tell you before.
I am using a WC7600 Access Point Controller along with WAC730 Access Points. I have unique SSIDs assigned to VLANs 40, 50 and 60, each with their respective IP ranges set in the M6100 switch. I plug an access point in to switch port 40 as an example. This port has been trunked. I connect to each SSID without any problems, each SSID has the correct IP and can connect to the internet. Each SSID can access printers on the LAN. It's a miracle I got that far :-)
I would like to prevent VLAN 60 from accessing any other VLANs and still access the internet. If I put an ACL on switch port 40, wouldn't that affect VLANs 40 and 50 as well? How do I apply an ACL to VLAN 60 only rather than a switch port? Or is there something else I have to configure on my VLAN 60?
Thanks again in advance for your help.
- XavierLLNov 18, 2016NETGEAR Employee Retired
Hi hamajang,
Good to know that VLANs are working fine in your deployment.
As you want to apply a filter between VLANs you can use our VLAN ACL Binding instead of a Port binding , you will find the option :
Security > ACL> Advanced > VLAN Binding Table
Please make sure that when you apply the VLAN you have a permit rule to the traffic that you want to allow to cross the VLANs.
Hope that helps
Regards
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!