NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Budgie4
Sep 12, 2021Tutor
Configure vlan security Netgear GS728TPPv2 M4100-24PoE+
 I have run out of ports on my UTM which defines each subnet.  Is it possible to have two different subnets share a vLan.  My problem is that each subnet has several devices which have connections to ...
- Sep 13, 2021Hi Schumaku, OK, I take the point and of course can all be done on UTM. It was just me being strange and wanting to do all the Vlan work on the switch rather than UTM and looking at rather neat solution which might have improved my knowledge base. (I know, it is still rather low!). Will take the soft option and many thanks for your informative reply. If I get stuck I shall start a new thread so saying thanks again. Regards, Alastair 
schumaku
Sep 12, 2021Guru - Experienced User
Each network, each IP subnet, requires it's own VLAN. One VLAN with two or more IP subnets does not provide ANY security or segregating between the subnets.
Plain normal VLAN with an IP subnet each. Configured on a single or multiple UTM ports (with all tagged VLANs, or all VLANs tagged except of one which can be untagged - to achieve a trunk connection, with the very same config on both sides.
Two IP sunets on the very same account does come with many issues and limitations. For example, DHCP can only work on a single network, for a single IP subnet.
PVLANs are used by service providers allowing to have multiple customers with their very own private VLANs - complete different story and requirement.
Almost completely lost on whatever problem you seem to fight with whatever different OSes. A decent browser allows to create a (My)NETGEAR Account on https://www.netgear.com/mynetgear/register/register.aspx - some information is required, but no WiFI or whatever device. In fact NO Netgear device is required to create a (My)NETGER account. FMI: How do I create a MyNETGEAR account?
This registration issue reads to me at least as odd as the initial question with this wild idea having TWO subnets on ONE VLAN expecting any security and segregation between these two IP subnetworks.
Budgie4
Sep 13, 2021Tutor
Hi and thanks. I understand and my question has been confusing. What I was trying to do was create and work with a private vlan within the subnet defined by the primary vlan.
In my network all the heavy lifting for dhcp, dns etc is done in the UTM which defines and supports access point connections to the first switch. For operating and security reasons the network is divided into subnets and these support the vlans used in the Netgear switches. I have run out of ports on the UTM however it would be possible for me to combine the business on two of the present subnets onto just one subnet, subject to certain security issues. This would release a UTM port for another purpose.
What I had in mind was using a private vlan for a couple of machines which are to be separated from the remaining traffic on the subnet. I appreciate there are many ways to achieve this separation but PVlan seemed a rather neat way since it works at L2 and avoids all the rules based and filter solutions.
Can you help and advise please?
PS. Thanks for the links. It seems the Netgear website has changed very recently as there has been a significant change from my last visit. All the problems I had in the past are the result of the many scripts cookies and other promotional clutter. It seems slightly better now but it was impossible for a while to reset my pw. The website would not enable me to enter the second confirmation copy of the proposed new pw. No entry could be made on the second line. Seems to be fixed now.
- schumakuSep 13, 2021Guru - Experienced UserIf you can't manage this single UTM port (whatver UTM you talk of here) to be split into multiple VLAN to two or more networks (one untagged and same PVID, all others tagged, and then assign individual subnets - features decent UTM systems certainly allow - better stay far away from PVLAN, which are technically double tagged frames. Again, this PVLAN is done if service or cloud providers where customers can extend thier own VLANs over a trunk into into a data centre, and every customer can retain it's own VLAN numbering and design. Very uncommon fature on a UTM system btw. - Budgie4Sep 13, 2021TutorHi Schumaku, OK, I take the point and of course can all be done on UTM. It was just me being strange and wanting to do all the Vlan work on the switch rather than UTM and looking at rather neat solution which might have improved my knowledge base. (I know, it is still rather low!). Will take the soft option and many thanks for your informative reply. If I get stuck I shall start a new thread so saying thanks again. Regards, Alastair 
 
Related Content
NETGEAR Academy
 
 Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 
Join Us!
