NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Gs728TP VLAN Isolating a single port with only internet
Boot version: 2.0.0.11
Software version: 6.0.1.14
Port 9 Needs to be isolated from the network but also receive internet from port 24.
Ports 1-8,10-23 also need to receive internet from port 24.
I do not want port 9 to talk to any port other than 24.
Have been searching for solutions but most of the ones I find our Switch does not have the settings mentioned such as Private VLAN inside the Security>Traffic Control menu's.
If there is a solution do I need to move all normal ports out of the pre-baked VLAN 1?
If I remove them from VLAN 1 do I need to change the Port PVID Configuration from 1 in the Switching>VLAN menu?
The only thing really configured on this switch is that all ports were manually added to VLAN 2 as T (Tagged?) just through the Switching>VLAN>VLAN membership menu.
So create a new VLAN, remove port 9 from any other VLAN, put port 9 [U]ntagged including the same PVID, and make that new VLAN [T]agged on the uplink/router port. Ensure the sub-interface is also operating as tagged for that very same VLAN on the security appliance.
7 Replies
Here again, each 802.1q VLAN is dedicated network, has it's own dedicated broadcast domain, requires it's own IP subnet, so you require some routing (beyond of just the local switch scope), ...
The plan is when I actually have a way to plug this stuff into the switch configurations to split the networks, I am going to configure another sub-interface on the SonicWall Firewall that is plugged into the port 24. I will provide adressing and DHCP to port 9 and forward it to the main IP just like all other traffic is done on what will be the main VLAN. I just want to make sure on its way back and out it stays on its own port.
So create a new VLAN, remove port 9 from any other VLAN, put port 9 [U]ntagged including the same PVID, and make that new VLAN [T]agged on the uplink/router port. Ensure the sub-interface is also operating as tagged for that very same VLAN on the security appliance.
Images are not playing nice, The album preview is errors but the actual album on my profile is visible. But clicking the photos tab on reply posting is empty and unloaded images. Hope Imgur is not frowned upon. https://imgur.com/a/hf9yEbE
- Exactly, you managed it (don't forget to apply the change!) that easy it is. Good job!
The PVID defines the VLAN where untagged frames are assigned to. Similar, the [U]ntagged does define (don't overload - do it on just one) the VLAN where frames leaving the switch in that port will be untagged.
Double check the default VLAN isn't tagged or untagged on that port 9.
Inline images are under mandatory moderation, so a human has to review and release.Decided just to go for it during the workday. Worked like a charm, now Port 9 shows blank in its membership to VLAN 1. It is receiving a DHCP address from the Sonicwall, and is now logically seperated from the rest of the network only accessing the internet. Much appreciated.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
