NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How to use VLANs setup on SRX5308 based on ports used on GSS108E
I am not a networking guru so hoping for some direction. I think I know that this should work but I could totally be wrong as well.
We have a NetGear SRX5308 firewall that all our traffic goes through. On that I have 2 VLANs. 1 is our default which all our users are on. The other is a special VLAN I set up so that guests can get internet over a dedicated WiFi router but can't get on our actual network.
So I set the guest VLAN to one of the SRX ports and have a wifi in our conference room plugs into that port configured as an access point and it works great. People get the internet without getting our network when using that unprotected wifi. (FYI it's a old consumer grade router with no special abilities and isn't VLAN aware, so having the VLAN be a default for that port on the SRX makes it all work)
So now we want to add some stuff in our conference room that needs to get on our internal network. So I have a GSS108E that I was going to put down there between the SRX and the WiFi router so that I can have the wifi router still go to the guest VLAN and then other stuff plugged into the GSS go to our normal intranet. Assuming that is actually possible as I describe with this hardware, what am I configuring wrong?
Right now, if I plug a PC into the GSS108E ports 2, 3, or 4, I correctly get DHCP onto our internal VLAN and it works fine. If I plug that PC into ports 5,6,7, or 8 where I expect to get DHCP onto the second VLAN, I instead get a random seeming autoconfigured IP address (169.254.240.126) and no internet connectivity. This is with GSS108E port 1 plugged into SRX5308 port 1 which is set to default to VLAN 1 (internal) for non-VLAN aware hardware.
Here's some crude drawings to try and illustrate further.
currently working hardware layoutDesired hardware layoutVLANs config on SRX5308VLANs config on GSS108E
OK,
I decided if it isn't working, I might as well just start messing with settings and seeing if I stumble across anything. And I did.
Instead of port based VLAN on the switch (GSS108E), I had to enable Advanced 802.1Q VLAN settings. Then I put port 1 (which is the uplink to the firewall) into both VLANs on the switch and marked it for TAGGED traffic. Then the remaining ports I set to one VLAN or the other and set them for UNTAGGED traffic. And now it's working exactly right.
So now port 1 connects the whole switch to the firewall. Ports 2,3,4 give access to VLAN 1 only. Ports 5,6,7,8 give access to VLAN 2 only.
This is great! Pics below of the working config. Still wired as shown in my previous post.
2 Replies
Switch config looks OK to me.
Does this firewall handle both the default (untagged) VLAN 1 and the VLAN 2 (tagged) on the same port? The setting I see on the firewall does just configure the default untagged VLAN (PVID) for port 1..3, resp. port 4. Forgot about this tragedy firewall products (sorry), I suspect the port 1 does not work with tagged VLANs.
OK,
I decided if it isn't working, I might as well just start messing with settings and seeing if I stumble across anything. And I did.
Instead of port based VLAN on the switch (GSS108E), I had to enable Advanced 802.1Q VLAN settings. Then I put port 1 (which is the uplink to the firewall) into both VLANs on the switch and marked it for TAGGED traffic. Then the remaining ports I set to one VLAN or the other and set them for UNTAGGED traffic. And now it's working exactly right.
So now port 1 connects the whole switch to the firewall. Ports 2,3,4 give access to VLAN 1 only. Ports 5,6,7,8 give access to VLAN 2 only.
This is great! Pics below of the working config. Still wired as shown in my previous post.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
