NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Making a PC a member of more than one VLAN
I'm sorry to post this here as it should go in the enterprise forums. I am considering purchase of a GP724 switch and cannot get access to these forums until I purchase. Hence my general question on v...
- Think of it this way - you have two separate networks - completely separate - separate switches, separate servers, separate clients - two physically separate LANs.
Now put them on a single switch, separated logically into two virtual LANs - or VLANs.
If you need to communicate between the physically separate LANs, you need to link them with a router, with each LAN being connected to a different interface.
If you need to communicate between your two virtual LANs you need to link them with a router, either one with physically separate interfaces, or one that supports VLANs - this router can also be a "route switch", or layer 3 switch.
It's quite unusual to have a client system connected to two VLANs simultaneously, the norm would be to have it on one VLAN and access the other VLAN through the router linking the two - it is however possible to have a server connected that way, especially if you're running virtualization on that server.
You could configure a switch port as a trunk port or tagged port so that it passes the VLAN tags, but if the PC does not know how/what to do with the VLAN tags, it won't work.
If the Draytek supports four VLANs it will most likely allow interVLAN routing - and no the computers on the two VLANs will not see the printer and NAS on the router unless you specifically configure the network(s) to allow it.
I am not certain what is required for PCI compliance - you MAY need to run three VLANs - one with the shared devices (#1), one as the secure VLAN (#2), and one as wireless (#3), and permit communication between #1 & #2, and #1 & #3, whilst blocking communication between #2 & #3 - you WILL need to verify what is required, because it would theoretically possible for someone to gain access via wireless, and from there to the NAS, and if they knew what they were doing, manipulate the NAS to get access to the secure VLAN.
Security is not something that should be taken lightly.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
