NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

M4v3r1cK87's avatar
M4v3r1cK87
Aspirant
Jan 04, 2026

[MS108TUP] - Switching - VLAN and routing

Hello everyone, I've this network configuration:   Firewall --> MS108TUP --> Access Point Wifi The firewall and the AP is not a Netgear product.   I've a domotic house so I've decided to separa...
easy plus and smart
Installation
Multi-Gig
Troubleshooting
M4v3r1cK87's avatar
M4v3r1cK87
Aspirant
Jan 05, 2026

Hi schumaku​ 

I've configured the interface of the firewall as "VLAN" (not bridge), in this way the firewall create a new network with is own DHCP Server and subnet.

I think that all pass throught the firewall, because is the firewall that "generate" the VLAN.

 

So, if the devices take the IP from the firewall, why the traffic not pass throught it also in "intra-VLAN"?

schumaku's avatar
schumaku
Guru - Experienced User
Jan 05, 2026
M4v3r1cK87 wrote:

I've configured the interface of the firewall as "VLAN" (not bridge), in this way the firewall create a new network with is own DHCP Server and subnet.

I think that all pass through the firewall, because is the firewall that "generate" the VLAN.

 

Two VLANs, and both are in the same IP subnet - reads like an illegal config for your unknown firewall (make, model, firmware). or in fact for any common router in general.

 

Such a firewall should not accept such a configuration - regardless of a device with a security zone concept like e.g a ZyXEL - it can't deal with, since at the end of the day its a router and it can and will work as a basic router. So two IP networks with the same subnet and address range will never work...

 

 

 

  • StephenB's avatar
    StephenB
    Guru - Experienced User
    Jan 05, 2026
    schumaku wrote:

    So two IP networks with the same subnet and address range will never work...

    M4v3r1cK87​:  What you need to do is

    1. put all your IoT devices on a different VLAN from your "main" network devices
    2. use different subnets for the main network and the IoT network

    This won't isolate IoT (or main network) devices from each other, but it will ensure that all traffic going between the two networks runs through the firewall, 

    • M4v3r1cK87's avatar
      M4v3r1cK87
      Aspirant
      Jan 05, 2026

      Hello StephenB​ 

      It's already done, but my interesting is to isolate the traffic between devices in the same VLAN. Seems that I need to create a "bridge" interface.

      • StephenB's avatar
        StephenB
        Guru - Experienced User
        Jan 05, 2026
        M4v3r1cK87 wrote:

        Seems that I need to create a "bridge" interface.

        I don't see how that will help.

         

        You could try setting up the IoT VLAN as a private VLAN in the switch.  See page 168 in the manual.

        • https://www.downloads.netgear.com/files/GDC/MS108TUP/MS108TUP_UM_EN.pdf

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More