NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

mxl160's avatar
mxl160
Follower
Jun 02, 2021

Simple VLAN Help

Hi all, I'll start by saying that I'm very new to this type of thing. I have a very simple home network and I just want to isolate 1 PC on a VLAN from everything else.

 

I have an R6700 router plugged into port 1 on a GS308e switch. I want to isolate port 4 on the switch on VLAN40 but still have internet access on all ports.

 

In 802.1Q Adavnced>VLAN Config, I have:

VLAN1: 1,2,3,5,6,7,8

VLAN40:1,4

 

VLAN Membership:

VLAN1: ALL ports = U except Port 4 =off

VLAN40: Port 1 = U, Port 4 = T, everything else = off

 

In Port PVID:

All ports are PVID = 1 except Port 4 where PVID = 40

In this config everything but the Port 4 has internet access

 

If I change PVID of Port 1 to PVID=40, Port 4 gets internet acess but nothing else.

 

I feel like I'm doing something drastically wrong but not sure what. I played with the tagging and untagging but didnt really get anywhere. Or I'm just fundamentilly not understanding the concept of tagged vs untagged.

 

Any help would be appreciated.

 

 

 

1 Reply

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Jun 05, 2021
    mxl160 wrote:

    I feel like I'm doing something drastically wrong but not sure what. I played with the tagging and untagging but didnt really get anywhere. Or I'm just fundamentilly not understanding the concept of tagged vs untagged.

    Neither. In a strict 802.1q VLAN, permitting a correct configuration*, each VLAN is a completley isolated network. *You can't have a port like #1 participating untagged in two different networks.

     

    There exist (at least in theory) some kind of so-called hybrid or asymmetrical VLAN. Netgear does not explicitly support it, and I'm not aware of a related KB entry. 

     

    You require three VLANs:

     

    • One spanning all ports untagged (e.g. VLAN 1),
    • one spanning all "normal" ports untagged (e.g VLAN 10, PVID 10), and
    • one spanning all "special or Internet-only" port(s) untagged (e.g. VLAN 20, PVID 20).
    • The router port has all three VLANs untagged, and PVID 1.

    Try at your own risk.

     

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More