NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Stop communication between vlans
Hi there,
Recently started playing with vlans on my switch and figured out how to set up vlans and getting internet access on them.
My next step in learning about vlans is to not allow communcation between them.
Right now I have 2 vlans (The default vlan and vlan10 that I made) and in the default vlan I can access my servers and other computers on that vlan (which is what I want). On vlan10 you cannot access servers by directly connecting to them with their name however, if I type in the IP address of the server or computer I am able to communicate with the device. Is there a way to stop this?
Thanks for any help,
Joey
The problem ended up being on my firewall/router. I had to deny access between vlans in my LAN zone.
For anyone with a Dell Sonicwall you can do this by:
Go to Firewall > Access Rules > Go to the last rule in LAN > LAN and change Action from Allow to Deny.
Thanks for your help JohnCarloV. Figured out that my switch was not to blame.
6 Replies
Hi JCocivera,
Welcome to our community! :)
It seems that you were trying to separate your devices without any communication to each other. May I know if the VLANs that you created are working on the same subnet? May you be able to provide us some screenshots of your configuration so that we can further check?
I'm looking forward to your reply.
Regards,
John,
Indeed!
They are on the same subnet. What kind of screenshots would you need? I've attached everything I can think of to screenshot.
IP of the default vlan is 10.0.0.1.
Thanks!
As per checking the screenshot, you have enabled VLAN routing, you don't need to enable it unless you wanted the VLANs to communicate with each other. Also, do you have a VLAN capable router? It seems that the other ports were assigned as T or Tagged. If you have a VLAN capable router, then the IP address of VLAN 10 should be different. You just need to create a DHCP server for your VLAN 10.
If you want to assign a port to be a member of VLAN 10, the PVID should also be included. If the device is a VLAN aware(like VoIP, L2 Switches, Routers, etc.), you just need to put a T or Tagged on the specific port and leave the PVID to default. But if the device is just a non-VLAN aware(like PC, Scanners, Printers, Hub, etc.), then you just need to assign the port to U or Untagged and assign the PVID to its corresponding VLAN.
e.g.
VLAN router is connected to Port 1 of the switch
VLAN 10 - Port 1 - T - PVID 1(default)
PC needs to be on VLAN 10 - port 30
VLAN 10 - Port 30 - U - PVID 10
PC will be receiving an IP from VLAN 10.
If you have questions, please let me know.
Regards,
The problem ended up being on my firewall/router. I had to deny access between vlans in my LAN zone.
For anyone with a Dell Sonicwall you can do this by:
Go to Firewall > Access Rules > Go to the last rule in LAN > LAN and change Action from Allow to Deny.
Thanks for your help JohnCarloV. Figured out that my switch was not to blame.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
