NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

JCocivera's avatar
JCocivera
Aspirant
Jan 09, 2019
Solved

Stop communication between vlans

Hi there,   Recently started playing with vlans on my switch and figured out how to set up vlans and getting internet access on them.    My next step in learning about vlans is to not allow c...
Security
  • JCocivera's avatar
    JCocivera
    Jan 10, 2019

    The problem ended up being on my firewall/router. I had to deny access between vlans in my LAN zone. 

     

    For anyone with a Dell Sonicwall you can do this by:

     

    Go to Firewall > Access Rules > Go to the last rule in LAN > LAN and change Action from Allow to Deny. 

     

    Thanks for your help JohnCarloV. Figured out that my switch was not to blame. 

JohnC_V's avatar
JohnC_V
NETGEAR Employee Retired
Jan 10, 2019

Hi JCocivera,

 

Welcome to our community! :)

 

It seems that you were trying to separate your devices without any communication to each other. May I know if the VLANs that you created are working on the same subnet? May you be able to provide us some screenshots of your configuration so that we can further check?

 

I'm looking forward to your reply.

 

Regards,

  • JCocivera's avatar
    JCocivera
    Aspirant
    Jan 10, 2019

    John,

     

    Indeed! 

     

    They are on the same subnet. What kind of screenshots would you need? I've attached everything I can think of to screenshot. 

     

    IP of the default vlan is 10.0.0.1. 

     

    Thanks!

     

     

     

     

    • JohnC_V's avatar
      JohnC_V
      NETGEAR Employee Retired
      Jan 10, 2019

      JCocivera,

       

      As per checking the screenshot, you have enabled VLAN routing, you don't need to enable it unless you wanted the VLANs to communicate with each other. Also, do you have a VLAN capable router? It seems that the other ports were assigned as T or Tagged. If you have a VLAN capable router, then the IP address of VLAN 10 should be different. You just need to create a DHCP server for your VLAN 10.

       

      If you want to assign a port to be a member of VLAN 10, the PVID should also be included. If the device is a VLAN aware(like VoIP, L2 Switches, Routers, etc.), you just need to put a T or Tagged on the specific port and leave the PVID to default. But if the device is just a non-VLAN aware(like PC, Scanners, Printers, Hub, etc.), then you just need to assign the port to U or Untagged and assign the PVID to its corresponding VLAN.

       

      e.g.

       

      VLAN router is connected to Port 1 of the switch

      VLAN 10 - Port 1 - T - PVID 1(default)

       

      PC needs to be on VLAN 10 - port 30

      VLAN 10 - Port 30 - U - PVID 10

       

      PC will be receiving an IP from VLAN 10.

       

      If you have questions, please let me know.

       

      Regards,

       

       

       

      • JCocivera's avatar
        JCocivera
        Aspirant
        Jan 10, 2019

        John,

         

        I've disabled vlan routing (I thought I needed it for the vlan to work... oops!) however, I can still access my servers via IP (servers on vlan1 and computer on vlan10).

         

        I do have a vlan capable router and the IP address of vlan10 is different (10.0.10.1 instead of 10.0.0.1) and I have also created a DHCP server for vlan10.

         

        I have also set up my PVID settings like you have mentioned.

         

        Any other ideas or maybe am I misunderstanding what you are saying? 

         

        Thanks! 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More