NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
VLAN Routing for Newbies
Howdy All,
I've recently decided to install a GS752 switch in our offices to segregate traffic to help with security. I've run into a problem that I'm hoping someone can help me with (to keep things simple I'll just go over what VLAN 1 and VLAN 10 look like):
VLAN1 - is fine. Systems attached get IP addresses from DHCP server, and can reach the internet.
All ports are Untagged "U" in the port membership image. (Port 1-10)
VLAN10 - doesn't work. No DHCP traffic through and no access to the internet even when using a static IP address in range.
All ports are Untagged "U" in the port membership image. (Port 1, 11-20)
My setup is:
Broadband Router -> Firewall -> GS752 -> VLANS as follow:
VLAN 1 - NAS, DNS Server, DHCP Server, Wifi APs
VLAN 10 - PCs
How do I allow DHCP and DNS to service VLAN1 and VLAN 10, as well others?
2 Replies
How do I allow DHCP and DNS to service VLAN1 and VLAN 10, as well others?
For DHCP, you need to set up a relay service. There is a guide (example) here:
Though the KB article is for different switches, you should see similar screens on the GS752 (they are there on the GS728).
Standard DNS doesn't use broadcast. so you wouldn't need a relay. Of course you do need to make sure packets on VLAN10 can be routed to the DNS IP address.
VLAN10 - doesn't work. No DHCP traffic through and no access to the internet even when using a static IP address in range.
Internet access should be working with a static IP, so something else is wrong. Is VLAN10 set up to reach the firewall?
Configuring IPv4 shortcut routing isn't more than enabling IPv4 routing in that switch class.
These switches with IPv4 routing enabled use a technique often referred to as "cut-through switching" or "hardware-based forwarding" to speed up IPv4 routing, which acts as a "shortcut" compared to traditional, software-based routing. This process is more accurately called multilayer switching or IP switching.
The need to define a Switched Virtual Interfaces (SVIs) for each of the VLANs and IP subnets attached that need to communicate, acting as their default gateways depends on the exact switch model and the effectively supported higher level routing protocols (like OSPF or RIP) or static routes to advertise reachability to other Layer 3 devices.
To my knowledge, these SVI config is mainly required on the Netgear Managed Switches, but often not on the Netgear Smart Managed Switches like the subject GS752 (unspecified model - and version, there exist about 15 or 20 different models) in absence of the support for other higher level routing protocols or subnet local SNMP for example.
Said that, systems on these IPv4 subnets will never "see" a dedicated default gateway like where SVIs are configured. This makes things very confusing for the devices on the subnet different from the management subnet - you can't quickly ping or thest the default gateway.
StephenB the router LAN IP does not need to be "reachable" in the VLAN 10 for shortcut routing, the switch does the routing over the switch management VLAN as configured. This is the only requirement.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
