NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Multiple Firewalls Configuration
I am trying to setup a multiple router configuration using an FVS2318N (firmware version: v4.3.5-3) and FVS318v3 (firmware version: v3.0_28) Firewalls to create two distinct networks both able to acc...
The IP and DNS server addresses were all 0.0.0.0.
Switching port 5 on the FVS318N back to the default VLAN assignment allowed my laptop to connect via ethernet to the Internet when connected to that port.
I realised that with DHCP disabled for the secondary VLAN the FVS318v3 was not getting a WAN IP address any DNS information.So, you are actually doing a port-based VLAN and the DHCP is disabled that is why the FVS318v3 is not receiving any IP from port 5. If port-based VLAN is being used, only the said VLAN address will passthrough. Default is same as Trunking in "Default VLAN" configuration.
What I also realised is all/any IP addresses assigned to VLANs on the FVS318N must be unique IP ranges and the IP ranges for any router attached to one/any of the FVS318N configured VLAN ports must also be a configured with separate unique IP range.
Well, it depends if you wanted to separate each port of the FVS318N.
Then for any router connecting to any of the VLAN ports (taking Port 5 as an example) the WAN and LAN should be configured as follows:
WAN configuration:
Does Your Internet Connection Require A Login? No | Internet IP Address : Get Dynamically From ISP (obtains the WAN IP Address : 192.168.5.2 & Gateway IP Address : 192.168.5.1) | Domain Name Server (DNS) Address : Get Automatically From ISP
LAN configuration:
LAN TCP/IP Setup : 192.168.15.1 | Subnet Mask : 255.255.255.0 | LAN IP Address Management : Use Router as DHCP Server (or 192.168.15.1) | DHCP Server Info - Starting IP Address : 192.168.15.201 Ending IP Address : 192.168.15.220 | Use These DNS Servers - Primary DNS Server : 192.168.15.1
Currently the FVS318v3 has following settings also configured under LAN IP Setup:
RIP Direction : None
RIP Version : Disabled
MTU Size - Custom : 1492
Are those settings correct? Do they need to be changed at all?
Have I understood correctly? If so, do the same principles apply to configure a 24-port VLAN enabled smart switch to, for example, create three sub-VLANs connected to Port 3 of the FVS318N?Yes, everything seems to be correct. If you will be connecting a VLAN switch, then the uplink port of the switch should be set to T and should be connected to a trunk port of the router.
e.g.
FVS318v3 has 3 VLANS.
VLAN 1 - 192.168.10.x
VLAN 2 - 192.168.20.x
VLAN 3 - 192.168.30.x
All VLANs are DHCP Enabled
Port 1 - Default - All VLANs can passthrough as it is set to Trunk
Port 2 - VLAN 2 - Only VLAN 2 will passthrough as it is set to port-based
Port 3 - VLAN 3 - Only VLAN 3 will passthrough as it is set to port-based
On this case, you can connect the switch to Port 1 of the router and set the uplink port of the switch as T or Tagged / Trunk. Just make sure that you also created the 3 VLANs in the switch. If there's any confusion just let me know.
If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
Hi JohnCarloV,
Thank you for the pointers. I followed what you requested.
The IP and DNS server addresses were all 0.0.0.0.
Switching port 5 on the FVS318N back to the default VLAN assignment allowed my laptop to connect via ethernet to the Internet when connected to that port.
I realised that with DHCP disabled for the secondary VLAN the FVS318v3 was not getting a WAN IP address any DNS information.
What I also realised is all/any IP addresses assigned to VLANs on the FVS318N must be unique IP ranges and the IP ranges for any router attached to one/any of the FVS318N configured VLAN ports must also be a configured with separate unique IP range.
Hopefully I've understood correctly now how the firewalls and VLANs need to be configured as I can now access the Internet from any port as expected. As an example for each of the ports on the FVS318N to be configured as separate VLANs the following VLAN configurations are required:
Port 1 : 192.168.1.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.1.2-10 | Primary & Secondary DNS Server : both blank | Enable DNS Proxy | Port 1 assigned to default
Port 2 : 192.168.2.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.2.2-10 | Primary DNS Server : 192.168.2.1 | Enable DNS Proxy | Port 2 assigned to VLAN2
Port 3 : 192.168.3.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.3.2-10 | Primary DNS Server : 192.168.3.1 | Enable DNS Proxy | Port 3 assigned to VLAN3
Port 4 : 192.168.4.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.4.2-10 | Primary DNS Server : 192.168.4.1 | Enable DNS Proxy | Port 4 assigned to VLAN4
Port 5 : 192.168.5.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.5.2-10 | Primary DNS Server : 192.168.5.1 | Enable DNS Proxy | Port 5 assigned to VLAN5
Port 6 : 192.168.6.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.6.2-10 | Primary DNS Server : 192.168.6.1 | Enable DNS Proxy | Port 6 assigned to VLAN6
Port 7 : 192.168.7.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.7.2-10 | Primary DNS Server : 192.168.7.1 | Enable DNS Proxy | Port 7 assigned to VLAN7
Port 8 : 192.168.8.1 | Subnet Mask : 255.255.255.0 | DCHP Enabled - Range : 192.168.8.2-10 | Primary DNS Server : 192.168.8.1 | Enable DNS Proxy | Port 8 assigned to VLAN8
Then for any router connecting to any of the VLAN ports (taking Port 5 as an example) the WAN and LAN should be configured as follows:
WAN configuration:
Does Your Internet Connection Require A Login? No | Internet IP Address : Get Dynamically From ISP (obtains the WAN IP Address : 192.168.5.2 & Gateway IP Address : 192.168.5.1) | Domain Name Server (DNS) Address : Get Automatically From ISP
LAN configuration:
LAN TCP/IP Setup : 192.168.15.1 | Subnet Mask : 255.255.255.0 | LAN IP Address Management : Use Router as DHCP Server (or 192.168.15.1) | DHCP Server Info - Starting IP Address : 192.168.15.201 Ending IP Address : 192.168.15.220 | Use These DNS Servers - Primary DNS Server : 192.168.15.1
Currently the FVS318v3 has following settings also configured under LAN IP Setup:
RIP Direction : None
RIP Version : Disabled
MTU Size - Custom : 1492
Are those settings correct? Do they need to be changed at all?
Have I understood correctly? If so, do the same principles apply to configure a 24-port VLAN enabled smart switch to, for example, create three sub-VLANs connected to Port 3 of the FVS318N?
Thanks again for all you help and patience.
The IP and DNS server addresses were all 0.0.0.0.
Switching port 5 on the FVS318N back to the default VLAN assignment allowed my laptop to connect via ethernet to the Internet when connected to that port.
I realised that with DHCP disabled for the secondary VLAN the FVS318v3 was not getting a WAN IP address any DNS information.
So, you are actually doing a port-based VLAN and the DHCP is disabled that is why the FVS318v3 is not receiving any IP from port 5. If port-based VLAN is being used, only the said VLAN address will passthrough. Default is same as Trunking in "Default VLAN" configuration.
What I also realised is all/any IP addresses assigned to VLANs on the FVS318N must be unique IP ranges and the IP ranges for any router attached to one/any of the FVS318N configured VLAN ports must also be a configured with separate unique IP range.
Well, it depends if you wanted to separate each port of the FVS318N.
Then for any router connecting to any of the VLAN ports (taking Port 5 as an example) the WAN and LAN should be configured as follows:
WAN configuration:
Does Your Internet Connection Require A Login? No | Internet IP Address : Get Dynamically From ISP (obtains the WAN IP Address : 192.168.5.2 & Gateway IP Address : 192.168.5.1) | Domain Name Server (DNS) Address : Get Automatically From ISP
LAN configuration:
LAN TCP/IP Setup : 192.168.15.1 | Subnet Mask : 255.255.255.0 | LAN IP Address Management : Use Router as DHCP Server (or 192.168.15.1) | DHCP Server Info - Starting IP Address : 192.168.15.201 Ending IP Address : 192.168.15.220 | Use These DNS Servers - Primary DNS Server : 192.168.15.1
Currently the FVS318v3 has following settings also configured under LAN IP Setup:
RIP Direction : None
RIP Version : Disabled
MTU Size - Custom : 1492
Are those settings correct? Do they need to be changed at all?
Have I understood correctly? If so, do the same principles apply to configure a 24-port VLAN enabled smart switch to, for example, create three sub-VLANs connected to Port 3 of the FVS318N?
Yes, everything seems to be correct. If you will be connecting a VLAN switch, then the uplink port of the switch should be set to T and should be connected to a trunk port of the router.
e.g.
FVS318v3 has 3 VLANS.
VLAN 1 - 192.168.10.x
VLAN 2 - 192.168.20.x
VLAN 3 - 192.168.30.x
All VLANs are DHCP Enabled
Port 1 - Default - All VLANs can passthrough as it is set to Trunk
Port 2 - VLAN 2 - Only VLAN 2 will passthrough as it is set to port-based
Port 3 - VLAN 3 - Only VLAN 3 will passthrough as it is set to port-based
On this case, you can connect the switch to Port 1 of the router and set the uplink port of the switch as T or Tagged / Trunk. Just make sure that you also created the 3 VLANs in the switch. If there's any confusion just let me know.
If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
Hi JohnCarloV,
Thanks you for all your assistance. Much appreciated.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
