I have all my IoT devices connected to IoT VLAN. I have all my computers and phones connected to Default VLAN. This separation is for security obviously as recommended. I have Network Isolation turned on for IoT VLAN so that devices on IoT VLAN couldn't access any devices outside that VLAN. And Default VLAN comes with Network Isolation disables, which in theory should allow it to connect to all IoT devices. However, this doesn't happen. I cannot access any of my IoT VLAN devices, unless I disable Network Isolation on IoT VLAN. But as soon as I do that all Default VLAN devices become immediately visible from any IoT VLAN Device. What am I doing wrong? Or how can I achieve the obvious security that I'd like to achieve without making it impossible to access any IoT devices from the non-IoT network?

Anyone any ideas or suggestions?

Hello@hajar1 And welcome to the NETGEAR Community! 🙂 In my perspective you are not doing anything wrong, the rule for Network Isolation is just implementing it's job. To clarify what is happening is that. If you can recall as you have mentioned, there should be no IoT devices be able to get out from it's VLAN. Now what is happening when you try to access them from your non IoT devices they would not respond as it's being blocked by the rule that nobody should be able to get out from it's VLAN. That is also why when you remove the Network Isolation everything will work fine. I believe only through access control list that you will be able to achieve your requirement. Please check page 59 to 63 from the link below to be guided about ACL: https://www.downloads.netgear.com/files/GDC/SXK50/SXK50_UM_EN.pdf Have a lovely day,ErwinNetgear Team

Thank you, Erwin. So does Netgear then have those access rules or other mechanism to achieve what I want? The way other routers isolate IoT Vlan is that you can access devices from outside of IoT VLan, but IoT Vlan devices cannot access any devices outside of the IoT Vlan. This is very simply achieved with a couple of Firewall rules. This type of isolation where IoT Vlan devices become completely inaccessible locally and are only accesible via Cloud is super inconvenient. Basically, I end up maintaining Wifi to IoT Vlan and Ethernet to Default VLan constantly completely defeating the point of IoT Vlan isolation as anyway have to be permanently exposed to it. Any suggestions how to fix this annoyance and inconvenient lack of firewall in such an expensive Pro device?

Cannot access my IoT VLAN from Default VLAN

13 Replies

hajar1
Guide
Jan 10, 2024
Anyone any ideas or suggestions?
- schumaku
  Guru - Experienced User
  Jan 10, 2024
  BruceGuo please
- ErwinL
  NETGEAR Moderator
  Jan 12, 2024
  Hello@hajar1
  And welcome to the NETGEAR Community! 🙂
  
  In my perspective you are not doing anything wrong, the rule for Network Isolation is just implementing it's job. To clarify what is happening is that. If you can recall as you have mentioned, there should be no IoT devices be able to get out from it's VLAN. Now what is happening when you try to access them from your non IoT devices they would not respond as it's being blocked by the rule that nobody should be able to get out from it's VLAN. That is also why when you remove the Network Isolation everything will work fine. I believe only through access control list that you will be able to achieve your requirement. Please check page 59 to 63 from the link below to be guided about ACL:
  
  https://www.downloads.netgear.com/files/GDC/SXK50/SXK50_UM_EN.pdf
  
  Have a lovely day,
  Erwin
  Netgear Team
  - hajar1
    Guide
    Jan 12, 2024
    Thank you, Erwin. So does Netgear then have those access rules or other mechanism to achieve what I want?
    
    The way other routers isolate IoT Vlan is that you can access devices from outside of IoT VLan, but IoT Vlan devices cannot access any devices outside of the IoT Vlan. This is very simply achieved with a couple of Firewall rules.
    
    This type of isolation where IoT Vlan devices become completely inaccessible locally and are only accesible via Cloud is super inconvenient. Basically, I end up maintaining Wifi to IoT Vlan and Ethernet to Default VLan constantly completely defeating the point of IoT Vlan isolation as anyway have to be permanently exposed to it.
    
    Any suggestions how to fix this annoyance and inconvenient lack of firewall in such an expensive Pro device?
- ErwinL
  NETGEAR Moderator
  Jan 23, 2024
  hajar1
  
  Were you able to check the manual I have provided? I believe it was mentioned there how you can allow or block devices from accessing the network using access list.
  
  Have a lovely day,
  
  Erwin
  
  Netgear Team
  - hajar1
    Guide
    Jan 23, 2024
    Yes I have and all it says that its either all blocked or all accessible. According to the manual there is no way to have Default VLAN access IoT VLAN but not vice versa. So it doesn’t solve my issue. So I am still looking for clever workarounds if anyone was able to find?
ErwinL
NETGEAR Moderator
Jan 24, 2024
hajar1

I see. If that will not work for your requirement. You might want to try putting a switch in between your router and devices that has access list feature like GS110TPv3. Try checking the documentation all about ACL on page 354 to 385 from the link below

https://www.downloads.netgear.com/files/GDC/GS108Tv3/GS108Tv3_GS110TPv3_GS110TPP_UM_EN.pdf

Have a lovely day,

Erwin

Netgear Team

Forum Discussion

Cannot access my IoT VLAN from Default VLAN

13 Replies

Related Content

Can't access routerlogin.net/routerlogin.com or default IP

Changing Default Network EX3700

Can't access & do reset to factory default

WAX620 login question: what's the default password?

problem in accessing default gateway

NETGEAR Academy

ProSupport for Business