NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RDP over Difrerent VLAN issue
I have SXK80 with 2 Sattelites
my configuration is as follows regarding VLAN:
Computer A is on VLAN "O20" with Client Isolation Enabled and Network Isolation Enabled
Computer B is on VLAN "O30" with Client Isolation Disabled and Network Isolation Diabled
Why can i not RDP from Computer B to Computer A?
I thought having network isolation off on VLAN O30 would mean that it can talk to other VLANs?
I also tried as a test disabling the Network Isolation on VLAN 020 and still cannot RDP
Any help or guidance appreciated
thanks
9 Replies
Can you ping? I want to know when RDP is failed, does "ping" fail as well.
Hey Bruce
I cannot Ping the machine
Heres simplified setup:
Port 1 = Connected to ISP Modem = VLAN ID 1 (Trunk Mode)
Port 2 = Connected to an unmanaged 4 port Switch = VLAN ID 2 (Trunk Mode)
Port 3 = Connected to PC 1 = VLAN ID 3 (Access Mode) Client Isolation=On Network Isolation=On
Port 4 = Connected to PC 2 = VLAN ID 4 (Access Mode) Client Isolation=Off Network Isolation=OffFrom PC 2 I want to able to RDP to PC 1. As i understand Network Isolation is off on VLAN 4, so should be able to connect to VLAN 3?
I have RDP enabled on PC 1. Not sure what else i can check?
If you have separate VLANs, then you need configure static routes.
In SRK80, the solution will be to enable different wireless on same VLAN and enable client isolation for rest of the devices, with just these two clients allowed to communicate.
We will be adding mDNS gateway that will allow some know protocols to be routed across VLANs.
Please reach out to BruceGuo via messaging to get a pre-release firmware if you want to try it out.
I thought having Network Isolation on VLAN3 means it cannot communitcate out to other VLANs?
=> Ans: Yesso in a scenario where VLAN3 was compromised, it cannot infect other VLANs.? same goes with Client Isolation, if enabled it cannot infect other client within the same VLAN
=> Ans: YesHaving VLAN4 Netowrk Isolation off mean it should be able to talk to other VLANs in this case VLAN3
=> Ans: No. It means other VLANs can talk to VLAN4
So having disabled the Cliant Isolation and Netowrk Isolation OFF on VLAN 3 and also on VLAN 4 allows me to RDP between PC 2 to PC 1. But doesnt this defeat the purpose of VLAN as now the network communcication between both VLANs are now open?
If one VLAN was compromised, the other VLAN surely will get infected?
=> Ans: Let me explain more. The desing of VLAN is to separate broadcast domain. Layer 2 packets will be only active in within a VLAN. So, if a PC is comprised and then it is flooding,
other VLANs would not be impacted. But, it doens't prevent layer 3 attacks. The infected PC can still communicate across VLANs via https, smtp, etc. The design of network isolation enhances the security. It "compeletely" isolates inter-VLAN traffic.Why can i not only enable RDP ports between the 2 VLANs so not everything is exposed?
=> Ans: we don't have this feature now. The design will be more complicated. The can be future work and will forward to PLM to decide when we can implement it.Hi BruceGuo
Thanks for the explanations and gives a good understanding around how the Orbi Network Isolation works
I would be really intrested in seeing inter-vlan integration. being a £1k device, its very similar to my previous home user router which was around £100 and yes the Orbi has some nice advantages, but not feature rich which im still yet to see. comparing to somthing like Asus home router which has a whole vast of settings, i would expect this to be better. Performance wise i cant fault the Orbi, but really like to see what more can the Orbi offer.
Is there a beta version of firmware to be released with other tweaks and enhancements? when do major firmware updates are released?
Thanks
We have been releasing almost every 3 months for SXK80 with some new features and some enhancements to existing features.
If you need new features implemented. Please post it here and you can cross link to other threads too.
https://community.netgear.com/t5/Idea-Exchange-For-Business/idb-p/idea-exchange-for-business
Getting UpVotes to new ideas on this forum will catch the eyes of the PLMs.
Please keep your ideas coming in. cross vote for other people ideas that will help general deployments.
Thank you,
Engineer.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
