NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How can I change the DMZ VLAN-ID from 4094 to any other, lower ID (e.g. 4093)
My router is on frrmware version 4.3.4-1 and I recently reactivated the DMZ. Next to the router I have a Netgear GS108PEv3-Switch (firmware 2.00.08) and in the following several Netgear GS108T (firmware 5.4.2.22) and a Planet GSD-800 Switch. On the last GS108T I have a Debian-Server and a ReadyNAS 310 which should be connected to the DMZ with always one of their LAN-Adapters
The router has (hard coded?) VLAN-ID 4094.
On the Netgear GS108PEv3 it is possible to setup a VLAN with ID 4094.
All other Netgear GS108T and the Planet GSD-800 are limited to VLAN IDs from 1 to 4093.
Is it possible to change the DMZ VLAN-ID on the Router? May be via telnet? Or does somebody of you have some other ideas/workarounds?
Thanks,
Worli
Hi Worli,
I believe it is by design that VLAN ID 4094 is reserved for the DMZ interface and it cannot be changed.
Regards,
DaneA
NETGEAR Community Team
5 Replies
Hi Worli,
I believe it is by design that VLAN ID 4094 is reserved for the DMZ interface and it cannot be changed.
Regards,
DaneA
NETGEAR Community Team
Hi Worli,
We’d greatly appreciate hearing your feedback letting us know if the information I’ve provided has helped resolve your concern or if you need further assistance. If ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution.
The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
DaneA
NETGEAR Community Team
Hi DaneA,
thank you for your fast reply and sorry for my late reply ... had to go for an unplanned business trip....
Sadly this is not a good news with the hardcoded 4094 on the router. I wanted to use the dedicated WAN-DMZ security features of the router which can be conifgured independently from the other LAN ports. And this in separate VLANs.
Since I am not a VLAN-specialist: Is it secure alternative to simply patch the activated DMZ to another port on the first switch with subnet 176.16..... (in parallel to the standard LAN 192.168... patched on another port on the first switch) and to configure the web-server with a 176.16-DMZ-address? So I have two LANs running on the same physical switches. How is it really from security perspective - compared to a VLAN which segments the network? Any risks which shoudl be considered? (Hopefully I described this comprehensively as "dangerous half-knowing IT guy", as I see myself. :smileyfrustrated: )
Hi Worli,
As I understand your concern, you still want to use the DMZ as part of the VLAN configured on the switches, am I correct? If ever I am correct, you may enable DMZ on the firewall and use it as part of VLAN 4094. Be reminded that enabling DMZ exposes the DMZ LAN to the internet.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
