Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Can I block anything on VLAN X from accessing the WAN/internet

ghstudio
Apprentice
Apprentice
‎2023-05-12 06:05 AM
‎2023-05-12 06:05 AM

Can I block anything on VLAN X from accessing the WAN/internet

I would like to set up my ORBI Pro 30 system so that any device connected with VLAN 99 can communicate with other devices on my network, but not have access to the internet.    Ideally, I'd like to be able to define which VLAN's have access to the internet and which don't.

 

Are there settings in the Orbi that would allow me to do this?

 

Alternatively, if an internet request comes from a device with VLAN 99, is the VLAN dropped before the request leaves on the WAN port....or could I put a managed switch between my Orbi Pro and my current router where I can filter and only pass VLAN 1 to the router.  I would set my current router to bridge mode and use the Orbi as my router to avoid double NAT.

Message 1 of 4
0 Kudos
Reply

Accepted Solutions
ghstudio
Apprentice
Apprentice
‎2023-05-18 05:40 AM
‎2023-05-18 05:40 AM

Re: Can I block anything on VLAN X from accessing the WAN/internet

The correct answer is....

 

1) set up the vlan with a unique range of addresses (eg: 192.168.30.2-254)

2) block all services for the range 192.168.30.2-254

3) in the VLAN section, uncheck network and device isolation for that VLAN

 

Devices on that VLAN can no longer get to the internet....however they can get to any other device on a vlan that doesn't isolate users or that network......eg. a device on VLAN 3 can now get to VLAN 1 but not to the internet

View solution in original post

Message 4 of 4
0 Kudos
Reply

All Replies
CrimpOn
Guru Guru
Guru
‎2023-05-17 11:36 AM
‎2023-05-17 11:36 AM

Re: Can I block anything on VLAN X from accessing the WAN/internet

Just to confirm the exact model is.... https://www.downloads.netgear.com/files/GDC/SXK30/SXK30_DS.pdf , correct?

 

VLAN is described starting on page 230 of the User Manual:

https://www.downloads.netgear.com/files/GDC/SXK30/SXK30_UM_EN.pdf 

 

VLAN is an internal concept.  Nothing sent out the WAN port will be "tagged" with a VLAN number.  There is no need to insert a managed switch to strip VLAN tags before they reach the router.

 

My sense is that the instructions on page 88 indicate that the procedure is to define the LAN port as a "Trunk" port and then specify what happens to each of the VLAN tags that arrive on that port.

 

There is a Community Forum specifically for the Pro product line.  People who watch that forum are more likely to be familiar with how VLANs work: (although it is not clear to me that much is "happening" on that forum)

https://community.netgear.com/t5/Orbi-Pro-Mesh-WiFi-Systems/bd-p/insider-business-orbi-pro 

Message 2 of 4
0 Kudos
Reply
ghstudio
Apprentice
Apprentice
‎2023-05-17 01:47 PM
‎2023-05-17 01:47 PM

Re: Can I block anything on VLAN X from accessing the WAN/internet

one would hope that you could set up a specific VLAN that only allowed LAN access......nothing on that LAN can reach the WAN.   That's what I'm trying to do.  I want an in house only VLAN

Message 3 of 4
0 Kudos
Reply
ghstudio
Apprentice
Apprentice
‎2023-05-18 05:40 AM
‎2023-05-18 05:40 AM

Re: Can I block anything on VLAN X from accessing the WAN/internet

The correct answer is....

 

1) set up the vlan with a unique range of addresses (eg: 192.168.30.2-254)

2) block all services for the range 192.168.30.2-254

3) in the VLAN section, uncheck network and device isolation for that VLAN

 

Devices on that VLAN can no longer get to the internet....however they can get to any other device on a vlan that doesn't isolate users or that network......eg. a device on VLAN 3 can now get to VLAN 1 but not to the internet

Message 4 of 4
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 3 replies
  • ‎2023-05-12 06:05 AM
  • 1098 views
  • 0 kudos
  • 2 in conversation
Announcements