× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Re: Configure vlan security Netgear GS728TPPv2 M4100-24PoE+

Budgie4
Tutor

Configure vlan security Netgear GS728TPPv2 M4100-24PoE+

I have run out of ports on my UTM which defines each subnet.  Is it possible to have two different subnets share a vLan.

My problem is that each subnet has several devices which have connections to the WAN and I need to keep the subnets separate for security reasons.

 

A supplementary question concerns this website.  It has taken me 40 minutes and a change of operating system and pw to log in here.  There are serious issues for me in being able to log in.  I had to try 4 times on different operating systems and then once logged in I have to get past the mandatory starting with a wifi device which seems to be the default assumption.  How may I get to this forum without jumping through all the hurdles please?  

 

Message 1 of 6

Accepted Solutions
Budgie4
Tutor

Re: Configure vlan security Netgear GS728TPPv2 M4100-24PoE+

Hi Schumaku,

OK, I take the point and of course can all be done on UTM.  It was just me being strange and wanting to do all the Vlan work on the switch rather than UTM and looking at rather neat solution which might have improved my knowledge base.  (I know, it is still rather low!).

 

Will take the soft option and many thanks for your informative reply. 

If I get stuck I shall start a new thread so saying thanks again.

Regards,

Alastair

View solution in original post

Message 6 of 6

All Replies
Budgie4
Tutor

Re: Configure vlan security Netgear GS728TPPv2 M4100-24PoE+

On further examination of my problem I think one solution would be to use PVlan to form an effective subnet within the existing subnet.  Having read the manual I believe there are some issues concerning the order and sequence for creating the PVlan and group.  Is there a guide available please?

Message 2 of 6
schumaku
Guru

Re: Configure vlan security Netgear GS728TPPv2 M4100-24PoE+

Each network, each IP subnet, requires it's own VLAN. One VLAN with two or more IP subnets does not provide ANY security or segregating between the subnets. 

 

Plain normal VLAN with an IP subnet each. Configured on a single or multiple UTM ports (with all tagged VLANs, or all VLANs tagged except of one which can be untagged - to achieve a trunk connection, with the very same config on both sides.  

 

Two IP sunets on the very same account does come with many issues and limitations. For example, DHCP can only work on a single network, for a single IP subnet.

 

PVLANs are used by service providers allowing to have multiple customers with their very own private VLANs - complete different story and requirement.

 

Almost completely lost on whatever problem you seem to fight with whatever different OSes. A decent browser allows to create a (My)NETGEAR Account on https://www.netgear.com/mynetgear/register/register.aspx - some information is required, but no WiFI or whatever device. In fact NO Netgear device is required to create a (My)NETGER account. FMI: How do I create a MyNETGEAR account? 

 

This registration issue reads to me at least as odd as the initial question with this wild idea having TWO subnets on ONE VLAN expecting any security and segregation between these two IP subnetworks.   

 

 

 

 

Message 3 of 6
Budgie4
Tutor

Re: Configure vlan security Netgear GS728TPPv2 M4100-24PoE+

Hi and thanks.  I understand and my question has been confusing.  What I was trying to do was create and work with a private vlan within the subnet defined by the primary vlan.  

 

In my network all the heavy lifting for dhcp, dns etc is done in the UTM which defines and supports access point connections to the first switch.  For operating and security reasons the network is divided into subnets and these support the vlans used in the Netgear switches.   I have run out of ports on the UTM however it would be possible for me to combine the business on two of the present subnets onto just one subnet, subject to certain security issues.  This would release a UTM port for another purpose.

 

What I had in mind was using a private vlan for a couple of machines which are to be separated from the remaining traffic on the subnet.  I appreciate there are many ways to achieve this separation but PVlan seemed a rather neat way since it works at L2 and avoids all the rules based and filter solutions.   

Can you help and advise please?

 

PS.  Thanks for the links.  It seems the Netgear website has changed very recently as there has been a significant change from my last visit.  All the problems I had in the past are the result of the many scripts cookies and other promotional clutter.  It seems slightly better now but it was impossible for a while to reset my pw.  The website would not enable me to enter the second confirmation copy of the proposed new pw.  No entry could be made on the second line.  Seems to be fixed now. 

 

 

Message 4 of 6
schumaku
Guru

Re: Configure vlan security Netgear GS728TPPv2 M4100-24PoE+

If you can't manage this single UTM port (whatver UTM you talk of here) to be split into multiple VLAN to two or more networks (one untagged and same PVID, all others tagged, and then assign individual subnets - features decent UTM systems certainly allow - better stay far away from PVLAN, which are technically double tagged frames. 

 

Again, this PVLAN is done if service or cloud providers where customers can extend thier own VLANs over a trunk into into a data centre, and every customer can retain it's own VLAN numbering and design. Very uncommon fature on a UTM system btw.  

Message 5 of 6
Budgie4
Tutor

Re: Configure vlan security Netgear GS728TPPv2 M4100-24PoE+

Hi Schumaku,

OK, I take the point and of course can all be done on UTM.  It was just me being strange and wanting to do all the Vlan work on the switch rather than UTM and looking at rather neat solution which might have improved my knowledge base.  (I know, it is still rather low!).

 

Will take the soft option and many thanks for your informative reply. 

If I get stuck I shall start a new thread so saying thanks again.

Regards,

Alastair

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 1395 views
  • 0 kudos
  • 2 in conversation
Announcements