This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Gs728TP VLAN Isolating a single port with only internet
Boot version: 2.0.0.11
Software version: 6.0.1.14
Port 9 Needs to be isolated from the network but also receive internet from port 24.
Ports 1-8,10-23 also need to receive internet from port 24.
I do not want port 9 to talk to any port other than 24.
Have been searching for solutions but most of the ones I find our Switch does not have the settings mentioned such as Private VLAN inside the Security>Traffic Control menu's.
If there is a solution do I need to move all normal ports out of the pre-baked VLAN 1?
If I remove them from VLAN 1 do I need to change the Port PVID Configuration from 1 in the Switching>VLAN menu?
The only thing really configured on this switch is that all ports were manually added to VLAN 2 as T (Tagged?) just through the Switching>VLAN>VLAN membership menu.
Re: Gs728TP VLAN Isolating a single port with only internet
So create a new VLAN, remove port 9 from any other VLAN, put port 9 [U]ntagged including the same PVID, and make that new VLAN [T]agged on the uplink/router port. Ensure the sub-interface is also operating as tagged for that very same VLAN on the security appliance.
Re: Gs728TP VLAN Isolating a single port with only internet
Here again, each 802.1q VLAN is dedicated network, has it's own dedicated broadcast domain, requires it's own IP subnet, so you require some routing (beyond of just the local switch scope), ...
Re: Gs728TP VLAN Isolating a single port with only internet
The plan is when I actually have a way to plug this stuff into the switch configurations to split the networks, I am going to configure another sub-interface on the SonicWall Firewall that is plugged into the port 24. I will provide adressing and DHCP to port 9 and forward it to the main IP just like all other traffic is done on what will be the main VLAN. I just want to make sure on its way back and out it stays on its own port.
Re: Gs728TP VLAN Isolating a single port with only internet
So create a new VLAN, remove port 9 from any other VLAN, put port 9 [U]ntagged including the same PVID, and make that new VLAN [T]agged on the uplink/router port. Ensure the sub-interface is also operating as tagged for that very same VLAN on the security appliance.
Re: Gs728TP VLAN Isolating a single port with only internet
So these would be the only Switch side changes I need to make?
And then just make sure the SonicWall is prepped to expect tagged traffic on VLAN 13, and then provide a DHCP scope for that sub interface, and make the traffic shoot out to the ISP provided IP? Sounds good to me after I get this set up will report back here, soonest being after hours tommorow.
Re: Gs728TP VLAN Isolating a single port with only internet
Images are not playing nice, The album preview is errors but the actual album on my profile is visible. But clicking the photos tab on reply posting is empty and unloaded images. Hope Imgur is not frowned upon. https://imgur.com/a/hf9yEbE
Re: Gs728TP VLAN Isolating a single port with only internet
Exactly, you managed it (don't forget to apply the change!) that easy it is. Good job!
The PVID defines the VLAN where untagged frames are assigned to. Similar, the [U]ntagged does define (don't overload - do it on just one) the VLAN where frames leaving the switch in that port will be untagged.
Double check the default VLAN isn't tagged or untagged on that port 9.
Inline images are under mandatory moderation, so a human has to review and release.
Re: Gs728TP VLAN Isolating a single port with only internet
Decided just to go for it during the workday. Worked like a charm, now Port 9 shows blank in its membership to VLAN 1. It is receiving a DHCP address from the Sonicwall, and is now logically seperated from the rest of the network only accessing the internet. Much appreciated.
