Reply

Re: Netgear GS724Tv4 vlan routing

FlipFluitketel
Aspirant

Netgear GS724Tv4 vlan routing

Hi,

 

I'm rather new to vlan's so I might have missed something simple but I don't get it working like I hoped it would.

 

I've got a Genexis Platinum 7840 modem which hasn't got options for vlan's. From the modem goes an utp-cable to port 1 on my GS724Tv4-switch. I thought this switch would be capable of dividing the network into multiple separate networks but I can't get it working.

What I did was this: On the routing-tab I created a VLAN with ID 10 and ip-adress 192.168.10.254 (the Genexis modem has ip-address 192.168.2.254) and set ports 21 and 22 to U(ntagged). After restarting the modem I don't get any connection at all from those ports. I followed the instructions on How to configure routing VLANs on a NETGEAR managed switch with shared internet access | Answer | NE... but do I also have to do the "Configure DHCP server" and "Add a default route" and "Add static routes on the internet gateway." steps?

Model: GS724Tv4|ProSafe 24 ports Gigabit Smart switch
Message 1 of 8
DaneA
NETGEAR Moderator

Re: Netgear GS724Tv4 vlan routing

@FlipFluitketel,

 

Welcome to the community! Smiley Happy 

 

The KB article How to configure routing VLANs on a NETGEAR managed switch with shared internet access? is suitable for NETGEAR Fully Managed Switches as indicated on the part that says "This article applies to" as shown below:

 

For FlipFluitketel.jpg

 

Be informed that the GS724Tv4 belongs to the Smart Managed Pro Switch Models and all Smart Managed Pro Switches does NOT have the capability to create a DHCP server.  Kindly review the specifications of the GS724Tv4 on its data sheet here

 

Is the Genexis Platinum 7840 modem a modem-only device or modem-router combo?  Here are the options below: 

a) If ever it is a modem-only device, you will need a VLAN aware-router connected in between the Genexis Platinum 7840 modem and the GS724Tv4. 

b) If ever the Genexis Platinum 7840 modem is a modem-router combo, you will need to set it to full-bridge mode. Then you will need a VLAN-aware router connected between the Genexis Platinum 7840 modem and the GS724Tv4. 


The appropriate KB article for you is this one below and you can use this as a guide:

 

How do I set up one or more VLANs between a NETGEAR ProSAFE firewall and a smart switch?

 

Another scenario, let say the Genexis Platinum 7840 modem is a modem-only device (or already set to full-bridge mode) and there is a Non-VLAN-aware router already connected between the Genexis Platinum 7840 modem and the GS724Tv4,  let me share the article below and use it as your guide:

 

VLAN Routing on Smart Switches

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 8
FlipFluitketel
Aspirant

Re: Netgear GS724Tv4 vlan routing

Hmm.. That's too bad the GS724Tv4 can't do the DHCP-server.

 

The Genexis Platinum 7840 is a modem/router and it isn't possible to put it in bridge-mode since the ISP has done some changes in the firmware and it also isn't possible to put another modem instead of the Genexis.

 

Then I would think the best option is to use another router behind the modem/router but the router then has to have some setting that users can't get to the other network. For example if I set the router to use the 192.168.10.x range the users shouldn't be able to get in the 192.168.2.x range from the Genexis (and the other way around). Any ideas about that "solution"?

Message 3 of 8
DaneA
NETGEAR Moderator

Re: Netgear GS724Tv4 vlan routing

@FlipFluitketel,

 

Then I would think the best option is to use another router behind the modem/router but the router then has to have some setting that users can't get to the other network. For example if I set the router to use the 192.168.10.x range the users shouldn't be able to get in the 192.168.2.x range from the Genexis (and the other way around). Any ideas about that "solution"?

Having another router behind the modem/router is not a good idea because you will have a Double NAT scenario that may cause problems. 

 

Kindly access and read the articles below to learn more:

 

What is Double NAT?

 

How to fix issues with Double NAT

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 4 of 8
FlipFluitketel
Aspirant

Re: Netgear GS724Tv4 vlan routing

I know about double NAT but as I mentioned before, it is not possible to set the modem/router in bridge mode or and it doesn't support VLAN's and replacing it with another modem/router also isn't possible because of the ISP using settings for tv/telephone they won't share.

 

So basically you're saying it isn't possible in this situation to keep 2 networks separated from each other (unless using an extra router which mayba can cause problems because of the double NAT).

Message 5 of 8

Re: Netgear GS724Tv4 vlan routing

Have you actualy called your ISP tech support and asked them this?  Because very few ISPs out there run gear that lacks the capability of going into bridged mode.  Keep in mind that MANY isp's call it something other than bridged mode.  For example Comcast doesen't call it anything at all, the term "bridged" exists nowhere in their modem interface.  However if you simply turn off the firewall on the modem - all the sudden you are in bridged mode and your router pulls via DHCP from their public numbers not from their modem's DHCP server.  And this is on their RESIDENTIAL service that also has telephone and TV.

 

Call your ISP and tell them "I have a VPN router that REQUIRES a public IP number on it's outside interface, it DOES NOT need to be a static IP number it can be dynamic, but it MUST be public with NO firewalling" and see what they say.  I am sure they have thousands of customers who are like this and their support department has heard this question a million times.

 

With a REAL router it's possible to have MULTIPLE privately numbered networks behind the router.  In fact that's precisely what I am posting from - a private network that is ROUTED not translated, behind another private network.

 

In fact, (just to dangle a carrot in front of you) I have a business customer that has THREE privately numbered networks all behind a router.  The router is the free Untangle firewall it connects the Internet to the main net, and the routers that are between the main net and the remote nets are Netgear WNDR4000s that have been re-flashed with dd-wrt.  dd-wrt allows you to turn off address translation and and turn the device into a real router in fact you can run OSPF and be right up there with the big boys.  And dd-wrt also has the ultra-special go-fast code that does fast switching in some of Netgears higher end routers like the 7000 so you can route at gigabit speeds.

 

There's a whole world of routing out there beyond 'the book' I encourage you to investigate.

Message 6 of 8
FlipFluitketel
Aspirant

Re: Netgear GS724Tv4 vlan routing

Just called them again (did it before opening this thread) and still the answer is "No, you can't put it in bridge-mode" (or what name they would give it). But this person I was speaking to (had more knowledge then the first one I spoke about it) said it should be possible to put a device into DMZ. So maybe that could be an option.

Message 7 of 8

Re: Netgear GS724Tv4 vlan routing

I noticed you refrained from mentioning what they said when you told them you needed a public IP address.  🙂  Sounds like there IS a solution for you.  You just don't want to pay for it.

 

I've met many people who are leasing trucks because they will swear on a stack of Bibles that they need a big truck.  Yet when I look in their truck bed it's pristine.  I've never understood why the same principle is not in operation when it comes to Internet service.  You tell someone they need business service and they ignore you.  Apparently the goal is whoever dies with the cheapest Internet service wins. 🙂

 

Let me just say that ISP's operate on the old Telephone Company principle that if you are a business you must pay more.  In their eyes anyone who wants to do the slightest thing interesting with their Internet service - run a server, run IPv6, run a static IP, run multiple networks (like you) is a business.  That may be unfair but it's the only thing they have come up with to fairly delineate between business and residential service.  They USED to use addresses but the cheaters destroyed that when businesses called in pretending to be residences.

 

The fact is that people in general support this idea when it comes to taxes - businesses should pay more - and a great many other things.   So don't blame the ISPs for this attitude since they are just echoing what people say about everthing else.

 

I come from the principle that if you pay a lot for something that isn't working, and you just need to pay more for it to work properly, it's false economy not to pay more since the lot you are paying for the non-working thing is money down the rathole.  But I realize this isn't a popular attitude with the race to the bottom society we have today.

 

Just sayin!

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 858 views
  • 1 kudo
  • 3 in conversation
Announcements