This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I think I originally posted this in the wrong location so I am reposting.
I do some volunteer work for a local non-profit. They have a cable modem/router from their Internet provider to which all of their equipment is connected through a series of wireless access points and unmanaged switches. They also provide leased space to small non-profits and they share their Internet access with them. Right now, the way they separate their access from the tenants is by connecting a second router to the cable modem and connecting the tenants to the router. This works OK, but there are two issues: 1) the number of tenants is outstripping the number of ports on the router, and; 2) all of the tenants are sharing the same network. The second issue is the most urgent for me. Although everyone is very cooperative and friendly, I don't like the fact that separate organizations technically have access to other people's equipment.
Recently, a couple of GS116E managed switches were donated to the non-profit. After doing a little research on them, I figured that I could install one of them in place of the router and create VLAN's for each tenant. This would solve my issue with tenants being able to access each other's equipment and it provided me with a lot more ports to service the expanding tenant base. I created 15 port-based VLAN's and assigned them to Ports 1-15 respectively. I decided to use Port 16 as the uplink so I assigned all VLAN ID's to Port 16 and connected it to the cable modem. I connected a computer to Port 1 to test the set-up and I had Internet access. However, when I checked to see what devices I could see on the network (view "Network" on Windows 10) I could see all of the non-profit's devices. I don't want the tenants to see the non-profit's devices - I only want them to see devices connected to their VLAN. I assumed that if the devices can be seen, they can be accessed.
Is there a way for me to set up the switch so that devices connected to a VLAN only see the devices in their VLAN group and not and devices that are connected to the cable modem downstream? I could leave the router in place and feed the managed switch from it, but I would like to have as few devices in the chain as possible. Thanks!
Re: Help creating VLAN's with GS116E managed switch
If you want to run multiple organizations on individual networks, you need a router offering LAN services for multiple subnets, e.g. on different ports, or on multiple VLANs. Consumer routers or cable modem-routers don't have this capability. With these simple VLAN switches, there is not much you can do - either way, the last "hop" would be that router LAN subnet, as a pass-through network - very similar to the existing set-up with the additional router. You can keep that second router, and plug the switch to a LAN port of that router.
As per checking, you created 15 port-based VLAN on each port and 1 as uplink on the GS116E switch. May you be able to share a screenshot of the settings from the GS116E? Another thing, does the cable modem supports VLAN?
You may try to use the 802.1q based VLAN and assign each port as a different VLAN. Please make sure that port 16 which is your uplink is assigned as T on all the VLANs and each port is assigned as U then match the PVID with its respective VLAN ID.
Thanks for the reply. Since I initially posted my question, I reset the switch to start over and I created 1 port-based VLAN to play with; attached is the current switch set-up. In this set-up, I am able to access the Internet from Port 2 as I want to. However, when I search the network on a computer attached to Port 2, I can see the devices connected to the router (Port 16 is connected to the router). In fact, I was able to use the router's IP address to connect to it via the Web GUI. I would prefer to have the router and the other devices connected to the router to be hidden from the VLAN, but that is not the case.
The router is an Arris DG1670 (Spectrum is the Internet provider and it is their router); I do not believe the router is VLAN-aware.
I tried setting up 802.1Q VLAN's as you suggested. I could not access the Internet on Port 2 using this set-up. Something must not be right how Port 16 was set up as the uplink. I was only able to assign 1 PVID to Port 16, so the VLAN that corresponded to the PVID that Port 16 got assigned to had Internet access but the others did not.
Thanks!
Model: GS116E|ProSafe Plus 16 ports gigabit switch
Re: Help creating VLAN's with GS116E managed switch
If you want to run multiple organizations on individual networks, you need a router offering LAN services for multiple subnets, e.g. on different ports, or on multiple VLANs. Consumer routers or cable modem-routers don't have this capability. With these simple VLAN switches, there is not much you can do - either way, the last "hop" would be that router LAN subnet, as a pass-through network - very similar to the existing set-up with the additional router. You can keep that second router, and plug the switch to a LAN port of that router.
