Multiple Firewalls Configuration

ridgedale,

The IP and DNS server addresses were all 0.0.0.0.

Switching port 5 on the FVS318N back to the default VLAN assignment allowed my laptop to connect via ethernet to the Internet when connected to that port.

I realised that with DHCP disabled for the secondary VLAN the FVS318v3 was not getting a WAN IP address any DNS information.

So, you are actually doing a port-based VLAN and the DHCP is disabled that is why the FVS318v3 is not receiving any IP from port 5. If port-based VLAN is being used, only the said VLAN address will passthrough. Default is same as Trunking in "Default VLAN" configuration.

What I also realised is all/any IP addresses assigned to VLANs on the FVS318N must be unique IP ranges and the IP ranges for any router attached to one/any of the FVS318N configured VLAN ports must also be a configured with separate unique IP range.

Well, it depends if you wanted to separate each port of the FVS318N.

Then for any router connecting to any of the VLAN ports (taking Port 5 as an example) the WAN and LAN should be configured as follows:

WAN configuration:
Does Your Internet Connection Require A Login? No | Internet IP Address : Get Dynamically From ISP (obtains the WAN IP Address : 192.168.5.2 & Gateway IP Address : 192.168.5.1) | Domain Name Server (DNS) Address : Get Automatically From ISP

LAN configuration:
LAN TCP/IP Setup : 192.168.15.1 | Subnet Mask : 255.255.255.0 | LAN IP Address Management : Use Router as DHCP Server (or 192.168.15.1) | DHCP Server Info - Starting IP Address : 192.168.15.201 Ending IP Address : 192.168.15.220 | Use These DNS Servers - Primary DNS Server : 192.168.15.1

Currently the FVS318v3 has following settings also configured under LAN IP Setup:
RIP Direction : None
RIP Version    : Disabled
MTU Size - Custom : 1492
 
Are those settings correct? Do they need to be changed at all?

Have I understood correctly? If so, do the same principles apply to configure a 24-port VLAN enabled smart switch to, for example, create three sub-VLANs connected to Port 3 of the FVS318N?

Yes, everything seems to be correct. If you will be connecting a VLAN switch, then the uplink port of the switch should be set to T and should be connected to a trunk port of the router.

e.g.

FVS318v3 has 3 VLANS.

VLAN 1 - 192.168.10.x

VLAN 2 - 192.168.20.x

VLAN 3 - 192.168.30.x

All VLANs are DHCP Enabled

Port 1 - Default - All VLANs can passthrough as it is set to Trunk

Port 2 - VLAN 2 - Only VLAN 2 will passthrough as it is set to port-based

Port 3 - VLAN 3 - Only VLAN 3 will passthrough as it is set to port-based

On this case, you can connect the switch to Port 1 of the router and set the uplink port of the switch as T or Tagged / Trunk. Just make sure that you also created the 3 VLANs in the switch. If there's any confusion just let me know.

If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

Regards,