SiliconeSoul
asked on
Can't separate VLANs on a switch
hello, i need to create few separate VLANs on a network. so nobody will be able to share in other's VLAN computer. the switch is TP-LINK TL-SL2452WEB. Activated VALN mode: Port VLAN (Port-based VLAN), in Port VLAN Setting: VLAN 1 Group contains all user except of them from VLAN2, and VLAN2 contains 5 members that are not in VLAN1. so now i login from another computer that is in VLAN1, to a computer that is in VLAN2 but it must not.. maybe some additional settings are required?
You Just Have to put the PVID on the Port to Vlan configuration, That's it.
Regards
Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
By default all ports are asigned to VLAN1... i unchecked ports that i want to belong to VLAN2.. and Under VLAN2 checked them back... i still can acces to their shared computer.. also all computers belongs to one subnet 192.168.1.0/24. if i move all port to VLAN3, and few that i want to separate to VLAN2..... i can't access computers from VLAN2, BUT me and they don't have internet... that comes from a router to GB Port. cause i can't asign one port to different VLANs. Also to configure a VLAN on a router is more difficult for me. router is MikroTik RB-450G.
Each VLAN needs to be a unique IP subnet. So the computers on VLAN2 need to be in a different IP subnet.
If the computers on VLAN2 only need to access other computers on VLAN 2, then just don't give them a default route. However, remember this means they can only access other computers on VLAN 2, this means NO Internet access for them.
If the computers on VLAN2 only need to access other computers on VLAN 2, then just don't give them a default route. However, remember this means they can only access other computers on VLAN 2, this means NO Internet access for them.
ASKER
ok, if i will config computers that are on VLAN2 to subnet 192.168.0.1/24 so i will need to connect internet to that subnet? that means i need to connect another port from router to a port on switch and make that port also to belong to VLAN2?
I've glanced at your router and although it may be a bit difficult, it looks like it can do what you need.
You will need to use two of the interfaces on the router.
One you can leave configured as is and use for VLAN1.
The other one you will need to configure it with an IP address on VLAN 2. See:
http://wiki.mikrotik.com/wiki/Manual:IP/Address
Then connect it to a port on your switch that is configured with VLAN 2.
Then on the filter you will need to configure a ip filter that blocks/denys traffic between the IP subnet for VLAN 2 and the all IP addresses on VLAN 1. See:
http://wiki.mikrotik.com/wiki/Manual:Routing/Routing_filters
You will need to use two of the interfaces on the router.
One you can leave configured as is and use for VLAN1.
The other one you will need to configure it with an IP address on VLAN 2. See:
http://wiki.mikrotik.com/wiki/Manual:IP/Address
Then connect it to a port on your switch that is configured with VLAN 2.
Then on the filter you will need to configure a ip filter that blocks/denys traffic between the IP subnet for VLAN 2 and the all IP addresses on VLAN 1. See:
http://wiki.mikrotik.com/wiki/Manual:Routing/Routing_filters
So the simple solution is to code a ACL on the router that prevent traffic from being routed between those two IP subnets.