Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net
Course Of The Month
11 days, 2 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
VLANs on Netgear FSM7328s Switch
Posted on 2012-12-28
Hi All,
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
11-
10
21 Comments
That's right. The uplink that goes from this switch to your production network needs to be a trunk so that traffic from each of the VLANs can traverse the link. Remember, too, you'll need routing information on your production routing/switching gear so that packets can get back to the VLANs in question as well. When those packets come into your network destined for the laptops in the isolated VLANs, they'll need to know how to get there.
Thanks for the reply. Ok, so I have created static routes in my router, but I still don't know how to make the port on the Netgear switch which connects to my production network a trunking port.
You want to set that port to be in both your VLANs as well as the default VLAN that delivers traffic to your network. They'll need to be untagged at the access (laptop) side and tagged on the egress/trunk side.
Here's your admin guide.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
Ok, thanks. I was able to figure out how to make that port connecting to the production network tagged. I now can ping everywhere on the production network, but I am still unable to get on the Internet.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
when you do a tracert -d to an internet location from these problem laptops, what happens?
Paste a tracert to google or something so we can see where it fails.
Paste a tracert to google or something so we can see where it fails.
I did tracert -d www.google.com and google.com and the error returned was.....unable to resolve target system name
okay.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Ok. Laptop's gateway is the vlan gateway.
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
Yes, that port connects to another simple switch on our network. We can ping everywhere and even remote desktop to the servers on the production network, but cannot surf the Internet.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
Okay, what routes are on your router? Do packets coming in from the internet know how to get to your laptops on these new VLANs?
Secondly, you've said you can ping stuff on your production network, RDP, etc. inside the building, but cannot get DNS resolution.
I'm assuming you can ping your DNS server.
Can you run nslookups against it from the command line on one of the problem laptops?
Secondly, you've said you can ping stuff on your production network, RDP, etc. inside the building, but cannot get DNS resolution.
I'm assuming you can ping your DNS server.
Can you run nslookups against it from the command line on one of the problem laptops?
Featured Post
I was talking with one of my colleagues from our Technical Account Manager team about MongoDB’s scalability. He mentioned to me that several customers have been telling him that “MongoDB doesn’t scale!” MongoDB’s scalability was in question?
My response was, “Is that a joke?"
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
Arrow Electronics was searching for a KVM (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
- Networking Hardware-Other
- Switches / Hubs
- Components
- ATEN Technology
- Hardware
- *Kernel-based Virtual Machine (KVM)
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface.
Change Cu…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month11 days, 2 hours left to enroll
628 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.