This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.
VLANs on Netgear FSM7328s Switch
Hi All,
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
That's right. The uplink that goes from this switch to your production network needs to be a trunk so that traffic from each of the VLANs can traverse the link. Remember, too, you'll need routing information on your production routing/switching gear so that packets can get back to the VLANs in question as well. When those packets come into your network destined for the laptops in the isolated VLANs, they'll need to know how to get there.
Thanks for the reply. Ok, so I have created static routes in my router, but I still don't know how to make the port on the Netgear switch which connects to my production network a trunking port.
You want to set that port to be in both your VLANs as well as the default VLAN that delivers traffic to your network. They'll need to be untagged at the access (laptop) side and tagged on the egress/trunk side.
Here's your admin guide.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
Ok, thanks. I was able to figure out how to make that port connecting to the production network tagged. I now can ping everywhere on the production network, but I am still unable to get on the Internet.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
when you do a tracert -d to an internet location from these problem laptops, what happens?
Paste a tracert to google or something so we can see where it fails.
Paste a tracert to google or something so we can see where it fails.
I did tracert -d www.google.com and google.com and the error returned was.....unable to resolve target system name
okay.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Ok. Laptop's gateway is the vlan gateway.
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
Yes, that port connects to another simple switch on our network. We can ping everywhere and even remote desktop to the servers on the production network, but cannot surf the Internet.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
Okay, what routes are on your router? Do packets coming in from the internet know how to get to your laptops on these new VLANs?
Secondly, you've said you can ping stuff on your production network, RDP, etc. inside the building, but cannot get DNS resolution.
I'm assuming you can ping your DNS server.
Can you run nslookups against it from the command line on one of the problem laptops?
Secondly, you've said you can ping stuff on your production network, RDP, etc. inside the building, but cannot get DNS resolution.
I'm assuming you can ping your DNS server.
Can you run nslookups against it from the command line on one of the problem laptops?
Premium Content
You need an Expert Office subscription to comment.Start Free Trial