As a valued customer of Targus, we’d like to ask you a few questions about us. As thanks, you will be automatically entered for a chance to win a $500 VISA gift card. To enter, just complete the survey by September 15, 2017.
Solved
VLANs on Netgear FSM7328s Switch
Posted on 2012-12-28
Hi All,
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
11-
10
21 Comments
That's right. The uplink that goes from this switch to your production network needs to be a trunk so that traffic from each of the VLANs can traverse the link. Remember, too, you'll need routing information on your production routing/switching gear so that packets can get back to the VLANs in question as well. When those packets come into your network destined for the laptops in the isolated VLANs, they'll need to know how to get there.
Thanks for the reply. Ok, so I have created static routes in my router, but I still don't know how to make the port on the Netgear switch which connects to my production network a trunking port.
You want to set that port to be in both your VLANs as well as the default VLAN that delivers traffic to your network. They'll need to be untagged at the access (laptop) side and tagged on the egress/trunk side.
Here's your admin guide.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
Ok, thanks. I was able to figure out how to make that port connecting to the production network tagged. I now can ping everywhere on the production network, but I am still unable to get on the Internet.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
when you do a tracert -d to an internet location from these problem laptops, what happens?
Paste a tracert to google or something so we can see where it fails.
Paste a tracert to google or something so we can see where it fails.
I did tracert -d www.google.com and google.com and the error returned was.....unable to resolve target system name
okay.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Ok. Laptop's gateway is the vlan gateway.
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
Yes, that port connects to another simple switch on our network. We can ping everywhere and even remote desktop to the servers on the production network, but cannot surf the Internet.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
Okay, what routes are on your router? Do packets coming in from the internet know how to get to your laptops on these new VLANs?
Secondly, you've said you can ping stuff on your production network, RDP, etc. inside the building, but cannot get DNS resolution.
I'm assuming you can ping your DNS server.
Can you run nslookups against it from the command line on one of the problem laptops?
Secondly, you've said you can ping stuff on your production network, RDP, etc. inside the building, but cannot get DNS resolution.
I'm assuming you can ping your DNS server.
Can you run nslookups against it from the command line on one of the problem laptops?
Featured Post
Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc.
This document explains the different types of consol…
Arrow Electronics was searching for a KVM (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
- Networking Hardware-Other
- Switches / Hubs
- Components
- ATEN Technology
- Hardware
- *Kernel-based Virtual Machine (KVM)
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses
Course of the Month7 days, 10 hours left to enroll
715 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.