asked on
VLANs on Netgear FSM7328s Switch
Hi All,
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
Networking Hardware-OtherSwitches / Hubs
Last Comment
rharland2009
That's right. The uplink that goes from this switch to your production network needs to be a trunk so that traffic from each of the VLANs can traverse the link. Remember, too, you'll need routing information on your production routing/switching gear so that packets can get back to the VLANs in question as well. When those packets come into your network destined for the laptops in the isolated VLANs, they'll need to know how to get there.
ASKER
Thanks for the reply. Ok, so I have created static routes in my router, but I still don't know how to make the port on the Netgear switch which connects to my production network a trunking port.
You want to set that port to be in both your VLANs as well as the default VLAN that delivers traffic to your network. They'll need to be untagged at the access (laptop) side and tagged on the egress/trunk side.
ASKER
Thanks, but that is the problem. I can't figure out how to get that configured.
ASKER
Thanks, but the FSM7328s switch does not have that interface.
Here's your admin guide.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
ASKER
Ok, thanks. I was able to figure out how to make that port connecting to the production network tagged. I now can ping everywhere on the production network, but I am still unable to get on the Internet.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
when you do a tracert -d to an internet location from these problem laptops, what happens?
Paste a tracert to google or something so we can see where it fails.
Paste a tracert to google or something so we can see where it fails.
ASKER
I did tracert -d www.google.com and google.com and the error returned was.....unable to resolve target system name
Okay. Does your DNS server know how to get back to your laptops from a routing perspective?
ASKER
Hmmm..I dont' know that answer, so I am assuming probably not. How to I tell it?
get on your DNS box and try to ping to one of the laptops that cannot access the internet.
ASKER
ok. I can ping both vlan gateways, from the dns server.
Okay. Can you ping the laptops themselves from the DNS server?
ASKER
no
okay.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
ASKER
Ok. Laptop's gateway is the vlan gateway.
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
do you have the port that the laptop is plugged into on your switch in the appropriate VLAN?
ASKER
Yes, that port connects to another simple switch on our network. We can ping everywhere and even remote desktop to the servers on the production network, but cannot surf the Internet.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.