WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!
Solved
VLANs on Netgear FSM7328s Switch
Posted on 2012-12-28
Hi All,
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
I am also trying to create 3 vlans on a FSM7328s so I can separate the network to work on machines that are infected.
I have done the following so far.
1. Default vlan - IP 192.168.0.253 (our main network)
2. Created a vlan 10 - IP 192.168.2.254
3. Created a vlan 100 - IP 192.168.100.254
I setup a laptop on for each vlan and can ping each gateway and CANNOT ping each laptop. Now, I need to be able get on the Internet with both laptops on each vlan but still not ping each other.
This is where I am having the problem. I am assuming that I need to create a "trunking" port on the netgear, but I cannot figure it out.
Would love some help with this.
Thanks!
11-
10
21 Comments
That's right. The uplink that goes from this switch to your production network needs to be a trunk so that traffic from each of the VLANs can traverse the link. Remember, too, you'll need routing information on your production routing/switching gear so that packets can get back to the VLANs in question as well. When those packets come into your network destined for the laptops in the isolated VLANs, they'll need to know how to get there.
Thanks for the reply. Ok, so I have created static routes in my router, but I still don't know how to make the port on the Netgear switch which connects to my production network a trunking port.
You want to set that port to be in both your VLANs as well as the default VLAN that delivers traffic to your network. They'll need to be untagged at the access (laptop) side and tagged on the egress/trunk side.
Here's your admin guide.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
http://www.downloads.netgear.com/files/gsm7212_gsm7224_gsm7248_60015_adminguide.pdf
Specifically, in example #4 under the Vlan Configuration section...
Switching --> VLAN --> Port Configuration. To specify the handling of untagged frames on receipt,
and whether frames will be transmitted tagged or untagged.
Ok, thanks. I was able to figure out how to make that port connecting to the production network tagged. I now can ping everywhere on the production network, but I am still unable to get on the Internet.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
I tried using the router for dns, my dns server, and the isp, but no go. Any ideas? I now I am probably missing something simple.
when you do a tracert -d to an internet location from these problem laptops, what happens?
Paste a tracert to google or something so we can see where it fails.
Paste a tracert to google or something so we can see where it fails.
I did tracert -d www.google.com and google.com and the error returned was.....unable to resolve target system name
okay.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Do you have the laptops' default gateway set as the VLAN gateway address?
IS windows firewall on?
Do this....do an nslookup of www.google.com and record the IP. Get on one of the problem laptops and do a tracert -d of that IP address. Let's figure out if it's routing, DNS, or a combo that's screwing you up here.
Ok. Laptop's gateway is the vlan gateway.
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
nslookup from Google.com - 74.125.228.71
From the laptop, I did tracert -d 74.125.228.71 - stopped at first hop which is the vlan gateway with destination unreachable
Yes, that port connects to another simple switch on our network. We can ping everywhere and even remote desktop to the servers on the production network, but cannot surf the Internet.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
I even tried changing the static routes on the router to point to the gateway of the default vlan gateway instead of .1 which is the production gateway.
Okay, what routes are on your router? Do packets coming in from the internet know how to get to your laptops on these new VLANs?
Secondly, you've said you can ping stuff on your production network, RDP, etc. inside the building, but cannot get DNS resolution.
I'm assuming you can ping your DNS server.
Can you run nslookups against it from the command line on one of the problem laptops?
Secondly, you've said you can ping stuff on your production network, RDP, etc. inside the building, but cannot get DNS resolution.
I'm assuming you can ping your DNS server.
Can you run nslookups against it from the command line on one of the problem laptops?
Featured Post
In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Before I go to far, let's explain HA (High Availability) and why you should consider it. High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service. As…
#Citrix #Netscaler #MSSQL #Load Balance
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …
Watch the video to know the process of migration of Exchange or Office 365 mailboxes in absence of MS Outlook. It is an eminent tool which can easily migrate Public, Archive user mailboxes from one another Exchange server and Office 365. Kernel Migr…
Suggested Courses
Course of the Month10 days, 3 hours left to enroll
606 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.