How to create two simple VLANs on Netgear smart switch GS724TPS
I have two identical Netgear 24-port PoE switches, GS724TPS that have been stacked via HDMI cable as one logical unit. This is a set up for a small business with less than 25 end users and I want to use two VLANs, one for data and one for voice because they plan to use a Quadro IP system for their phones and I want to segregate ...
I also have a Netgear VPN/Firewall with is connected to the WAN (dual bonded T1 connection) and the Netgear switches are connected directly to the Netgear VPN/Router/Firewall...
I followed the instructions but can't seem to see how to setup two VLANs. I don't want to use the built in Voice Vlan function in Netgear, instead just want to create a VLAN 2 and use that as voice (named it as voice)... but this is first configured on the switch or on the Firewall?
I'm thinking just to do a simple static route on the firewall for inter-vlan switching/routing.... but I'm not sure is this configured on the switch or firewall first?
So I created the second VLAN, and used the port based membership for assignment... but once I assign the selected ports to VLAN 2, how do I know what IP address it is set to? Are these VLAN 2 IPs default to something that I don't know about? How can I set them to the 192.168.10.X subnet? (the rest of my native VLAN network is on 192.168.1.X... I thought I needed to switch the management VLAN to VLAN 2 in order to assign the IP address to the ports that I placed into VLAN 2, but once I did that I immediately got locked out of the switch entirely and had to do a factory reset.
What am I missing or doing wrong here? Does Netgear have a CLI that emulates Cisco's IOS that I can use instead of the web interface?
I also have a Netgear VPN/Firewall with is connected to the WAN (dual bonded T1 connection) and the Netgear switches are connected directly to the Netgear VPN/Router/Firewall...
I followed the instructions but can't seem to see how to setup two VLANs. I don't want to use the built in Voice Vlan function in Netgear, instead just want to create a VLAN 2 and use that as voice (named it as voice)... but this is first configured on the switch or on the Firewall?
I'm thinking just to do a simple static route on the firewall for inter-vlan switching/routing.... but I'm not sure is this configured on the switch or firewall first?
So I created the second VLAN, and used the port based membership for assignment... but once I assign the selected ports to VLAN 2, how do I know what IP address it is set to? Are these VLAN 2 IPs default to something that I don't know about? How can I set them to the 192.168.10.X subnet? (the rest of my native VLAN network is on 192.168.1.X... I thought I needed to switch the management VLAN to VLAN 2 in order to assign the IP address to the ports that I placed into VLAN 2, but once I did that I immediately got locked out of the switch entirely and had to do a factory reset.
What am I missing or doing wrong here? Does Netgear have a CLI that emulates Cisco's IOS that I can use instead of the web interface?
ASKER
If I were to used tagged vlans as opposed to port based vlans (as you suggested) do I still need to set it up the same way in the pvid settings? What do you mean to set both vlans to "T"?
I'm also using a netgear FV336 which I believe should be VLAN aware. Problem is that in the netgear vpn/firewall of the FV336 device I can see "routing" menu but nothing for VLAN or related information or configuration options.
I'm running this in a SBS 2011 environment and they have to rely on the SBS server to be DHCP. The reason want to do vlan is because the Quadro Epygi ip phone server being set up wants to use its OWN DHCP (the phone server is picky about wanting to dish out the ips to the snom phones we are hooking up to the switches) but obviously that conflicts with the Dell SBS which is already the DHCP server for everything else on the network.
So basically on the native Vlan I wish for the SBS server to be the DHCP, and on the vlan 2 it will be the ip phone server being the DHCP. We are not using the Router/VPN/Firewall for DHCP purposes.
Are you recommend for this purpose that I use tagged vlans and that add the subnet and ip information needed to cross vlans in the firewall itself?
I'm also using a netgear FV336 which I believe should be VLAN aware. Problem is that in the netgear vpn/firewall of the FV336 device I can see "routing" menu but nothing for VLAN or related information or configuration options.
I'm running this in a SBS 2011 environment and they have to rely on the SBS server to be DHCP. The reason want to do vlan is because the Quadro Epygi ip phone server being set up wants to use its OWN DHCP (the phone server is picky about wanting to dish out the ips to the snom phones we are hooking up to the switches) but obviously that conflicts with the Dell SBS which is already the DHCP server for everything else on the network.
So basically on the native Vlan I wish for the SBS server to be the DHCP, and on the vlan 2 it will be the ip phone server being the DHCP. We are not using the Router/VPN/Firewall for DHCP purposes.
Are you recommend for this purpose that I use tagged vlans and that add the subnet and ip information needed to cross vlans in the firewall itself?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
First let me explain some things: vlans In the switch don't care about what the subnet is. If you do port based vlans that means each port will be assigned to one vlan only. When packets leave that port they will be untagged. Any packets coming into that port will be assigned that vlan. Port based is basically the same as using tagged vlans by setting the pvid of ports to the vlan you want and putting a "U" for those ports under vlan membership.
If the firewall is vlan aware, you really should use vlan tags. This allows you to run one cable from the switch to the firewall with both vlans set to "T". If you use port based and/or the firewall is not vlan aware, then you need two cables from the switch to the firewall, one for each vlan.
All vlans need to be setup in both switches. There is no ip or subnet info about the vlans in the switches they dont care. If anything needs to ever cross vlans they need to be added to the firewall as well. The firewall knows about the subnets for the vlans since it has to route across them. If you want dhcp on either of your vlans something needs to hand those out. If you want the firewall to do dhcp, you need two scopes, one for each vlan subnet. I don't know if your netgear can do this, I use sonicwall stuff.
Think if the vlans in the switches as tubes in a subway and the router as the central station. It's on you to make sure the right subnet packets get on the right vlan trains and the switches and router handle the rest. If you put a device on the 1.x subnet but on a port assigned to vlan 2 the switches will let it run around vlan 2. And the router won't really know what to do with it since it doesn't match the subnet of vlan2 so it can't route it over to vlan1.