Solved

SG300 VLAN Configuration

Posted on 2016-10-18
10
31 Views
Last Modified: 2016-11-23
I have a home network and I'm planning to install IP cameras and a Synology Surveillance station.  I created a VLAN to isolate the traffic from the IP cameras from the rest of my network. The SG-300 is configured for L3. Here’s my setup:

 Network Configuration
 The Static routing table in the SG-300 shows:

0.0.0.0            0      Default    192.168.1.1   Default                              2    1   VLAN1
192.168.1.0  24     Local                                  Directly Connected                  VLAN1
192.168.2.0 24      Local                                  Directly Connected                  VLAN2  

On the SG300, port 10 is configured for VLAN1, untagged, trunk. Port 1 and 2 are configured for VLAN2, untagged, access.

The traffic on VLAN2 appears to be isolated from VLAN1 and I can SSH into the Synology Surveillance box. I can ping the Synology box from the 192.168.1.0/24 subnet, however, if I SSH into the Synology box, I can’t ping out to the internet.

Any help would be appreciated.

Thanks,
Alan
0
Comment
Question by:alanandcorin
  • 5
  • 3
  • 2
10 Comments
 
LVL 6

Expert Comment

by:Niten Kumar
ID: 41849436
Check the NAT settings on the Netgear  router.  Is it NATing for 192.168.2.0 network.
0
 

Author Comment

by:alanandcorin
ID: 41850505
Nitenkumar, how could I check to know if it's NATing for the 192.168.2.0 network?  I can run linux commands from the Synology box on 192.168.2.4.  

Are the home Netgear routers capable or NATing to two networks? Is this possible with the standard firmware? Do I need to upgrade to DD-WRT or even another type of WiFi router?

Thanks for your help.
Alan
0
 

Author Comment

by:alanandcorin
ID: 41850853
Shouldn't it be possible for the SG300 to correctly route from VLAN2 to the internet with ACL rules?

Thanks,
Alan
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 6

Expert Comment

by:Niten Kumar
ID: 41850998
Are you a able to login to the console of the Netgear router?
0
 

Author Comment

by:alanandcorin
ID: 41851123
Sorry, there's no SSH nor Telenet access to the stock netgear firmware.
0
 
LVL 6

Expert Comment

by:Niten Kumar
ID: 41851165
How about web access?
0
 

Author Comment

by:alanandcorin
ID: 41851227
The router has remote management access, but all you'll get is the same GUI screens that I have access to.
0
 

Author Comment

by:alanandcorin
ID: 41851425
I updated my router to DD-WRT, so I can SSH and run commands from the console. What do you suggest?
0
 
LVL 25

Accepted Solution

by:
masnrock earned 500 total points (awarded by participants)
ID: 41852887
You should even be able to use the web interface of DD-WRT. Basically, you want to have 2 VLANs, each tied to whichever ports you'd like them set up to. That will allow you to have 2 physical connections to the switch, where you can configure the appropriate VLANs. The port that goes to the living room will obviously be configured to VLAN2, along with whichever ports will be going to the cameras.
0
 
LVL 25

Expert Comment

by:masnrock
ID: 41898861
Question answered
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question