Setting Up Vlans in a certain way

NetworkBoy
NetworkBoy Posts: 1
edited April 14 in Switch
Hello all!

I have a Asus router acting as my DHCP server which has wifi connected devices and 3 hardlined computers attached. I hooked up my GS1200-8 and that is being plugged into the 4th port of my Asus router. All traffic is working and the GS1200 is acting like a normal switch with everyone communicating with each other. Now, one of the other companies in the same building decided it would be a great idea to make my Asus router there way out. They have a 8 port unmanaged switch plugged into the 2nd port of the GS1200-8. Question is, How can i make the 2nd port of the GS1200 just be able to communicate out to the ISP and not be able to see any computers that are already attached directly to the Asus router.

All Replies

  • PeterUK
    PeterUK Posts: 1,053  Guru Member
    You need a Port-based VLAN switch which your GS1200 does not do and does 802.1Q VLAN or you can get a router that can do VLAN tagged subnets with your GS1200 . 
  • Zyxel_Jonas
    Zyxel_Jonas Posts: 233  Zyxel Employee
    Hi @NetworkBoy,

    Welcome to Zyxel Community!
    Just like @PeterUK suggestion, as GS1200 do only support 802.1Q (VLAN tagging).
    Regarding your requirements, more simple way is, you will need to configure VLAN on the Asus router to separate the traffic from the devices which already connected through Asus router and GS1200. 

    Jonas,
  • TiggerLAS
    TiggerLAS Posts: 58  Ally Member
    Although many of the consumer-grade routers support a "guest" network
    for WiFi, I don't see many of them out there that support traditional VLANS.

    An inexpensive option would be to get a Ubiquity EdgeRouter X,
    which can handle multiple VLANS, and can provide the isolation that you need.
    Although the EdgeRouter is extremely affordable, it is definitely not for the novice.

    You would need to define your VLANS, DHCP and DNS servers,
    as well as firewall rules for each VLAN.

    Your would then set up your ASUS router (which I am assuming is WiFi)
    as an access point, to avoid double-NAT'ing your internet.