Help required with a VLAN ZYXEL noob question
Hope some one can help me with configuring VLANs on the below kit, I have the following setup…
ZYXEL - VMG8825-T50
ZYXEL - GS1200-8
The router is in the basement and the 8 port switch is in the loft, the gigabit uplink to the loft switch is from LAN1 on the router to port 1 on the eight port switch.
Here is my question: I have a work VPN PC running ubuntu connected to port 3 on the switch and I need to isolate this PC currently on port 3 from the rest of the network, all other ports on the 8 port switch are in use. Below is my settings but I can't seem to get this to work, is it some thing I am missing or do I have the wrong configuration?
Hope some one can help, previously I had a Draytek with a simular setup but the router and switch was struck by lightning.
Thanks to all in advance…
Accepted Solution
-
Hi @sunguy ,
Yes, 'security policies' refer to the Access Control List (ACL) rules in your router's firewall settings. To block traffic between VLAN 10 and VLAN 20, create two ACL rules:
- Rule 1: Block traffic from VLAN 10 to VLAN 20. Specify VLAN 10's subnet as 'Source' and VLAN 20's subnet as 'Destination'.
- Rule 2: Block traffic from VLAN 20 to VLAN 10. Specify VLAN 20's subnet as 'Source' and VLAN 10's subnet as 'Destination'.
You may apply these rules to the interface connected to the switch.
Kay
0
Zyxel Employee
All Replies
-
Hi @sunguy
Firstly, you have to create VLAN 10 and VLAN 20 interfaces on your router. Then, you could make the following VLAN settings on your switch:
- Port 1(router): PVID = 1, VLAN 1 untag, VLAN 10 tag, VLAN 20 tag
- Port 3(PC): PVID = 10, VLAN 1 untag, VLAN 10 untag
- The rest of network: PVID = 20, VLAN1 untag, VLAN 20 untag
To isolate your Port 3(PC) from the rest of network, you may set the following security policies on your router:
- Block traffic from VLAN 10 to VLAN 20
- Block traffic from VLAN 20 to VLAN 10
Hope this solution works for you!
Kay
0 -
Hi Kay,
Thanks for the advice and your fast response, on your last point and before I implement this, how do I block traffic via 'security policies' on the router when working on the switch? in the router firewall settings I can see ‘Add New ACL Rule’ as an option on the router firewall menu, is this what you mean by ‘security policies?
Kind regards,
Colin.0 -
Hi @sunguy ,
Yes, 'security policies' refer to the Access Control List (ACL) rules in your router's firewall settings. To block traffic between VLAN 10 and VLAN 20, create two ACL rules:
- Rule 1: Block traffic from VLAN 10 to VLAN 20. Specify VLAN 10's subnet as 'Source' and VLAN 20's subnet as 'Destination'.
- Rule 2: Block traffic from VLAN 20 to VLAN 10. Specify VLAN 20's subnet as 'Source' and VLAN 10's subnet as 'Destination'.
You may apply these rules to the interface connected to the switch.
Kay
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
