GS1200-5 VLAN Configuration Question

RyM
RyM Posts: 1
edited August 2023 in Switch

I am using a GS1200-5 with the V2.00(ABKM.2)C0 firmware.

I am trying to configure the VLAN. On port 5 I have a switch with all management equipment, administration computers and internal trusted access points. Port 4 has internet. Ports 1-3 have untrusted guest access points.

This is how I thought it should be configured:

Screenshot 2023-08-23 170734.png

However, ports 1-3 don't seem to have an internet connection. Ports 1-3 and 5 should have internet, it is just that ports 1-3 should not see devices on port 5. How is this supposed to be configured?

Accepted Solution

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,262  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @RyM

    First of all, you should make sure that you have created the necessary VLAN interfaces on your router. Following this, since your Port 4 is for the internet(to router), you should tag Port 4 with VLAN10. This tagging will enable devices from VLAN10 to communicate and exchange DHCP packets with the router.

    Besides, to isolate your VLAN10 from other VLANs(ex: VLAN1) , do remember to establish the security policies on your router. For example:

    • Block traffic from VLAN10 to VLAN1
    • Block traffic from VLAN1 to VLAN 10

    For more detailed guidance about the VLAN configuration concept for web-managed switches, please refer to this FAQ:

    https://community.zyxel.com/en/discussion/17957/how-to-configure-vlan-for-web-managed-switch

    Kay

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,262  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @RyM

    First of all, you should make sure that you have created the necessary VLAN interfaces on your router. Following this, since your Port 4 is for the internet(to router), you should tag Port 4 with VLAN10. This tagging will enable devices from VLAN10 to communicate and exchange DHCP packets with the router.

    Besides, to isolate your VLAN10 from other VLANs(ex: VLAN1) , do remember to establish the security policies on your router. For example:

    • Block traffic from VLAN10 to VLAN1
    • Block traffic from VLAN1 to VLAN 10

    For more detailed guidance about the VLAN configuration concept for web-managed switches, please refer to this FAQ:

    https://community.zyxel.com/en/discussion/17957/how-to-configure-vlan-for-web-managed-switch

    Kay

Categories

Switch Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)