Switch XMG1915 isolate port
I have a Zyxel XMG1915 8-port managed switch. I need to isolate one of the ports so that it cannot access the intranet but can still access the internet. How can I achieve this?
The switch is connected to a GT-AX11000 Pro router, which has two guest networks. One of these networks, VLAN51, does not allow intranet access.
All Replies
-
The switch you have has no ACL
What are you trying to do? not have this device access the LAN?
0 -
Yes! I would like to prevent the device, or specific port, from accessing any device on the LAN while still allowing internet access for this device. So far, I have managed to block the device from accessing the LAN, but it loses internet connectivity. Here are screenshots of the configuration:
0 -
If your GT-AX11000 Pro router is doing the isolation for VLAN51 for this given device then
set uplink port to router on the switch for VLAN51 to fixed tag set port to device fixed and untag set PVID port the device is on to 51
on VLAN1 set the port the device is on to forbidden
0 -
Thank you, Peter! I appreciate your help. However, I'm not familiar with the router configuration. Could you please specify where I can make these changes? I attempted to follow your instructions, but I ended up with a configuration nearly identical to the one in the screenshots, with the only difference being that port 3 on VLAN 1 is now set to "forbidden."
0 -
What port links the switch to your router?
What port links the device you want to go on VLAN 51 on the switch?
Your router is Asus looks to be setup correctly
0 -
What port links the switch to your router?
Port 2
What port links the device you want to go on VLAN 51 on the switch?
Port 3
0 -
So on the switch
VLAN51 port 2 fixed and tag
VLAN51 port 3 fixed and not tag with PVID for port 3 set to 51
You can also for VLAN 51 set ports 1, 4-10 as forbidden
Your device on port 3 likely has no tag will go to port 3 VLAN51 tag out port 2 to your router
0 -
I applied the configuration you specified. The device is not on the LAN, but it still does not have internet access. Here are the screenshots. Please let me know if I missed anything:
0 -
That should work but I'm not sure about the router GT-AX11000 doing VLAN as tag
Does the device use a tag? if its a PC likely untag unless you set a tag
You can test that the router accepts untag by PVID 51 on both ports 2 and 3 with port 2 untag but that not what you want.
0 -
Do I have to relay on router's VLAN? can the switch create a new isolated subnet or VLAN but allow the port to reach to the internet?
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight