GS1200-5 VLAN Configuration Question

Posts: 1
edited August 2023 in Switch

I am using a GS1200-5 with the V2.00(ABKM.2)C0 firmware.

I am trying to configure the VLAN. On port 5 I have a switch with all management equipment, administration computers and internal trusted access points. Port 4 has internet. Ports 1-3 have untrusted guest access points.

This is how I thought it should be configured:

However, ports 1-3 don't seem to have an internet connection. Ports 1-3 and 5 should have internet, it is just that ports 1-3 should not see devices on port 5. How is this supposed to be configured?

Accepted Solution

  • Posts: 1,280  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @RyM

    First of all, you should make sure that you have created the necessary VLAN interfaces on your router. Following this, since your Port 4 is for the internet(to router), you should tag Port 4 with VLAN10. This tagging will enable devices from VLAN10 to communicate and exchange DHCP packets with the router.

    Besides, to isolate your VLAN10 from other VLANs(ex: VLAN1) , do remember to establish the security policies on your router. For example:

    • Block traffic from VLAN10 to VLAN1
    • Block traffic from VLAN1 to VLAN 10

    For more detailed guidance about the VLAN configuration concept for web-managed switches, please refer to this FAQ:

    Kay

All Replies

  • Posts: 1,280  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @RyM

    First of all, you should make sure that you have created the necessary VLAN interfaces on your router. Following this, since your Port 4 is for the internet(to router), you should tag Port 4 with VLAN10. This tagging will enable devices from VLAN10 to communicate and exchange DHCP packets with the router.

    Besides, to isolate your VLAN10 from other VLANs(ex: VLAN1) , do remember to establish the security policies on your router. For example:

    • Block traffic from VLAN10 to VLAN1
    • Block traffic from VLAN1 to VLAN 10

    For more detailed guidance about the VLAN configuration concept for web-managed switches, please refer to this FAQ:

    Kay

Welcome!

It looks like you're new here. If you want to get involved, click on this button!

Welcome!

It looks like you're new here. If you want to get involved, click on this button!