Managing VLANs?
Freshman Member
Hello,
I'm trying to separate 2 VLANs that shouldn't be accessible from one another.
Port 1 is the uplink, port 2 a PC on port 8 I'm planning to use a laptop that should have access to the internet, but it doesn't (it gets IP, so I'm half there).
This is what I came up with:
All Replies
-
VLAN's don't work the way you think you need a router with VLAN support to do tag VLAN and subnets.
Port based VLAN should do what you want but the switch you have is 802.1Q
Or a switch with ACL or/and Egress redirect would work too.
You can try the following which might work
Have all port 3-7 PVID 1 and ports 1-2, 8 non member for VLAN1 use port 3 to access the switch
VLAN2 port 2 tag port 1 untag other ports non member
VLAN3 port 8 tag port 1 untag other ports non member
VLAN4 port 1 tag port 2 and 8 untag other ports non membersave reboot switch
0 -
Hi @npu3pak,
Could you share the port you connect your router to? Does your router support VLAN/802.1Q?
0 -
I'm not sure if I understood it correctly, this is what I did, and it didn't work.
It's a MikroTik hAP ac^3 (RouterOS 7.16) so I guess it supports it, since while it's not that expensive, it isn't an entry level home router.
P.S. As you may already know, I'm not exactly network specialist, just slightly above average amateur 🤷♂️0 -
On VLAN 2 and 3 you need to have both untag on port 1 tags are correct
also you need to change PVID so
port 1 is PVID 4
port 2 is PVID 2
port 8 is PVID 3
But as you have a router you can make a VLAN on it with given subnet then you do
remove other VLANs 2-4
VLAN5 port 8 untag PVID 5 and port 1 tag
VLAN1 ports 1-7 untag and PVID 1
0 -
Hi @npu3pak,
I think MikroTik RouterOS supports VLAN. Therefore, please ensure the "switch uplink port/router connecting port", and configure the VLAN settings correctly.
You may reference this FAQ for configuring VLAN on the GS1200:
For example, I assume port 1 is the "switch uplink port/router connecting port," so you need to configure the VLAN 2 interface on MikroTik and configure port 1 as a VLAN-tagged member.
P.S. 169.254.x.x doesn't mean your PC gets an IP address. This is a temporary IP address since it cannot get a DHCP IP address.
0 -
10x that worked. 🙏
10x I'll test when I have time. 🙏
0 -
If Port 1 is your uplink port to your VLAN-Aware router, then you'll need to set up Port 1 correctly.
In your images, you only show 1 VLAN assigned to Port 1.
Port 1: VLAN1, Untagged and VLAN2, TAGGED. « Carries both VLANs into your switch
Port 2: VLAN1, Untagged, PVID1 « Untagged access to VLAN1 for your PC.
Port 8: VLAN2, Untagged, PVID2 « Untagged access to VLAN2 for your laptop.
0
Guru Member
Zyxel Employee
Ally Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.6K Security
- 240 USG FLEX H Series
- 268 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 386 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight
