Network Segmentation

Follow

Comments

2 comments

  • Avatar
    Arlo Miller

    I've been trying to setup a VLAN on my Netgear 48 port managed switch, but Netgear's terminology just perplexes me. 

    So, I have a WAP that I have setup with 3 SSIDs.  Right now, all set to VLAN 0, which I think means untagged.  I'd like to set one of the SSID's to tag VLAN 20 and then have the Firewalla make a subnet for that VLAN.  Those two steps I've been able to do.  What i've NOT been able to do is get the Netgear switch to pass the VLAN tags along. 

    With my WAP attached to Port 44 on the Netgear Switch, how do I setup the switch? 

    I don't believe I want to set the PVID on 44 because I don't want the untagged traffic (from the other SSIDS) to get tagged.  Correct?  OR am I required to set a PVID on that port, in which case I probably need to set the other two SSIDs to have a VLAN tag and then create a another VLAN network on the Firewalla for them?

    And then what do I do for VLAN membership?  Set 44 to be tagged and all the other ports untagged?

    Or am I just getting it all completely wrong?

    0
    Comment actions Permalink
  • Avatar
    Ericrupp

    I'd like to be able to segment logical groups of devices from one another. Example: Group A is blocked from inbound/outbound/both communications from/to Group B. I can't use VLANs in this use case because there are a variety of wireless and LAN devices across the network in different groups. Example: I'd like the Entertainment Group to only be able to communicate with the (Media) Server Group and the Internet, but be blocked from communicating with the IoT and Workstations Groups.

    You've almost got what is necessary - you'd just need to add "Groups" to the Target list in Rules.

    0
    Comment actions Permalink

Please sign in to leave a comment.