Assume the following network layout
+--------+
----------------------------------------| Switch |-----------------
| ------------------------+--------+--- |
| | ----------| | |
| | | | |
PC A PC B PC C Other PC X Other PC Y
192.168.1.50 192.168.1.51 192.168.1.52 any any
Network 1 Network 1 Network 1 Network 2 Network 3
The IP Addresses of PC A, B, C are static, fixed and cannot be changed.
The IP Addresses of Other PC X, Y are configurable and can be DHCP or static, and can be any IP Address.
All three networks should be isolated, except that Network 2 and Network 3 should be able to access certain services on PC A.
I thought about a switch with VLANs, to isolate the three networks. Now my question is, how can I configure that for Network 2 and Network 3 a given IP will be "mapped" to 192.168.1.50?
For example, let's say Network 2 has some PCs in the IP Range 10.50.1.1 to 10.50.1.30, and want to define that 10.50.1.25 will be the IP that will be mapped to 192.168.1.50 in order to access the service of PC A within Network 2. I have a Netgear GS105E, so I can configure the VLANs, but I see no possibility to realize this mapping.
My next guess would be to assign the port of the switch where 192.168.1.50 is attached to, to all three VLANs, so in general 192.168.1.50 would be able to receive packets from Network 2 and Network 3, and PC A itself would do the "mapping". But I have no clue, so I am asking what is the standard way of doing this, because I think this is a standard use case for a switch with VLANs.
Best Answer
When you create a VLAN, you split your switch into separate logical devices, each serving its dedicated network segment. They behave exactly like separate, unconnected physical devices; no traffic can be forwarded from one VLAN to another - that's the entire purpose of VLANs. Each network segment must be its own separate subnet, i.e. devices connected to that segment must have IP addresses on the same address range. Traffic between the VLANs must be routed.
The switch port connecting to the router must be a member in all VLANs (trunk port) so that it can carry traffic from all VLANs to the router. The router port has to have IP interfaces in all ranges, for example 192.168.1.1/24, 10.50.1.1 and "any". That IP would be the PC default gateway for the subnet (192.168.1.1 for 192.168.1.0/24, 10.50.1.1 for 10.50.1.0/24...).
If PC X wants to reach 192.168.1.50, it will send the traffic to its default gateway, the router, which will forward the traffic to 192.168.1.50 in Net 1; and so on.
Now there's a problem with your current hardware. You have a simple 5-port switch and all ports are in use. So you have to either sacrifice one of the ports to use for router connection, or replace the switch.
With a network this simple an alternative approach is to do away with the router altogether and forward the traffic between VLANs directly on the switch itself. That requires a L3-capable routing switch. None of the devices in Netlink's Gigabit Ethernet Plus -line has L3 capability.