VLAN Setup – Basic VLAN Configuration Guide

vlan

I want to create a closed network (Vlan 1010) with internetaccess but I am new to tagged and untagged ports. I have a Netgear switch.
This is my current setup:

Screenshot

TG = Firewall WAN
Office = Office network with default gateway to internet
TG LAN = Firewall LAN
SM + GM = Devices

The untagged and VLAN1010 are connected by the Firewall. Will my vlan 1010 network be able to get internet access through the firewall with this setup?

Best Answer

VLAN tagging in a nutshell:

When a port must pass traffic from only one VLAN, the port is untagged on that VLAN
When a port must pass traffic from multiple VLANs, the port can be untagged on one VLAN (the port's "native" VLAN) and must be tagged on all additional VLANs
Very few PC or other egde device NICs can do 802.1Q, so edge ports generally are untagged members of one VLAN only, and links interconnecting network devices are tagged in additional VLANs

The picture only appears to show your Netgear configuration, but not the physical topology. If your Firewall has 2 ports (LAN and Internet) it should be physically connected like this:

.----------.
| INTERNET |     .------------------.     .--------.
|  ROUTER  =-----= WAN    FW    LAN =-----= SWITCH |
|          |     '------------------'     '--------'
'----------'

So only one cable between the FW and the switch, VLANs created on the switch and LAN port of the FW. The link between switch and FW LAN port should be the one tagged, all edge ports untagged to whichever VLAN they belong to.

If you are running your firewall's Internet connection through switch port 1, have office PC connected to ports 2-4 and ports 1-4 are on the same VLAN on the switch, the firewall is not protecting your office PCs.

Best Answer

Related Solutions

Switch – Trying to pass VLAN between Force10 S25 switches

Switch – VLAN configuration

Related Topic