03-02-2010 07:41 AM
I have a new SRW208G switch and what I want to do seems very simple but so far I am unable to figure out how to do it.
Simply stated, I want to create an isolated "guest" port so that a device connected to this port can communicate only with the DSL router and not with any other devices on the LAN.
It seems that PVE should be a simple way to do this but so far everything I've tried results in no communication on e8.
Can someone please provide detailed steps for this seemingly simple configuration?
Thank you.
Solved! Go to Solution.
03-02-2010 08:01 AM
Hello,
Ports 7-8 are shared with G1 and G2. It is an either or ...
Two vlans are fine, can the DSL modem route to both? You need reachability if using multiple vlans ... vlans can segregate traffic just fine. On the modem you can make sure you do not route between vlans.
If using PVE, this would work too and you would keep all the ports on the same vlan.
Make sure the PVE is pointing to the uplink just fine. You might chose to run a sniffer as part of your testing to make sure there are no loops with the dsl modem and or your configs are tight.
Plug the modem into any port, no worries.
Do please let me know how you make out. HTH,
Andrew Lissitz
03-03-2010 12:43 PM
Good work!!!
I think you pretty much got it.
Using vlans and private vlan edge (PVE) features, you have segregated your network and kept things separated... cool stuff and good work!
HTH,
Andrew Lissitz
03-03-2010 04:28 PM
You are right, it varies on each model whether or not the ports are shared. i have a SRW2008MP and these are shared.
On your model, it appears you have two dedicated uplinks ... the fiber port is a shared one with the copper one. Sorry for being confusing in my posting.
Have a great night,
Andrew
03-02-2010 08:01 AM
Hello,
Ports 7-8 are shared with G1 and G2. It is an either or ...
Two vlans are fine, can the DSL modem route to both? You need reachability if using multiple vlans ... vlans can segregate traffic just fine. On the modem you can make sure you do not route between vlans.
If using PVE, this would work too and you would keep all the ports on the same vlan.
Make sure the PVE is pointing to the uplink just fine. You might chose to run a sniffer as part of your testing to make sure there are no loops with the dsl modem and or your configs are tight.
Plug the modem into any port, no worries.
Do please let me know how you make out. HTH,
Andrew Lissitz
03-02-2010 08:09 AM
Andrew,
Thank you very much for the quick reply. I will post as soon as I have some results.
03-02-2010 08:16 AM
Sounds good!
03-03-2010 11:59 AM
No joy so far. I've attached screen shots of my current configuration:
DSL Router connected to g1.
Rest of my network (except for one test "guest" computer) connected to e1.
VLAN 1: e1, e7, e8, g1, g2 (g1 is general port, all others are access)
VLAN 2: e2, e3, e4, e5, e6 (all PVE to g1)
Results
The rest of my network (on e1) has normal connectivity to Internet via DSL Router.
Test computer connected to e6 cannot connect to anything.
DSL Router (192.168.1.1) also provides DHCP server, range 192.168.1.15-47, mask 255.255.255.0
Test computer has static IP 192.168.1.9, mask 255.255.255.0
Test computer can ping 127.0.0.1 but not itself (192.168.1.9) or DSL Router (192.168.1.1)
03-03-2010 12:30 PM
OK, I think I have it now.
On VLAN Management / Port Setting screen, set g1's PVID to 2 (was 1) and moved the rest of my network from e1 (VLAN 1) to e2 (VLAN 2).
Now the rest of my network (on e2, PVE to g1) has connectivity within itself and to the Internet via DSL Router.
Test computer (on e6, PVE to g1) has connectivity to Internet via DSL Router.
Test computer cannot ping the rest of my network or the SRW208G switch (so no access to switch management).
The rest of my network cannot ping the test computer, or the SRW208G switch.
To use web view to manage the switch, I need to connect to Port e1. I can live with that.
This is pretty much what I originally wanted.
If you see a better way, I'd be delighted to hear.
03-03-2010 12:43 PM
Good work!!!
I think you pretty much got it.
Using vlans and private vlan edge (PVE) features, you have segregated your network and kept things separated... cool stuff and good work!
HTH,
Andrew Lissitz
03-03-2010 01:00 PM
03-03-2010 01:02 PM
By the way, where in the SRW208G User Guide (or elsewhere) is it documented that e7 is shared with g1 and e8 is shared with g2? I looked through the entire guide without finding that information.
03-03-2010 04:28 PM
You are right, it varies on each model whether or not the ports are shared. i have a SRW2008MP and these are shared.
On your model, it appears you have two dedicated uplinks ... the fiber port is a shared one with the copper one. Sorry for being confusing in my posting.
Have a great night,
Andrew
03-03-2010 04:50 PM
Thank you for the clarification.
03-03-2010 04:53 PM
You are welcome, thanks also for asking for clarification.
By the way for posting your configs. I hope this will be a help for others ;-)
Andrew Lissitz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide