Using a VLAN to isolate a device from network broadcasts

networking switch vlan
6,859

Solution 1

Devices in the same VLAN reach each other without needing a router. For instance, if your Internet connection goes down at home, you'll still be able to exchange files between two PCs. The Internet connection you have is part of an external network. Without a router, you won't be able to exchange information between two distinct network.

What you need is a router. If you use a cheap domestic one (I assume it doesn't support 802.1q), you would probably be configuring your switch with 2 ports for the router: one in the VLAN 1 and another in VLAN 2. You would then connect a cable from the port in VLAN 1 to a port on a LAN port of the router, and another cable from the port in VLAN 2 to the WAN port of the router.

After that, you would need to properly setup IP addresses on the router. You would need to configure two IP addresses in different subnets for the LAN and the WAN interfaces. For instance, you could use LAN: 192.168.1.1 with a mask of 255.255.255.0 and WAN: 192.168.2.1 with a mask of 255.255.255.0. Then, you would disable the NAT and any kind of firewall. When you configure the IP addresses of your end-devices, you would use IPs in the same range as the VLAN they're in. If you follow what I wrote above, you could use 192.168.1.10 for a VLAN 1 end-device, and 192.168.2.10 for a VLAN 2 end-device.

You would also set an appropriate gateway, for each device. Devices in VLAN 1 would have 192.168.1.1 as a gateway, and devices in VLAN 2 would have 192.168.2.1. Setting the gateway will instruct the devices to send their packets to the router when they want to reach a network they don't already know of (present in their routing table).

Network Topology

Solution 2

You need a router, not a switch.

VLANs let you have two separate networks on the same switch. The two networks won't automatically communicate with each other (broadcasts or otherwise). Just like you need a router to connect separate physical networks, you need one to join VLANs. A router would allow direct connections while blocking broadcasts.

Share:
6,859

Related videos on Youtube

MandM
Author by

MandM

Updated on September 18, 2022

Comments

  • MandM
    MandM almost 2 years

    I have a device that needs to be isolated from broadcast traffic (excess broadcast traffic is causing the device to crash), but the web console on the device still needs to be accessible via a browser. I've purchased a managed switch, created a separate VLAN (let's call it Device VLAN), and associated the port that is physically connected to the device with the Device VLAN. I figured I had taken care of the issue, but I was wrong.

    Before associating that port with the Device VLAN, I was able to access the web console on the device, yet after the association I am unable to do the same. I thought maybe I would need to do some port forwarding, but am not finding this as an option for the physical port under the VLAN menus.

    I thought this was one advantage of a VLAN - separate from the rest of the network (general-traffic-wise) but still have the ability to access the device directly. Am I wrong? Can someone guide me in the correct direction? The switch purchased is a Netgear GS108T.

    A few more details:

  • MandM
    MandM almost 11 years
    Can you explain the process with the router with a little more detail? I do have a Linksys WRT120N laying around. Do I keep the switch as a part of the setup? Or ditch the switch and only use the router? If I'm only using the router, what settings need to be made/changed in order to allow the direct connections while ignoring the broadcast traffic?
  • MandM
    MandM almost 11 years
    Also, to the port forwarding part of my question - say the device has address a.b.c.10, and the switch has an address of a.b.c.20, after associating the device with a separate VLAN, could I not forward port 80 of the device, say port 8080, through the switch and access the web server by hitting a.b.c.20:8080? Again, I haven't found that as an option, but I thought that it was doable..

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

VLAN Configuration for Home Network
How to configure VLANs for IPTV and Internet?
TP-Link TL-SG108E - VLANs to separate one device from all others
Router cannot ping an IP-Camera attached to a switch
Trunk port needs to be tagged or untagged?
Are both IP address and default gateway needed on a switch to enable communication between different vlans?
How to set up 2 separate VLANs on one switch (HP v1910-48G switch)
VLANs Across 2 Switches with a Single Trunk
How to Configure Different Gateways for Different VLANs
VLANs through a trunk between Dell Powerconnect 6248 and 2848?