Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with vlan setup


  • Please log in to reply
6 replies to this topic

#1 sniper8752

sniper8752

  • Members
  • 385 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 26 September 2016 - 06:23 PM

I am trying  to create a VLAN.  I have my router, 192.168.1.0/24, 192.168.1.1 for the address of it.  My VLAN is 192.168.254.0/24, end device: 192.168.254.3.  On the other end is a device with IP of 192.168.1.13.  Neither can ping each other.  This is what happens:

ping 192.168.254.3
PING 192.168.254.3 (192.168.254.3): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
92 bytes from wireless_broadband_router.home (192.168.1.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 2bf8   0 0000  3f  01 cf4f 192.168.1.13  192.168.254.3 

I am using a Verizon FIOS router to create the VLANs on the ports.  How do I get these to see each other?  Also, the .13 device can browse to the internet, but 254.3 can not.  



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:21 PM

Posted 26 September 2016 - 07:47 PM

Both devices are not on the same subnet.

Netmask:   255.255.255.0 = 24    11111111.11111111.11111111 .00000000

So put both devices on 192.168.1.xxx subnet

 

or if you want the device as part of the VLAN put it on the 192.168.254.xxx subnet.


192.168.1.13/24  
192.168.254.3/24 

These two do not connect.


Edited by TsVk!, 26 September 2016 - 07:52 PM.


#3 sniper8752

sniper8752
  • Topic Starter

  • Members
  • 385 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 26 September 2016 - 08:48 PM

I thought a router transfers the data between the two?

 

I am trying to setup a lan (with nat) and a dmz zone.  I believe they should have different subnets.  Please correct me if I am wrong.  How do I do this then?



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:21 PM

Posted 26 September 2016 - 09:31 PM

Look for "forwarding" settings in your NAT options, to enable the DMZ.



#5 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 26 September 2016 - 10:30 PM

you already have nat with the router.  you don't need different subnets with a vlans.  you do need a managed switch to do vlans

 

so why do you think you need a vlan?



#6 sniper8752

sniper8752
  • Topic Starter

  • Members
  • 385 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 27 September 2016 - 04:24 PM

I have a managed switch.  So I will set it up like this?:

verizon fios router -> switch (with two vlans - 1 for dmz, one for lan)

Here is what I am trying to accomplish: https://upload.wikimedia.org/wikipedia/commons/thumb/6/60/DMZ_network_diagram_2_firewall.svg/640px-DMZ_network_diagram_2_firewall.svg.png

Let me know if this helps.



#7 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 28 September 2016 - 01:40 AM

Normally you put the dmz directly off the router and with a vlan switch secure the internet.

 

Technically that diagram can be accomplished but you would need two connections from the router not one.  You can't have dmz and intranet internet access on one line. 
Well technically you could if it was a trunk and the router was also a managed/vlan capable switch.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users