Community discussions

MUM Europe 2020
 
bdekbidemi
just joined
Topic Author
Posts: 5
Joined: Wed Apr 04, 2007 7:10 pm

vlan on local network with nat

Wed Apr 04, 2007 7:21 pm

can someone tell me how to create a vlan to host network for 10 computers each will not be able to communicate together but will be able to connect to internet via a public internat that is nated :?:
 
savage
Forum Guru
Forum Guru
Posts: 1220
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Wed Apr 04, 2007 7:27 pm

You get a VLAN capable switch, configure the switch so that each port on the switch is in their own VLAN, and then one port of the switch connects to the Mikrotik as a VLAN Trunk. Then configure the VLAN's on the Mikrotik...
Regards,
Chris
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Wed Apr 04, 2007 7:50 pm

The VLAN solution that savage outlined will work just fine, although nowadays there are more elegant solutions available. You might want to get a switch that does support the private VLAN feature. Private VLANs are VLANs that block direct communication between all connected devices but allow all of them to communicate through a designated uplink port that can be assigned to the private VLAN. This saves you from having to define a whole bunch of VLANs (one per port/device) and allows you to still keep all devices together in one IP network (with the gateway being reachable via the uplink port, of course).

--Tom
 
bdekbidemi
just joined
Topic Author
Posts: 5
Joined: Wed Apr 04, 2007 7:10 pm

Wed Apr 04, 2007 10:25 pm

Thanks for the reply guys
 
savage
Forum Guru
Forum Guru
Posts: 1220
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Thu Apr 05, 2007 7:21 am

The VLAN solution that savage outlined will work just fine, although nowadays there are more elegant solutions available. You might want to get a switch that does support the private VLAN feature. Private VLANs are VLANs that block direct communication between all connected devices but allow all of them to communicate through a designated uplink port that can be assigned to the private VLAN. This saves you from having to define a whole bunch of VLANs (one per port/device) and allows you to still keep all devices together in one IP network (with the gateway being reachable via the uplink port, of course).

--Tom
Hmm, Private VLANs? The above sounds allot like Port Isolation to me... That's something different...
Regards,
Chris
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Thu Apr 05, 2007 8:21 am

Well, I think there's no official name for that feature. Vendors call it whatever they want, I guess.

For example, Allied-Telesyn calls it Protected Ports VLAN in the following document (chapter 27)

http://www.alliedtelesyn.com/media/data ... b_v140.pdf

I've seen other names for the same thing from Foundry, Extreme, Cisco ... but it all comes down to the functionality that I described.


--Tom

Who is online

Users browsing this forum: MSN [Bot] and 82 guests