D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: lingnau on October 10, 2011, 07:46:26 AM
-
Hello.
I'm an old user of a DFL-800 but I've never worked with VLANs.
I'm planning to to the following:
My DMZ interface is connected to a DES-3526 manageable switch.
The DMZ interface is connected to the port 11.
I want port 11, 14 and 13 to form a VLAN. (VLAN 10).
All other ports should continue communicating normally.
What I've done:
Created a VLAN on the DFL-800 with a new IP/Range.
Tried creating a VLAN on the switch.
What I've acomplished:
Port 13 and 14 are "talking" to eachother, port 11 continues to work on it's normal IP but does not seem to respond in the VLAN.
I'll add a few images to make understanding a bit easier.
VLAN Config on DFL:
(https://lh5.googleusercontent.com/-4mccDNF_WxU/TpMD8lnrLRI/AAAAAAAAALs/hAN0ueGZ_wE/s516/2011-10-10_113720.png)
Enabled rules:
(https://lh4.googleusercontent.com/-f4g1XD975Kg/TpMD8uNWfVI/AAAAAAAAALw/2KHWR--LPxI/s912/2011-10-10_113742.png)
Routing table:
(https://lh5.googleusercontent.com/-6VsaWaJMA4w/TpMD8oLXB3I/AAAAAAAAAL0/Qw1pflf2-CE/s857/2011-10-10_113800.png)
VLAN1 (Default) on switch:
(https://lh6.googleusercontent.com/-XUNHu_qYgys/TpMD9MPG0AI/AAAAAAAAAL4/gWIlzn9l6m4/s710/2011-10-10_113850.png)
VLAN10 on switch:
(https://lh6.googleusercontent.com/-7EfR46wm-7o/TpMD9Z1Rs6I/AAAAAAAAAL8/5gyFiPSyixY/s709/2011-10-10_113907.png)
Any ideas?
-
You need to tag only port 11 (connected to DFL) under VLAN 10
All other ports, change membership, but dont need to change tagging (should be off)
-
I've setup an test enviroment (DFL-210 + 2x DES-3526) and VLAN is working as expected. Thanks for the reply danilovav, I will try it out again in the production environment and will feedback if it works.