Inter Vlan access

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Inter Vlan access

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Inter Vlan access
Inter Vlan access
2022-11-17 01:54:20
Model: TL-SG3428X  
Hardware Version: V1
Firmware Version: 1.0.2

I'm looking for my AHA moment as I just don't seem to understand the terminology in the settings of this switch.

 

I have a router on Vlan 1 which is 10.10.0.1/24 with a static address of 10.10.0.91

I also have this switch on Vlan 1 at 10.10.0.90

 

I have my general network on Vlan 10 which is at 10.10.10.1/24

I have a IOT network on Vlan 20 which is at 10.10.20.1/24

I have an additional network on Vlan 30 which is at 10.10.30.1/24

 

I have a static route with destination of 0.0.0.0/0 with next hop of 10.10.0.91  Interface Name VLAN1

 

This should give access from Vlan10, 20 and 30 the the router for internet access, Right?

This should NOT allow ANY other access from one Vlan to another, Right?

 

BUT!  From Vlan 10, I can ping ANY device on ANY Vlan, with the exception of the switch at 10.10.0.90.  WHY?

 

I added

  0      
  0      
#1
Options
2 Reply
Re:Inter Vlan access
2022-11-17 13:13:56

  @Bart.H 

 

Do you use the Omada gateway?
If different VLAN interfaces are set up, they can access each other without setting up static routes.

You can delete the static route settings to test again.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Inter Vlan access
2022-11-17 13:38:44

  @Bart.H 

 

This should give access from Vlan10, 20 and 30 the the router for internet access, Right?

Yes and no. There is more to it. The link between the switch and the router as well as the router and clients need to be properly configured as well.

 

This should NOT allow ANY other access from one Vlan to another, Right?

No. If inter-VLAN routing is enabled, the traffic among VLANs is not restricted by default. To restrict it, you need to create proper ACL rules.

Kris K
  0  
  0  
#3
Options