I finally got it working! Thanks for all your help.
I'm not sure, but I think the Nokia IP110 does not work with VLANs. I
built another machine and finally got it working. I had to put a rule
in for that interface to pass traffic. However I would have though i
could ping the internal vlan interface without a rule.
Right now, the VLANs can all communicate between each other. I'm
assuming they are routing through the m0n0wall. How can I prevent
this, while only letting each of them get out to the internet? What
rule can I put in place and where?
Also, I cannot administer the switch from any of the VLAN ports
anymore. I had to leave one port open (port 23) and still on VLAN 1,
so if I need to, I can plug my laptop into the switch and still
administer it. I guess this is because on all the VLAN ports, the
traffic goes out the trunk of the switch before anything, and then the
m0n0wall can't route the packets back to the switch for some reason.
Did I do something wrong, or is this how it should be?
Thanks again for all your help!
Founder & Owner, BIGnet Online
On 9/29/07, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 9/28/07, Jewell, Michael <mjewell at law dot umaryland dot edu> wrote:
> > Normally you remove vlan1 from the ports when you use other vlans. If
> > your intention is to use vlan 201 and 202, then remove vlan1 from the
> > ports 1-12. Each client machine can only be connected to 1 vlan
> > (untagged port), otherwise the switch wouldn't know to tag packets as 1
> > or 201.
> You can typically put more than one untagged VLAN on a switch port,
> but like Micheal said you don't want to.
> The configuration process for cheap switches is usually two fold, only
> put the VLAN you want to use on the port, untagged, and set the PVID
> or native VLAN depending on the terminology of the switch, to whatever
> VLAN you're using.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch