Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Basics

VLAN

VLANs or Virtual LANs are another way of implementing network security by controlling broadcast traffic. Since network broadcasts are used by ARP to match up MAC and IP addresses, if you control broadcast traffic, you control the ability of devices to communicate.

Most smart switches allow you to set up VLANs either based on physical ports or using the 802.1Q protocol. Using 802.1Q adds VLAN information to packets so that VLANs can be created across multiple switches and even subnets. For single-switch LANs, you can use port-based VLANs, as shown in Figure 4. Note that VLANs don't create multiple subnets, so all devices will still be on whatever subnet that your router's DHCP server assigns.

Settting up port-based VLANs

Figure 4: Settting up port-based VLANs

Using port-based VLANs, it's simple to set up a "Guest" VLAN that allows Internet access, but no access to other LAN clients. Unfortunately, the GS108T's GUI shows VLAN membership for only one VLAN ID at a time. So Figure 5 is actually a composite that I created from two screenshots.

Guest VLAN port assignment

Figure 5: Guest VLAN port assignment

The "Guest" port 4 and the switch uplink port 8 (which connects out to my LAN's router) are assigned to VLAN 2 and port 4 is also removed from VLAN 1. Since the uplink port is a member of both VLANs, the computer connected to port 4 can connect out to the Internet, but can't connect to any devices connected to the other GS108T switch ports.

That's it for this time. The next and last installment will show you how to use a smart switch to control client bandwidth use.

More Basics

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

By the looks of it, the BCM43684 is WiFi 6 Certified!https://www.anandtech.com/show/14875/wifi-6-is-officially-here-certification-program-begins
Hello everyone,I'm looking to replace an older Linksys E1200v2 router with Freshtomato installed on it with a better router that provides higher throu...
"Today, we show that security controls put in place by device manufacturers are insufficient against attacks carried out by remote adversaries."‚Äč Loo...
Hi to all,I have an RT-AX88U router running the latest Merlin Firmware (384.13) with DDNS configured to my host (host..com) which has been in use for ...
Hi,I set it up using the PC as I was not able to connect using the Unifi Network App.As I tried using the App later on it say it was already paired to...

Don't Miss These

  • 1
  • 2
  • 3