Is it possible to restrict one port to Internet Only?
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Is it possible to restrict one port to Internet Only?
Posts: 8
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-09-06
2017-09-06 05:17:09
Posts: 8
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-09-06
Is it possible to restrict one port to Internet Only?
2017-09-06 05:17:09
Tags:
Model :
Hardware Version :
Firmware Version :
ISP :
I have a total of eight SG108e switches (VERSION 1). The first switch is connected to the router on port one.
Then the next four ports are connected to other SG108e switches in other rooms. Some of those
switches then connect to the remaining SG-108e switches (cascaded).
In one of the room I have an Android Media Player I would like to restrict to internet only so it cannot communicate
with any other devices on the network. Is this possible with the SG108e? I have read that all ports point to port 1 and
that a VLAN to isolate a single port to internet only may not be possible with the SG108e.
Can I use the SG108e to isolate one port to internet only? If so please explain how to do it? Thanks.
Hardware Version :
Firmware Version :
ISP :
I have a total of eight SG108e switches (VERSION 1). The first switch is connected to the router on port one.
Then the next four ports are connected to other SG108e switches in other rooms. Some of those
switches then connect to the remaining SG-108e switches (cascaded).
In one of the room I have an Android Media Player I would like to restrict to internet only so it cannot communicate
with any other devices on the network. Is this possible with the SG108e? I have read that all ports point to port 1 and
that a VLAN to isolate a single port to internet only may not be possible with the SG108e.
Can I use the SG108e to isolate one port to internet only? If so please explain how to do it? Thanks.
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
Announcement Manage
4 Reply
Posts: 747
Helpful: 115
Solutions: 18
Stories: 0
Registered: 2018-07-19
A test to use 802.1Q VLAN to isolate a single port
2017-09-11 19:39:04
Hi buddy
I used 802.1Q VLAN to isolate a single port and did it successfully. Maybe you can refer to it. I use the topology as follows,
PC1--->(port4)105Ev2 (port3)--->(port2)108PEv1 (port1)--->Router
105Ev2 and 108PEv1 are similar to 108Ev1, they have the same settings. So I think that the results should be similar too. And I use the settings as follows,
The setting of 108PE,
The setting of 105E,
Other ports remain the default.
The result is that PC1 can access the internet. And I use PC2 to connect to 108PE or 105E, PC2 can access the internet as well but cannot ping PC1 successfully. So the port4 is isolated.
I used 802.1Q VLAN to isolate a single port and did it successfully. Maybe you can refer to it. I use the topology as follows,
PC1--->(port4)105Ev2 (port3)--->(port2)108PEv1 (port1)--->Router
105Ev2 and 108PEv1 are similar to 108Ev1, they have the same settings. So I think that the results should be similar too. And I use the settings as follows,
The setting of 108PE,
VLAN ID | tagged port | untagged port |
2 | port2 | port1 |
PORT | PVID |
port1 | 1 |
port2 | 1 |
The setting of 105E,
VLAN ID | tagged port | untagged port |
2 | port3 | port4 |
PORT | PVID |
port3 | 1 |
port4 | 2 |
Other ports remain the default.
The result is that PC1 can access the internet. And I use PC2 to connect to 108PE or 105E, PC2 can access the internet as well but cannot ping PC1 successfully. So the port4 is isolated.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#2
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 8
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-09-06
Re:Is it possible to restrict one port to Internet Only?
2017-09-12 10:35:57
Thanks for the info...I'll give it a go...
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#3
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 8
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-09-06
Re:Is it possible to restrict one port to Internet Only?
2017-09-12 14:27:26
soroka,
YOU ROCK!!!
Using your example I was able to successfully Isolate the Media Box (Along with a Thermostat)...
On my first SG108e which is connected to the router I configured my port 4 as a Tagged Port on VLAN ID 2
like you did with your port2. Made sure both Port 1 and Port 4 were in PVID 1.
Then on my second SG108e I configured port 1 as Tagged and port 5 which goes to a secondary router handing out 10.0.0.x IP range
to a theromstat (wireless) and the Android box (wired). Ports 1 and 5 are in VLAN ID2, Ports 1-8 Untagged in VLAN ID1.
So this isolated the second router which is handing out 10.0.0.x to the thermostat and the android box. I confirmed it was isolated
as I could no longer remotely access the secondary router through remote login to it's static IP 192.168.1.8:8080. I also could not
ping it through the 192.168.1.x network. However I could see the secondary router's static 192.168.1.8 IP on the first routers MAP (linksys).
I logged into the secondary router from a Linux Laptop directly via wifi at 10.0.0.1 as I could no longer login remotely (from the other subnet) because of the isolation.
I checked connected devices on the secondary router and confirmed only three connected devices (the laptop I was using, the thermostat and the Android box (10.0.0.2, 10.0.0.3.10.0.0.4).
The gateway of the secondary router 10.0.0.1 was the only thing I saw when I did an arp -a .... So the only thing the Android box can talk to is the thermostat since the linux laptop I used
to check is not normally logged into the secondary router and only necessary to administer the secondary router (since remote access from the other subnet will no longer work)...
KUDOS and THANKS big time for giving me the info I needed. So now the Android box could only access the thermostat on the secondary router as those are the only things connected
on that router. Hope I made myself understood...Your diagram made it very simple and straight forward for me.
EDIT: Actually it can't even ping the Thermostat which is the GATEWAY listed in the two connected devices on the secondary router. I used a terminal emulator on the Android Box after checking the two connected devices in the Router (Via the browser on the Android Box)...10.0.0.2 is the Thermostat (GATEWAY) and I can't ping it from the Android box. I can't even ping 10.0.0.1 (10.0.0.3 is the Android box)...Yet everything works. Perfect!
YOU ROCK!!!
Using your example I was able to successfully Isolate the Media Box (Along with a Thermostat)...
On my first SG108e which is connected to the router I configured my port 4 as a Tagged Port on VLAN ID 2
like you did with your port2. Made sure both Port 1 and Port 4 were in PVID 1.
Then on my second SG108e I configured port 1 as Tagged and port 5 which goes to a secondary router handing out 10.0.0.x IP range
to a theromstat (wireless) and the Android box (wired). Ports 1 and 5 are in VLAN ID2, Ports 1-8 Untagged in VLAN ID1.
So this isolated the second router which is handing out 10.0.0.x to the thermostat and the android box. I confirmed it was isolated
as I could no longer remotely access the secondary router through remote login to it's static IP 192.168.1.8:8080. I also could not
ping it through the 192.168.1.x network. However I could see the secondary router's static 192.168.1.8 IP on the first routers MAP (linksys).
I logged into the secondary router from a Linux Laptop directly via wifi at 10.0.0.1 as I could no longer login remotely (from the other subnet) because of the isolation.
I checked connected devices on the secondary router and confirmed only three connected devices (the laptop I was using, the thermostat and the Android box (10.0.0.2, 10.0.0.3.10.0.0.4).
The gateway of the secondary router 10.0.0.1 was the only thing I saw when I did an arp -a .... So the only thing the Android box can talk to is the thermostat since the linux laptop I used
to check is not normally logged into the secondary router and only necessary to administer the secondary router (since remote access from the other subnet will no longer work)...
KUDOS and THANKS big time for giving me the info I needed. So now the Android box could only access the thermostat on the secondary router as those are the only things connected
on that router. Hope I made myself understood...Your diagram made it very simple and straight forward for me.
EDIT: Actually it can't even ping the Thermostat which is the GATEWAY listed in the two connected devices on the secondary router. I used a terminal emulator on the Android Box after checking the two connected devices in the Router (Via the browser on the Android Box)...10.0.0.2 is the Thermostat (GATEWAY) and I can't ping it from the Android box. I can't even ping 10.0.0.1 (10.0.0.3 is the Android box)...Yet everything works. Perfect!
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#4
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 747
Helpful: 115
Solutions: 18
Stories: 0
Registered: 2018-07-19
Re:Is it possible to restrict one port to Internet Only?
2017-09-13 13:33:13
:):)
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#5
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 8
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-09-06
2017-09-06 05:17:09
Posts: 8
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-09-06
Information
Helpful: 0
Views: 1875
Replies: 4
Voters 0
No one has voted for it yet.
Tags
Related Articles
Port Mirroring: Many-to-one
1545
0
Report Inappropriate Content
Transfer Module
New message