0
I have a Linksys E-3000 router connected to port 1 on a TP-Link TL-SG108E EasySmartSwitch (cable modem to router to switch). I have a business workstation connected to port 8 of the switch. I need all ports (2-8) to go through port 1 (internet access), but I don't want port 8 to be able to access ports 2-7. I do want ports 2-7 to be able to communicate with one another. I need my employer's IT staff to be able to remotely login to the workstation on port 8, but I don't want them to be able to access the rest of my home network.
Can I do this with my existing hardware, and if so how? If not, what additional hardware would I need to accomplish this?
I'm totally new to networking, so please explain abbreviations and acronyms.
Thanks!
Djibouti
Posted 2018-05-05T23:05:58.273
Reputation: 1
I did the exact same thing with my netgear smart switch. Using VLAN options. I created 1 vlan with ports 1,2,3,4,5,6,7 together and another with ports 1,8 together. – mt025 – 2018-05-06T08:44:10.740
Which VLAN protocol? Port based won't let me add port 1 to two VLANs. How do I accomplish that? Thanks! – Djibouti – 2018-05-06T12:19:27.857
Just port based for me (Not 802.1Q). https://i.imgur.com/jSMRWnI.png . Image shows 3 'Isolated' Ports
– mt025 – 2018-05-06T13:32:45.487Have a look at MTU VLAN. Manual: https://static.tp-link.com/Easy%20Smart%20Configuration%20Utility_User%20Guide.pdf
– mt025 – 2018-05-06T13:37:51.017I looked at MTU VLAN, but the manual says it each VLAN would have only 2 ports: the access port and the device port. Wouldn't that mean devices on ports 2-7 can't talk to each other? – Djibouti – 2018-05-06T13:43:34.633
Actually, perhaps I found it here: – Djibouti – 2018-05-06T13:45:24.430
https://www.tp-link.com/en/faq-788.html – Djibouti – 2018-05-06T13:45:31.637
Would the link I pasted above keep IT from being able to access ports 2-7 if they are in a separate VLAN? – Djibouti – 2018-05-06T13:47:00.857
I'm no expert on 802.1Q, but I belive the clients need to be configured to connect to that vlan. Maybe the simplest way, but not the best, is to create one vlan using port 1 connected to your router. and another vlan with port 2 connected to your router. I mean you shouldn't really need to do that, and you lose a port – mt025 – 2018-05-06T13:48:31.697
Will any of the above prevent IT from accessing the rest of my home network? – Djibouti – 2018-05-08T00:05:26.753
You have an 802.11q capable switch. Get a vlan capable router, or make one using pfsense on old hardware. Pfsense also sells embedded hardware versions with it pre-installed. Put your home network stuff on one vlan and keep your work computer on the other. Don't make inter-vlan rules at the router and they will be totally separate, each with access to the internet. – Tim_Stewart – 2018-05-10T13:14:46.000
I really doubt your i.t team would even attempt to Snoop around your home network. – Tim_Stewart – 2018-05-10T13:15:16.940