FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12052 questions

14348 answers

22604 comments

36109 members

0 votes
180 views 3 comments
by
I am attempting to configure a vlan ID 2 on a RUT240, following the documentation located here: https://wiki.teltonika-networks.com/view/RUT240_VLAN

That step seems fine, but it seems like there is other work to be done; perhaps under Interfaces, and Firewall???...

There is a configuration example for the old firmware: https://wiki.teltonika-networks.com/view/VLAN_tag_based_configuration_examples

It doesn't seem to give the clues I need.

Thanks!

2 Answers

0 votes
by

Hello,

Thank you for your question. 

You can find a full tutorial on how to set up VLAN with the Interface in this article: https://wiki.teltonika-networks.com/view/VLAN_Set_Up

Let me know if you need further help.

Kind regards,

Edvinas

by

Perhaps I'm unclear. I'm trying to setup a secondary vlan with ID 2 and have the RUT240 route and do dhcp on its single eth0 port. The documentation you linked to details a "port based" vlan configuration which under the firmware listed in original post RUT2_R_00.07.01.4 isn't a menu option. The only option listed is "interface based" vlan.

I assume I add a network interface, and the disconnect in my understanding lands in the physical settings.

+1 vote
by

Hello,

Based on your query you need to create an interface based VLAN, and it seems to be correct but the type of VLAN is 802.1Q, and in the Interface created you should be adding the VLAN interface in the physical interface.

Please find the attached document for your persual.

https://community.teltonika-networks.com/?qa=blob&qa_blobid=5810295791416291854

Regards,

Clive Pinto

by
Clive,

Thank you so much for the information! Much appreciated.

Additional information:

Upon following the configuration example above with my RUT240 LAN IP: 10.1.2.1 and VLAN 2 IP: 10.1.3.1, I was able to ping from the VLAN2 subnet to the LAN subnet. Which is not the desired effect of VLAN isolation.

I discovered I need to create a new firewall zone to correspond ONLY to the VLAN, and then under the "network interface" section edit the details, change the Firewall zone to that new zone. My VLAN ID2 name is POS, I created a network interface called POS, and a firewall zone named POS. The Network Interface POS, has its physical settings to POS VLAN, and its firewall zone assigned as POS. Under the firewall zone rules I allowed POS to forward to WAN.

Now, I can ping google.com from VLAN 2 but not clients on the the other subnet (10.1.2.0/24)

One thing; however, is the Teltonika RUT240 responds to ping from its primary LAN IP 10.1.2.1 from the VLAN2 subnet.
by
Hello,

Thank you for contacting us.

Could you elaborate on your issue a little bit further? As far as I understood you need that from VLAN2 you would not be able to reach LAN? If you are trying to set up a specific solution, you can share your topology or describe everything you want to do and already have done.

Also, send me a Troubleshoot file from your device, it can be found under Services > Administration > Troubleshoot.

Best regards,

Edvinas