NETGEAR - VLANS - on Firewalls and Routers (ProSafe / ProSecure)

The Views Expressed Below Do not in any way reflect Internal Doctorine or Official Statements of Netgear Inc. These are just my notes - Use at your own Risk.

The following are just conclusions of some tests that I have done.

ProSafe / Prosecure Firewall VLANS

 It’s a layer 3 device

 It’s safe to assume the following:

Any intervlan routing happens at the CPU

Layer 2 activities happen at the ASIC (does not hit the CPU)



 The best way to describe the actions of the terms is with an analogy to something familiar (the Layer 2 and Layer 3 switch). So pretend the Router to be a Layer 3 Switch when trying to think of how the vlans work.


On a port you can set exactly 1 Default VLAN

Default VLAN: Its the equivalent of setting UNTAG and PVID setting on a Layer 2 Switch for that vlan


For each vlan you can set on what LAN ports it participates which is called Membership

Membership: Its the equivalent of setting a TAG for that vlan on a Layer 2 Switch for that vlan


Remember UNTAGS override TAGS:

If there results a port which has UNTAG set to vlan X and membership also set to vlan X, which would seemingly result in PVID X and TAG X and UNTAG X, the actual result is PVID X and UNTAG X

Example: Port 2 Default vlan is 10, Vlan 10 also is a member of port 1 and 2 and 3 and 4. The fact that its also member of port 1,3, and 4 is unrelated to this topic. Then end result for port 2 seems like it would be: UNTAG2, TAG2, PVID2 – However as we just read the Override comes about and thus its UNTAG2, PVID2


InterVLAN Routing: Its the equivalent of making vlan interfaces with routing enabled on them, on a Layer 3 Switch



Default VLAN: UNTAG and PVID (Note UNTAGS override TAGS) - Layer 2

Membership: TAG - Layer 2

Intervlan Routing: Interface VLAN - Layer 3