4 Replies Latest reply on Jan 16, 2012 2:58 PM by Michael Cardamone

    vlan trunking not working

    Herman M Level 1

      I need some help with vlan trunking.  Doesn't seem like it is used much as a simple search for vlan trunking in this community yielded zero results.  I have multiple appliances on our internal network configured with static IP's and in VLAN trunking mode.  One appliance has been assigned a vlan configuration to reach our DMZ network protected by a firewall.  When I run a VM scan, I get the same results with the scanner configured to scan the DMZ vlan as I do with a scanner not configured with a vlan to run a dmz scan (dmz vlan has not been configured on the appliance).  The result is the firewall is blocking all traffic except ports 80 and 443.  I thought the point of putting the scanner in vlan trunking mode and configuring it to scan a certain vlan (in my case behind a firewall) is that the appliance would be "seen" as a device on that vlan network (in my case the dmz) and not have the traffic filtered if there were a firewall present (in my case there is a firewall)?? 


      I don't like the idea of opening a hole in the firewall to allow any traffic to and from our scanners IP address.  Please advise.

        • vlan trunking not working
          Michael Cardamone Level 2

          Hi Herman,


          You are correct. When the VLAN feature is enabled your scanner should act as if it's sitting in the same subnet as the hosts your scanning.


          A couple of things we need to make sure of are:

          1. The scanner is on Version 2.1 or higher.

          2. The VLAN option has been turned on for your account.

          3. Your scanner must be using a Statis IP (you stated this was done)


          If the above are all true, I have a couple of questions:

          1. you said the DMZ VLAN was not configured on the appliance. Does this mean it was configured in the QualysGuard Web Portal?

          2. You said that all the appliances were configured for VLAN Trunking, but are the ports they are attached too on the switch set to Trunking mode?

          3. Does the appliance your scanning with have a Trunked path to the VLAN where the hosts are?


          I would not suggest opening a hole in the firewall as this should not be necessary.