ZyWALL ATP200 how to start with Vlan?

Username_is_reserved
Username_is_reserved Posts: 107  Ally Member
First Comment Friend Collector Fourth Anniversary
Here is my Network in a very simplified way:
The ATP (will) have 2 Wan Connection one slow DSL and one fast but unreliable Cable.
There are multiple Switch in the System 2 Zyxel and a Handfull Managed and Unmanaged one. I use an Netget for example for PoE to power the AP and some IP Phones.
I intend to have atlest 4 Vlans for: Guest, IP Phone, Business, Home stuff. Currently everything run on the old USG without a VLan.
So how to make it easy to Switch "just" the Lan cable from the old to the new Router?

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @Username_is_reserved,
    Greeting forum , this is my suggestion. I
    For exapmle : vlan 10 AP,vlan 20 IP phone,vlan 30 home stuff,vlan 40 Client

    1) All UPLINK of Switch using 802.1Q, and allow tag all vlan.
    I am not sure what's your AP level/topology.Maybe It should using 802.1Q on switch port which connect to AP  and tagging vlan10,30 .

    2) Setting the vlan on individual switch ports (vlan10 for AP,Vlan20 for IP Phone, etc.)
    -In order to look clean, you may also make switch port 1-6 vlan10,7-12 vlan20,etc . But you have to sort out the cable. 
    3) Setting Vlan address on ATP200 ,(Assuming LAN2 Connect to internal switch)
    -These are VLANS Gateway , All traffic between vlan will pass through the firewall .

    Kevin

  • Username_is_reserved
    Username_is_reserved Posts: 107  Ally Member
    First Comment Friend Collector Fourth Anniversary
    Hi @Username_is_reserved,
    Greeting forum , this is my suggestion. I
    For example : vlan 10 AP,vlan 20 IP phone,vlan 30 home stuff,vlan 40 Client

    1) All UPLINK of Switch using 802.1Q, and allow tag all vlan.
    I am not sure what's your AP level/topology.Maybe It should using 802.1Q on switch port which connect to AP  and tagging vlan10,30 .

    2) Setting the vlan on individual switch ports (vlan10 for AP,Vlan20 for IP Phone, etc.)
    -In order to look clean, you may also make switch port 1-6 vlan10,7-12 vlan20,etc . But you have to sort out the cable. 
    3) Setting Vlan address on ATP200 ,(Assuming LAN2 Connect to internal switch)
    -These are VLANS Gateway , All traffic between vlan will pass through the firewall .

    Kevin


    Thanks for replay. The are WAC APs.
    How to prevent that I cant access anything any more when I set a Vlan?
    I guess I must do a VLan Trunk when I setup the Switch?
    When the Switch in the Vlan 10 and the Guest connect to the Wifi AP the should get in there own Vlan (sry I got confused by my own Diagram) lets say Wifi Guest are Vlan 50...
    For the Guest I should activate: Layer 2 Isolation to I guess?
    Is there a good "How To" for the "Web Authentication"?
    Thanks

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @Username_is_reserved,
    How to prevent that I cant access anything any more when I set a Vlan?
    -Kindly using Mgmt Port to set up Switch to prevent loss connection.please notice you must need downtime to do the vlan change.
    I guess I must do a VLan Trunk when I setup the Switch?
    -Yes, All uplink between switch must have  802.1Q .
    When the Switch in the Vlan 10 and the Guest connect to the Wifi AP the should get in there own Vlan (sry I got confused by my own Diagram) lets say Wifi Guest are Vlan 50...
    -The switch port which connect AP must have 802.1Q as well. 
    For the Guest I should activate: Layer 2 Isolation to I guess?
    -Yes, Layer 2 isolation in AP.
    Is there a good "How To" for the "Web Authentication"?
    -Please Kindly find our hand book (Page 571~576),
    Thanks
  • Username_is_reserved
    Username_is_reserved Posts: 107  Ally Member
    First Comment Friend Collector Fourth Anniversary

    Sorry everyone its still me. Now I want start to change. I see some Device like an IP Phone should support adding an Vlan ID. Should I add the Vlan ID there to?

    The confusing part is why the Vlan is part of the Zone/ Port?!

    Thanks

  • WJS
    WJS Posts: 155  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    As far as I know, the vlan setup on sip phone is named voice VLAN with tagging. The purpose is to separate the voice stream and data stream.

    -So do the appropriate settings on swtich after you added voice vlan.

    -Create vlanXX interface if the voice stream will goto internet.

Security Highlight