Zyxel USG 1000 - TLS 1.2

2»

All Replies

  • mm_bret
    mm_bret Posts: 63  Ally Member
    First Comment Fourth Anniversary
    mMontana,

    I was using the two ports to connect devices (switches) to our TrustedLan. The names are different, but simply identify their use.

    Interested in knowing your opinion on this arrangement. I've always thought it would split
    traffic a bit..

    Thanks
  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    edited June 2022
    I never tested more ports for the same interface, I'm also not aware how to achieve more bandwidth to the switch "grouping" more 1Gbe Ethernet ports in zyxel environments. If no other setup is made between TrustedLan1 and TrustedLan2 switches, currently USG1000 is a point of failure. Maybe is not an issue in your environment (or better, not worse issue than having your gateway down); personally I would not do the same thing.
    Option 1, aggregate the ports to the most powerful or most recent switch of my rack, then distribute the connection among the others
    Option 2, connect one port par switch then make a redundant connection between switches, but the whole stack of device should be on the same page about Spanning Tree (same version, same protocol, compatible implementation and interoperable awareness) otherwise the loop... Something that Ethernet don't like that much.


  • mm_bret
    mm_bret Posts: 63  Ally Member
    First Comment Fourth Anniversary
    The message persists. When I try to rename interface name, the message pops up. Weird.
    Have never activated Device HA. Saw a post about HA relation, but doesn't seem to apply in this case.

    I don't think the subnet is the issue. I have lots of devices with the same subnets on the same USG 1000 DMZ is one example. Prior to the firmware update; never saw the message.

    As much as I like these USG 1000, I'm getting a feeling I need to move on.
    I have a Cisco 901 ASR that I attempted to configure, but in order to use some of the extra
    interface ports, Cisco requires a license, and it dials home to confirm the license periodically. Dealbreaker! Not a license per port guy.

    I'm trying a pfsense device.

    Want to thank you guys for helping, and will continue to speak highly of Zyxel. Look forwad
    to my next discussion on the board.
    Best,
    Bret








  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Hello @mm_bret,
    If you have two LAN interface that assign the same IP range, the error about interface overlapping will pop out.
    Moreover, you have port3, port4 in the same LAN interface, and both ports connect to the same switch, it will cause a loop.

    Do you mind open a new post with your topology, purpose, and settings? I will help you troubleshooting this problem.
    Thank you.

    Regards,
    James
  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    @mm_bret how's proceeding your evaluation?
  • mm_bret
    mm_bret Posts: 63  Ally Member
    First Comment Fourth Anniversary

    Just an update on my equipment I ended up using.

    After trying several devices, I purchased a Flex 200 and have bought 5 since my first one.

    I have the interface figured out, due to some gui changes, and can't wait to get another one.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)