Help required with a VLAN ZYXEL noob question

sunguy
sunguy Posts: 2
First Comment

Hope some one can help me with configuring VLANs on the below kit, I have the following setup…

ZYXEL - VMG8825-T50

ZYXEL - GS1200-8

The router is in the basement and the 8 port switch is in the loft, the gigabit uplink to the loft switch is from LAN1 on the router to port 1 on the eight port switch.

Here is my question: I have a work VPN PC running ubuntu connected to port 3 on the switch and I need to isolate this PC currently on port 3 from the rest of the network, all other ports on the 8 port switch are in use. Below is my settings but I can't seem to get this to work, is it some thing I am missing or do I have the wrong configuration?

Hope some one can help, previously I had a Draytek with a simular setup but the router and switch was struck by lightning.

Thanks to all in advance…

Accepted Solution

  • Zyxel_Kay
    Zyxel_Kay Posts: 446  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Hi @sunguy ,

    Yes, 'security policies' refer to the Access Control List (ACL) rules in your router's firewall settings. To block traffic between VLAN 10 and VLAN 20, create two ACL rules:

    1. Rule 1: Block traffic from VLAN 10 to VLAN 20. Specify VLAN 10's subnet as 'Source' and VLAN 20's subnet as 'Destination'.
    2. Rule 2: Block traffic from VLAN 20 to VLAN 10. Specify VLAN 20's subnet as 'Source' and VLAN 10's subnet as 'Destination'.

    You may apply these rules to the interface connected to the switch.

    Kay

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 446  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @sunguy

    Firstly, you have to create VLAN 10 and VLAN 20 interfaces on your router. Then, you could make the following VLAN settings on your switch:

    1. Port 1(router): PVID = 1, VLAN 1 untag, VLAN 10 tag, VLAN 20 tag
    2. Port 3(PC): PVID = 10, VLAN 1 untag, VLAN 10 untag
    3. The rest of network: PVID = 20, VLAN1 untag, VLAN 20 untag

    To isolate your Port 3(PC) from the rest of network, you may set the following security policies on your router:

    1. Block traffic from VLAN 10 to VLAN 20
    2. Block traffic from VLAN 20 to VLAN 10

    Hope this solution works for you!

    Kay

  • sunguy
    sunguy Posts: 2
    First Comment

    Hi Kay,

    Thanks for the advice and your fast response, on your last point and before I implement this, how do I block traffic via 'security policies' on the router when working on the switch? in the router firewall settings I can see ‘Add New ACL Rule’ as an option on the router firewall menu, is this what you mean by ‘security policies?
    Kind regards,
    Colin.

  • Zyxel_Kay
    Zyxel_Kay Posts: 446  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Hi @sunguy ,

    Yes, 'security policies' refer to the Access Control List (ACL) rules in your router's firewall settings. To block traffic between VLAN 10 and VLAN 20, create two ACL rules:

    1. Rule 1: Block traffic from VLAN 10 to VLAN 20. Specify VLAN 10's subnet as 'Source' and VLAN 20's subnet as 'Destination'.
    2. Rule 2: Block traffic from VLAN 20 to VLAN 10. Specify VLAN 20's subnet as 'Source' and VLAN 10's subnet as 'Destination'.

    You may apply these rules to the interface connected to the switch.

    Kay