WAN and 2 VLANs - How to configure route?
Hi,
my ISP told me to setup an WAN Interface with another VLANs on it. The WAN-Interface (i dont need to setup a vlan) is for internet only. On the WAN Interface i have to configure a second Interface with a vlan id 2222. This one is for voip only. I can not reach the internet from vlan2222!
As you can see here i setup a vlan 2222 on the wan2 interface and after i connect i get the ip from my isp 10.8.x.x
The wan interface works fine. My clients run on vlan80. I have setup no special route. i use the firewall settings to allow or denie access from a vlan to wan or to other vlans. This works for me great.
My problem:
I have setup a new vlan 299 for testing purpose. I like to connect an ip phone to a port mapped to vlan299. And i need to route all VOIP-traffic over vlan2222 and all internet traffic over WAN. But i dont know how to setup this kind of route.
Can somebody help?
All Replies
-
Your AP need to be setup for VLAN299 to work also VLAN299 is disabled
Have you set a zone for VLAN2222 and VLAN299? to allow by firewall?
You may need routing rule too
0 -
Yes i need to activate the vlan 299, there is a firewall rule to allow access from 299 to 2222.
But what kind of rule?
I need to rules:
route all INTERNET traffic from 299 to WAN2
route all VOIP traffic from 299 to VLAN2222
But how can i decide what kind of traffic it is? For example my ip phone needs internet to download updates. But the voip network from my isp dont provide internet access so i can not route permanent from 299 to 2222
0 -
Thats a bit tricky I don't know of a ISP that does that but you likely don't need VLAN299 then
you need to add a zone for VLAN2222 and set it on the VLAN2222 on WAN2
On routing you can do
incoming VLAN80
next hop VLAN2222
You then need to work out what the traffic for VOIP-traffic is by capturing packets when in use then to the above rule add service ports this will be for VOIP-traffic
firewall rule from VLAN80 to VLAN2222
add another routing rule below that rule
On routing you can do
incoming VLAN80
next hop WAN
this will be for internet
0 -
I think no additional route needed. Just check you have allowed policy, and check IP from voip do the source NAT.
So capture packets on WAN2 to check if traffic reach to or check any drop logs?
0 -
Thanks i give it a try. How can i capture packets on WAN2. I have an older Zyxel Zywall USG 200
0 -
0
Guru Member
Master Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
