How to setup internal VLANs on USG Flex 100H
Hello Folks,
I'm pretty new to Zyxel USG Flex H-Series so I need Help in setting up VLANs.
I know the basics of VLANs and how they are handled but I'm comming from total different vendors (Sophos/Cisco).
Setup goal:
The LAN-Interface (ge3) has the subnet 192.168.10.x . Additional to that I need 2 VLANs on this interface:
- 192.168.110.x
- 192.168.120.x
In the end the subnets 192.168.10.x and 192.168.120.x have to communicate with one host in VLAN-Subnet 192.168.110.x but not between each other.
All tutorials I've found relying on USG 100 but not 100H and the interface seems to be totally different.
So please - if anybody could help me with that soon would be perfect.
Cheers
Sebasian
Accepted Solution
-
Yes the new H models have a whole new layout vs old models
all ports are configurable meaning you can have any port be WAN (External) or LAN (Internal) with VLAN on top WAN or LAN.
I guess you have managed to log n to the Flex? Port setup for WAN you can use the LAN port you logged in to you can change that IP to 192.168.10.1 then re login
best go to object > Zone and make some zones like VLAN110 and VLAN120
then go to interface under Internal +add
interface type VLAN
name like VLAN110 and VLAN120port you logged in as like P3 for the VLAN to be on
zone VLAN110 and VLAN120
VLAN ID 110 or 120
fixed IP
192.168.10.x and 192.168.120.x
DHCP to how you wantapply to the same again for the other VLAN
by default SNAT is enabled so you should not need to added router rule but can if needed
policy control by default LAN to any may need to be changed to how you like
you can have rules like
LAN to WAN
VLAN110 to WAN
VLAN120 to WANall zones isolated
Then add to say
LAN to VLAN110
VLAN110 to LANto allow traffic between zones
1
Guru Member
All Replies
-
Yes the new H models have a whole new layout vs old models
all ports are configurable meaning you can have any port be WAN (External) or LAN (Internal) with VLAN on top WAN or LAN.
I guess you have managed to log n to the Flex? Port setup for WAN you can use the LAN port you logged in to you can change that IP to 192.168.10.1 then re login
best go to object > Zone and make some zones like VLAN110 and VLAN120
then go to interface under Internal +add
interface type VLAN
name like VLAN110 and VLAN120port you logged in as like P3 for the VLAN to be on
zone VLAN110 and VLAN120
VLAN ID 110 or 120
fixed IP
192.168.10.x and 192.168.120.x
DHCP to how you wantapply to the same again for the other VLAN
by default SNAT is enabled so you should not need to added router rule but can if needed
policy control by default LAN to any may need to be changed to how you like
you can have rules like
LAN to WAN
VLAN110 to WAN
VLAN120 to WANall zones isolated
Then add to say
LAN to VLAN110
VLAN110 to LANto allow traffic between zones
1 -
Hi @DJWindows ,
Greeting Forum, and thanks PeterUK.
Please kindly follow PeterUK statements and feel free to raise questions if any concerns.
Thank you
0
Zyxel Employee
Categories
- All Categories
- 398 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 83 Nebula Status and Incidents
- 5.2K Security
- 99 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 924 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 213 Service & License
- 339 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.1K FAQ
- 1K Nebula FAQ
- 445 Security FAQ
- 238 Switch FAQ
- 214 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 142 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 74 About Community
- 62 Security Highlight
