XGS1930 - Routing trouble
Freshman Member
Good moring,
I 'm a little stuck ,cause i not understand something into XGS1930 routing.
So , i have this scenario:
2 VLAN connected into layer 3 Switch XGS1930 and one Gateway (firewall) connected with one patch from switch.
I have VLAN 22 with switch IP 192.168.22.1/24 , into a port 14 i have connect a patch with V.M. Server with IP 192.168.22.100/24 tag 22 - gateway 192.168.22.1 dns 8.8.8.8.The port 14 have a Tag VLAN22 into a switch.
I have VLAN 33 with switch IP 192.168.33.1/24, into a port 23 i have connect a patch with V.M. Server with IP 192.168.33.100/24 tag 33 - gateway 192.168.33.1 dns 8.8.8.8. The port 23 have a Tag VLAN33 into a switch.
From the switch i have one patch to a Firewall , this is in VLAN1 IP switch 192.168.11.2/24 default gateway 192.168.11.1 default DNS 192.168.11.1,8.8.8.8
and the firewall have IP 192.168.11.1/24
So from the V.M.s i can ping each other, but i still not go out (in internet), what i need to do into a switch layer 3 for active the routing to out to internet the V.M? or where i wrong the configuration?
Thanks
Accepted Solution
-
You don't need to set static route rules on the Zyxel switch that supports VLAN routing. Our layer 3 switch, includes XGS1930, will automatically create a routing rule after you configure an IP address to your VLAN.
You may check the IPv4 routing table. Path is Menu > Management > Routing table > IPv4 Routing table. The below screenshot is my example.
So, you only need to set the static route on the firewall:
IP 192.168.33.0/24 gateway 192.168.11.2
IP 192.168.22.00/24 gateway 192.168.11.2
0
Zyxel Employee
All Replies
-
I think having switch IP 192.168.22.1/24 and - gateway 192.168.22.1 is a problem
I am right in thinking you want the Switch to route server 192.168.22.100 and 192.168.33.100 by the switch and not by the Gateway (firewall)?
from what I can tell the XGS1930 is not layer 3
0 -
I need the servers 192.168.22.100 and 192.168.33.100 can ping all the VLAN22 and VLAN33 (and i want that do a switch layer 3 not a firewall). I thinked the switch layer 3 take from it gateway default can route the traffic into
0 -
If you Filter L3 and L2+ your switch does not show up as L3
0 -
yes you are right,now i see… but maybe was a mistake because i read this in a layer 3 specification:
so, only XGS2210 or XGS2220 are true layer 3 ?
0 -
and I think L2+ can do what you want but not 100% sure on that
0 -
Hi @mauro83,
XGS1930 is a lite-L3 Smart Managed Switch, it supports VLAN routing.
It is important to know that your firewall does not know VLANs 22 and 33 since these VLANs/subnets are created on the switch. Have you created the static route rule on your firewall? Without the static route rule, the firewall won't know where to send the packet back.
0 -
Ok for the layer3 switch, so good i think XGS1930 can do what i need.
For the VLAN into the firewall, ok i'll can try and check if after all works, but if the gateway of the all V.M.s is the switch , is not the switch to route the traffic into the firewall?0 -
Hi @mauro83,
The switch will route the traffic from the VM to the firewall. But when the traffic goes back to the VM, your firewall cannot route the traffic since it does not know the subnet 192.168.22.0/24 or 192.168.33.0/24. It only knows that 192.168.11.2 is your switch.
0 -
What I think you want is
switch IP 192.168.33.1/24
switch IP 192.168.22.1/24
Gateway (firewall)
192.168.11.1/24
server 192.168.22.100 gateway 192.168.22.1
server 192.168.33.100 gateway 192.168.33.1
so that routeing between 192.168.33.0/24 and IP 192.168.22.0/24 is done by the switch but you want internet traffic to get to IP 192.168.11.1 which you would need a routeing rule on switch
0.0.0.0/0
192.168.11.1
and then static route on firewall
IP 192.168.33.0/24 gateway 192.168.11.2
IP 192.168.22.00/24 gateway 192.168.11.2
0 -
Yes …It's been a while …so i tried but the static rule into a switch…but is not accepted..
..
Only for information, into the gateway (11.1 ) i added the VLAN 22 and 33 and from gateway i can ping all the VLAN and IP servers…
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
