XS1930 route traffic to wan

QuiteSmart
QuiteSmart Posts: 48  Freshman Member
Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - WLAN
in Switch

Hello community,

i have the following scenario: various vlans configured on the firewall and on the xs1930 (more ore less each port is a vlan, port 1 is the uplink to the firewall). Now i configured the xs1930 with each ip address for any vlan since i want it to be the gateway of all the vlans (this to use the 10gb/s speed for inter vlan traffic from edge switches to core switch). I configured the classifier and policy rules so that some vlans can see some other vlans.

In the end i configured some firewall rules to let the vlans see the zywall and allow traffic to the WANs.

So far so good

Now i had the problem to let the client inside the vlan surf the web: my solution was to enter in

system / ip setup / ip setup / default gateway

one of the firewall ip addresses (i used the one of vlan20). After this i am able to access internet from all the clients which are inside a vlan which is allowed to see the vlan20. Unfortunately i don't have a vlan which can be seen by ALL the other vlans but obviously i need all the vlan to get to the internet.

Is there any way to tell something like a "next hop" in the switch so that if the required IP is not inside of any vlan he will route to an ip address according to the source. (just to be verbose i mean for example: if i am 192.168.20.108 and i ask for 8.8.8.8 than the switch has to route this request to 192.168.20.1 while if i am 192.168.30.150 and i ask for 8.8.8.8 it should route it to 192.168.30.1)?

Please consider that i bought the extra Access L3 license!

PS i know that i can easily let the firewall make all the job but my firewall has no 10gb ports and i don't want that the request from vlan_office to vlan_server will be narrowed to 1gbps when i have a switch-switch connection of 10gbps.

PS2 configuration on-premise

Thank you

All Replies

  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited June 28

    Not yet got a Zyxel switch for doing L2+/L3 routing but have done it on my netgear M4100-D12G

    In my case I have the Zyxel Flex 200 with VLAN 6 untag to port 1 of of netgear

    so it be 192.168.255.237 on FLEX 192.168.255.200 on switch Untag port 1 PVID 6

    VLAN 138 PVID 138 on port 11 untag IP 192.168.138.13

    client can not get IP from FLEX so is set to static on port 11 192.168.138.6 gateway 192.168.138.13

    you then may need a rule on switch for 0.0.0.0/0 to gateway 192.168.255.237 with high Metric

    on the FLEX 200 do static route 192.168.138.0/28 Gateway 192.168.255.200 to switch

    Then it should work for internet traffic

  • Zyxel_Kay
    Zyxel_Kay Posts: 989  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @QuiteSmart

    To better understand your current setup, could you please collect the startup-config.conf file from your ZyWALL and the tech support file from your XS1930 switch, and send them to us through a private message?

    Kay

    Be a community MVP_1920x200.jpg

    Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP

Categories

Switch Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)