VLAN On USG 40W
Freshman Member
Hello,
I have a simple question but for some reason I cant get it to work. Basically I have a usg40w firewall and I need to have two separate networks. I have LAN 1 working on interface P2 of the firewall, and now I need to add a second, separate network. I was hoping to use VLANs for this as I only have one switch between the two networks, meaning both of the firewall LAN interfaces are plugged into ports on the switch. My question is what is the best way to have achieve this? Do I pass the VLAN from the firewall to the switch or the other way around. I apologize if I am over complicating this.
Accepted Solution
-
You need to to add a VLAN ID 200 tag that to the port going to USG and untag it on to port with PVID 200 your laptop is connected too. This way your laptop is untagged goes to the port and tags out to USG.
6
Guru Member
All Replies
-
Hi @ice2921
You can create a Vlan interface base on port 2 of USG40W, in this way, traffic can be separated into two network.
For USG, it just only need to create a Vlan interface, most settings is on switch.
Are you using zyxel's switch? Let me know if you encounter any issue on vlan settings of switch.
Create a Vlan interface on “CONFIGURATION > Network > Interface > VLAN”
0 -
Thats what I thought that I did and I believe my switch is configured correctly. Below is my current configuration on the USG:
On my switch I noticed that when i plug in my laptop to the port I configured for VLAN 200 it gets an ip address on the 192.168.2.X network.
0 -
Do you have a VLAN switch or is it just Unmanaged?
When you connect your laptop to the port where VLAN200 is you will get 192.168.2.X because your laptop NIC is not set with a VLAN200 it is running untagged.
1 -
switch is managed - hp procurve 2810-48g. Should I change the switch to tagged? Right now its untagged.
0 -
You need to to add a VLAN ID 200 tag that to the port going to USG and untag it on to port with PVID 200 your laptop is connected too. This way your laptop is untagged goes to the port and tags out to USG.
6 -
Hi @ice2921
You can capture packets on USG Vlan200 interface.
Assume the switch set up correctly, you should be able to see the packets coming to USG vlan200 interface.
Packet trace CLI
Router> packet-trace interface vlan200 extension-filter -e -n
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
