same VLAN on WAN and LAN

QuiteSmart

Hello!

Is it allowed to create VLANs with the same VLAN ID on an internal interface and on an external interface?
AFAIK it is not possible to have the same VLAN ID on two WANs but i don't know in the case described above

PeterUK

Does not look it but if you could would it cause a problem I wonder?

What would you hope to achieve by doing this?

Zyxel_Tina

Hi @QuiteSmart,

It is not allow to create VLANs with the same VLAN ID on both internal (LAN) and external (WAN) interfaces on USG FLEX H Series firewalls.

Additionally, we do not recommend this configuration. Having the same VLAN ID on both sides can lead to ambiguity in traffic flow, potential network confusion, and make troubleshooting significantly more complex. For example, if upstream/downstream devices also use the same VLAN ID, it may cause conflicts and make it difficult to distinguish whether the VLAN belongs to the internal or external network, which may eventually lead to packet loss.

Best practice dictates using distinct VLAN IDs for different network segments, especially when those segments are separated by a firewall and represent internal versus external networks.

PeterUK

The only case I can see where you want the same VLAN is if you had two ISP's where their modem each you need to use the same VLAN?

in which case two ways to solve this:

1. Two VLAN switches that tag to the ISP and untag to the WAN ports of the USG

2. A switch with VLAN and Send the packet to the egress port where by you tag to the ISP's and untag to the WAN ports of the USG but this would mean DHCP by one of the WAN port goes out to both ISP so to fix that you Classifier the source MAC's of each WAN of the USG to then Send the packet to the egress port for the given ISP.