Vlan1 On Primary LAN Interface
All Replies
-
Yes, the switch has a GUI, but I prefer command line. Command line is more accurate. The switch is functioning as expected. The Flex500H does all the routing and controls traffic. LAN1 works great, but any other setup like this a nightmare.
0 -
I do not think your switch is setup correctly so from here on only test with Laptop/PC to USG set with VLAN directly.
Everything above will get out to the internet you have said you can get to the USG by VLAN so you are mostly there.
1 -
The switch is setup fine. I posted the configs of each port, and each port is tagged correctly and labeled correctly. None of my machines on the vlan10 `profile can get out to the internet, but they all work just fine when I used the profile LAN1. which looks to be the out of the box setup interface. It is like the Default Gateway under VLAN 10 cannot route to the WAN ports.
Please explain why you think it is my switch setup? NONE of my machines can get out to the internet under the vlan 10 interface and I am afraid it will mess up my other VLANS. All machines can talk to each other based on my testing and I was using two different laptops connected to different vlans because the Vlan10 interface / address object is not setup correctly. I am still missing the address-object for vlan 10 answer (Issue 4) and this is where I am confused. I am not challenging you, but trying to understand the logic behind this. LAN1 profile works fine and all my VLANS can talk to each other and all machines can get out to the internet. Why does the VLAN10 not work right and what is the complete setup?
The Flex USG 500H is doing all the routing for my network. My switch is not setup to do any routing, but does provide the trunks and access to each network based on VLAN tagging.
0 -
My logic is to rule out other problems so by connecting a laptop/PC directly to the USG we can get that working like I said your mostly there when you set the NIC to the given VLAN10 you just need a routing rule and policy control rule to make it work.
ping -t 1.1.1.1
till it works.
0 -
I can accomplish the same thing with my switches, because your logic does not make sense, when I set that VLAN10 interface I could route all traffic on my network internally, but could not make it past the Default-Gateway to the WAN interface to get out to the internet. All my machines could not get access to the internet bottom line when set to newly created VLAN10 Interface profile.
Let me clear things up I was messing with the config on VLAN10 to see what would work and what wouldn't work. I was messing with the Object - Address - setting it from Interface_Subnet, which allowed all my nodes on the network to talk to each other, but when I switched it Interface_Gateway I could not get into the Flex 500H from VLAN10. I had to connect to another VLAN say VLAN2 over WIFI to get into the FLEX 500H to make any changes. Yes there is an issue with the configuration you gave me at least the part I tested. As soon as I told you the issue you told me another part of the configuration that I need.
This goes back to my other point. I feel like we are talking in circles and you are not answering my questions.
So what makes you think me connecting a laptop directly to the USG500H will work. I have not setup the policy route or policy control rule, because I want to understand why LAN1 interface works just fine out of the box and all my VLANS work just fine along with all my machines connecting out to the internet just fine under LAN1 interface along with all the current routing under LAN1 interface and yes I am using my switches.
The vlan10 interface although you say it will work has yet to prove itself to work. I have to keep getting bits and pieces of the configuration from you and then you tell me to do something that you think might work and bottom line it does not work. As I mentioned before the firewall does all the routing for my VLANS and internal network.
So going forward I would prefer a complete setup guide and I am not going to keep trying things that have yet to test, because you think it will work. I want this to be explained correctly and not what you think will work. I am not challenging or trying to be unappreciative, but we keep talking in circles and you confuse me even more when you do not answer my questions and all you do is throw stuff at the wall to see what sticks. Please read this and understand my frustrations with this whole thing. I know the concepts, but this firewall although I like it is very confusing and convoluted. Not questioning your knowledge or effort, but we are not getting anywhere at all I feel.
Thank you.
0 -
I want to add another thing. In the default rule set. LAN to Zywall is already listed under Policy Control. See below:
This is why I feel I am going around in circles and want to understand why the LAN (Default LAN Zone) does not work right with the Vlan10 interface that we just setup, but works just fine with the LAN1 interface (Default Out Of The Box Profile).
See these rule sets. These are default rules. Why setup duplicate rule sets? See below:
This is why I am confused and not sure what the correct setup is. Thank you.
0 -
Well I let someone else have a go.
0 -
Peter I was just asking questions. Could you answer them? You are having me setup rules that are already there. I just want to understand those questions I have asked you say this will work, but it has not worked at all. Please help. Thank you.
0 -
I can't answer your questions that you will understand
0 -
Peter I understand everything just fine, but your logic is not working in my eyes. I have explained to you everything I have done and I have been in the Information Technology field for 27 years and I understand the concepts.
I feel like you are not understanding me and what I am asking and trying to accomplish. I have explained to you my switches do not do routing. They provide VLAN tagging of the physical ports as well as access to each individual VLAN. I have also explained that the Flex 500H is my router / firewall and it does all the routing for me.
Currently I am using LAN1 which is the default out of the box interface that works just fine. I have setup four other VLANS that work just fine using that untagged LAN1 interface. I would like to setup a VLAN using the untagged interface and that is when you came into the picture telling me it can be done and well so far it is not working, and I am not one to keep throwing ideas at the wall to see if they will stick.
Although you might understand it and think it might work. Has what you're telling me been tested? I am all for getting things to work that should work, but I am not one to keep going around in circles when I clearly understand what you are saying, but you are not answering my questions to get me to see your points, and I feel when I challenge you want to move on.
So again, why does the native untagged interface labeled LAN1 (Default Out Of The Box) interface work just fine with my current setup today? But as soon as we switched it to the VLAN10 Interface we setup I can talk to my devices internally but could not get out to the internet when I have the VLAN10 Interface set to the proper zone of LAN (Default Out of the Box Zone). That is my logic I am going with and connecting directly to the USG500H directly makes zero sense.
Thank you.
0
Freshman Member
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 198 Nebula Ideas
- 123 Nebula Status and Incidents
- 6.3K Security
- 484 USG FLEX H Series
- 319 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 46 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 451 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
