1.37 Patch1 - Untagged traffic on P3 merged with VLAN on P2
Master Member
Hello everyone,
I have a VLAN created with Zyxel switch on P2, it is seen as expected.
Yesterday I discovered inside an ORG that they have an old branch of LAN from warehouses with unmanaged switches that I can manage with a cable on P3.
No room to pull another cable from warehouses to the new switch area where I installed Zyxel hardware, it is an old site protected by laws for historical monuments so everything it's all really bureaucratic.
The simplest way should be to merge untagged traffic on P3 with the existing VLAN from P2.
Is there a way to do that?
I could not find that in the Nebula config for interfaces.
All Replies
-
Hi @GiuseppeR ,
To better assist you, could you please confirm whether your topology is as shown below?
Also, could you clarify whether your goal is to allow the devices in the warehouse (unmanaged switch) to communicate with the devices connected to Switch Port 2? Where is your new switch in this topology? …
By the way, please provide the Nebula organization/ site name and enable Zyxel support, we will take a look to your interface configuration.
Zyxel_Judy
0 -
Hi @Zyxel_Judy
Yes it is so. Sent a PM with priviledges.
0 -
So are you wanting unmanaged switch devices to connect to devices on Switch Port 2 ?
is Switch Port 2 tagged to FLEX H?
The problem is I don't think you can have a two port interface one being tagged and one being untagged on FLEX H the only way to solve this is another switch at FLEX H where this switch tag to FLEX H and tag out to Switch Port 2 and have a untag port for the unmanaged switch that tag back to FLEX H
0 -
Exactly, my idea was to find a way to tag all the traffic passing via P3 directly on the firewall without buying another switch only for that… so that traffic could match VLAN tagged via switch in P2.
I don’t think it is possible too, maybe an idea for Zyxel to add this function? At least a suggestion… 😁
0 -
Hi @GiuseppeR ,
The USG FLEX H Series currently does not support assigning a PVID (Port VLAN ID) to a physical port via Nebula in a way that would tag incoming untagged traffic and merge it with a VLAN defined on another port. As PeterUK noted, you cannot mix a tagged-port and an untagged-port within the same VLAN interface on this platform from the Nebula side.
With your current topology, devices connected to the unmanaged switch on P3 can still reach devices on P2 through the USG FLEX H's built-in inter-interface routing — no additional hardware required.
Zyxel_Judy
0 -
Hi @Zyxel_Judy
they can reach devices on P2, but they cannot obtain the IPs in the format assigned to the VLAN.
So P3 devices that has static IPs like 192.168.1.x (the network in P2 via VLAN is 192.168.1.1/24) are not able to go online
If the traffic in P3 would be tagged via P3 port the devices linked via unmanaged switch could get their static IPs without reconfiguring them.
Is there any other way to get this result a part from buying another switch? Am I missing something?
0 -
You can have two different IP subnets for Switch Port 2 and unmanaged switch to FLEX H then you can have like IP 192.168.1.2 go the 192.168.255.2 by FLEX H.
0 -
I have static IPs set devices linked on P3 via remote switch unmanaged (IPs type 192.168.1.x)
I had to assign 192.168.1.1/24 to VLAN tagged on P2 because of security cameras (also these with static IPs but on another branch network)
So all of these static IPs (on VLAN via P2 and everything via P3) need the same subnet to go online.
Tagging the traffic on P3 would solve the issue because this would translate traffic and DHCP server to 192.168.1.1/24 without reconfiguring manually each device with static IPs on remote unmanaged switches.
In this situation I have 2 choices:
- reconfiguring unmanaged switches devices with another subnet
- adding a managed switch and tagging the traffic with it using only one port from that switch
0 -
Do you have static IPs that are the same on unmanaged switch and Switch Port 2?
0 -
Unfortunately yes, everything on that ORG was static and on the same subnet. A nightmare.
Now I have split that via VLANs to increase cybersec but the old hardware is still on static IPs:
Look at the speed of P3 😂
0
Zyxel Employee
Guru Member
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 222 Nebula Ideas
- 129 Nebula Status and Incidents
- 6.5K Security
- 617 USG FLEX H Series
- 347 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 53 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 485 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 105 Security Highlight
