Forwarding one VLAN to another

ROM
ROM Posts: 3
edited April 14 in Switch

I need to connect my internal network to factory network.

Factory network should connect to all computers and other devices in my internal network. My network shouldn't see devices of factory network.

For this I use commutator GS1920-8HPV2 (Firmware: 4.50 ABZ.0 05.07.2018)

I created 2 VLANs:

VLAN 10 - for factory network connectrion (port: 2,3),

VLAN 100 - for internal network (port 4,5,6,7,8)

I added 2 IPs: 10.10.136.47 for VLAN 10 and 192.168.0.1 for VLAN 100

The problem I have: I can't forward requests from VLAN 10 to VLAN 1000.

I tried to do this with Classifier and Policy Rule: I entered Layer 3 SrcIP=10.10.136.1/24 (VLAN 10) and DestIp=192.168.0.1 (VLAN 100) in Classifier and created Policy Rool for this. I tried first policy rool with VLAN ID=10 and egress port 3 (for VLAN 10), and I tried another one with VLAN ID = 100 and egress port =4.

I checked connection with ping from one computer, connected to port 3 of GS1920-8HP (on factory side, VLAN 10) to another connected to port 4 of GS1920-8HP (on internal network side, VLAN 100) - but pings didn't go.

Please help me with advise, how can I connect my internal network to factory network with GS1920-HP?


All Replies

  • Zyxel_Derrick
    Zyxel_Derrick Posts: 76  Zyxel Employee

    Hi Rom


    VLAN 10 and VLAN 100 are in the different sub nets

    If you want them to communicate with each other, you may need a layer 3 device to do the routing instead of using ACL

    Thanks


    Zyxel_Derrick

  • Sakura_T
    Sakura_T Posts: 101  Ally Member

    GS1920 series is merely a L2 switch which cannot do route between VLANs I think...

  • TomorrowOcean
    TomorrowOcean Posts: 58  Ally Member

    @ROM Why your default gateway IP for MGMT VLAN, VLAN 10 and VLAN 100 are all 0.0.0.0??

  • ROM
    ROM Posts: 3

    @TomorrowOcean I just don't have a real neighbor switch to define real gateways. I tried to forward VLANs just for testing before I connect to the factory network.

  • Like Sakura_T said, within a Layer 2 switch traffic cannot be routed between VLANs. If you just need to restrict internal_network ping factory network, you can try one VLAN and use ACL to block icmp packet from internal to factory.

  • Zyxel_Derrick
    Zyxel_Derrick Posts: 76  Zyxel Employee

    Hi Rom


    To sum up

    GS1920 series is a L2 switch and it can not do the routing

    Since you have two VLANs, you have to do the routing so they can communicate with each other.

    Therefore, you may need a L3 device to achieve your goal

    May I know do you have any other question?

    Thanks


    Zyxel_Derrick