Configure WAN port with IPoE, static IP and VLAN 100 on ZyWall 100
AWUSupport
Posts: 43 Freshman Member
Hi,
Trying to configure our ZyWall USG 100 for a new WAN connection to our office and just cannot get this to work. This is a factory reset USG with default settings from factory.
The details provided by ISP for this connection is IPoE (no username or password), static IP provided (61.x.x.2 255.255.255.252), gateway 61.x.x.1 and VLAN ID 100 required.
So what I have tried is setting Ethernet WAN1 with static IP and Mask of 0.0.0.0 and 0.0.0.0 . Then setting VLAN to use Zone WAN, base port WAN1, VLAN ID 100 and set Fixed IP Address of 61.x.x.2, mask 255.255.255.252 and gateway 61.x.x.1 . As no username or password is required I of course have not set PPP or ISP Account details. I used this article without the PPPoE part: https://support.zyxel.eu/hc/en-us/articles/360001390334-Setting-up-a-VLAN-on-a-WAN-PPPoE-Interface
However when I try to ping 1.1.1.1 or any other public IP address from LAN however no reply. Interface summary shows vlan100, under wan1, is up with that static IP address. If I remove teh ZyWall and directly connect via ethernet a Windows 10 notebook to that same internet line, set static IP and VLAN, all responds on the internet so I know the details I have are correct and working.
Can anyone point me in the right direction as to what I am doing wrong with this setup? I cannot find a similar example to assist.
Trying to configure our ZyWall USG 100 for a new WAN connection to our office and just cannot get this to work. This is a factory reset USG with default settings from factory.
The details provided by ISP for this connection is IPoE (no username or password), static IP provided (61.x.x.2 255.255.255.252), gateway 61.x.x.1 and VLAN ID 100 required.
So what I have tried is setting Ethernet WAN1 with static IP and Mask of 0.0.0.0 and 0.0.0.0 . Then setting VLAN to use Zone WAN, base port WAN1, VLAN ID 100 and set Fixed IP Address of 61.x.x.2, mask 255.255.255.252 and gateway 61.x.x.1 . As no username or password is required I of course have not set PPP or ISP Account details. I used this article without the PPPoE part: https://support.zyxel.eu/hc/en-us/articles/360001390334-Setting-up-a-VLAN-on-a-WAN-PPPoE-Interface
However when I try to ping 1.1.1.1 or any other public IP address from LAN however no reply. Interface summary shows vlan100, under wan1, is up with that static IP address. If I remove teh ZyWall and directly connect via ethernet a Windows 10 notebook to that same internet line, set static IP and VLAN, all responds on the internet so I know the details I have are correct and working.
Can anyone point me in the right direction as to what I am doing wrong with this setup? I cannot find a similar example to assist.
0
All Replies
-
Hi @AWUSupport,The configuration should be correct from your description.When you ping from LAN host to Internet, can you see traffic send out from vlan 100?Moreover, assume all setting are correct, ZyWall 100 ARP table should be able to see gateway mac address in Vlan100.The following Troubleshooting CLI for your reference.How to check packet send out from vlan 100Router> packet-trace interface vlan100Show ARP table.Router> show arp-table0
-
Thank you for the quick response. Tomorrow I will check run a packet trace and check the arp table results and report back here for you to analyse.
Your example is interesting however as in your arp table vlan100 has quite a different ip address to wan1. The config I detailed in my question has vlan100 with the static public IP provided by ISP and wan1 0.0.0.0, quite different to your feeback example. I can provide our startup-config.conf if required.0 -
So I have a running ping to 8.8.8.8 from notebook at 192.168.1.33 connected to LAN port of ZyWall USG - no reply as previously detailed in original post.
LAN ZyWall USG: 192.168.1.1
WAN public IP address: 61.x.x.122
WAN Gateway: 61.x.x.121
These are my results for arp-table and packet-trace. So is this showing packet is successfully sent out and we are getting no reply back to 192.168.1.33. How do we resolve?
show arp-table
packet-trace interface vlan100
0 -
Looks like we have found our answer, although would like clarification.So firstly the WAN setup for IPoE, static IP and VLAN100 was all correct. Thanks for Zyxel support for confirming our config sounded valid.What we didn't realise is we had a Default Trunk in place with a Policy Route using that Trunk for LAN to WAN. However the VLAN100 interface had not been added to that Default Trunk, only wan1 and wan2 interfaces were listed and active. When we added VLAN100 interface we could contact the internet.I gather in our case adding VLAN100 to our default trunk is the correct method? I would have thought as VLAN100 is set against base port WAN1 that it didn't need to be explicitly added. Thoughts?
Edit: Further details. As wan1 interface in trunk has no impact we our setup with have removed wan1 from trunk and just have vlan100 and wan20 -
Any feedback Zyxel_Cooldia ?0
-
Hi @AWUSupport,Vlan100 supposed to be added automatically in default wan trunk when you create a VLAN and type is external.Point to note is the interface mode must in Active status0
-
Unusual that the VLAN interface did not add it automatically add the the wan truck, made it difficult to know where to troubleshoot.
So I gather the wan1 interface is now no longer required in WAN Trunk as it is not really used?0 -
Hi @AWUsupport,
What is the Vlan interface type? Internal and general would not add to wan trunk automatically.
0 -
External vlan interface specifying wan1. Was not added automatically to trunk which made it difficult to know where or what to look for.0
-
Hi @AWUSupport,
Can you send me your configuration file via private message.
I would like to check and test based on your configuration file.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight