USG 50 VLAN Setup

dcgtechnologies
dcgtechnologies Posts: 24  Freshman Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
Hi All. I have a Zyxel USG50 Firewall. I am trying to configure the routing for VLAN 10. Currently all workstations and servers are on VLAN1, but my end goal is to move all devices to VLAN 10, but currently I am only able to ping the Default Gateway of VLAN 10 and not able reach the test machine I have on the VLAN10 subnet. The difference between the VLAN's 20 and 30 are that they are using the Zyxel as there DHCP server whereas the VLAN10 will have a Windows DHCP server on it. I have two Cisco Switches and all communications work fine with all the VLANS. I can reach all devices on all VLAN's accept VLAN10 as that VLAN is not using the DHCP server function that is available. From VLAN1 All devices have a network IP address of 192.168.1.x with a Default Gateway of 192.168.1.1. 

Currently the VLANS are configured as follows:

VLAN 1 - Management Network - 192.168.1.x 

VLAN 10 - Users Workstations - 192.168.2.x

VLAN 20 - Users Wifi - 192.168.3.x

VLAN 30 - Guest Network - 192.168.4.x

It sounds to me I might have a routing issue on the Zyxel as I can not get to devices on VLAN10 without using the zyxel DHCP server. Any ideas on how to fix this? Thank you all in advance.  

Comments

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2018

    The windows DHCP server on VLAN10 is listing the gateway as 192.168.2.1 of the USG gateway?

    can the other test machine ping the gateway?

    Do you have IP/MAC binding disabled on VLAN10?

    Have you tried disabling the firewall to see if all works fine?

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @PeterUK , thanks for your sharing.

    Hello dcgtechnologies,
    To analyze this case, please check and collect below information.
    1. Does the gateway of windows DHCP server be configured 192.168.2.1 which is the same as USG's gateway?
    2.Disable the firewall and IP/MAC binding and test again.
    3. Please collect the packet for checking further when you ping the test machine.(Please private message the packet with source IP and destination IP to me)
    Go to Maintenance>Diagnostics>Packet Capture>Select Vlan10>Press Capture. 

    after that press Stop and download packet from "Files".
    Please also private message the configuration to me for checking purpose.
    Charlie
     



Security Highlight