Zyxel xs3800-28 vlan routing

Smartqwerty
Smartqwerty Posts: 12
First Anniversary Friend Collector First Comment
edited February 2023 in Switch
Good day!
My organizations is planning to use 2 Zyxel xs3800-28 in stacking mode as core switches in LAN soon.
The LAN project provides creating:
1) Vlan 10 (Users) - 192.168.10.0/24
2) Vlan 20 (Servers) - 192.168.20.0/24
3) Vlan 30 (Management) - 192.168.30.0/24
As stated in switch reference, this switch is level 2+ and supports inter-Vlan routing using static routing, but i never used level 2+ switches in routing purproses, so i need to specify some moments:
1) I need to route traffic from Vlan 10 to Vlan 20, and from Vlan 20 to Vlan 10;
2) Traffic from Vlans 10, 20 must reach only a single destination IP in Vlan 30 (for example 192.168.30.200/24):
3) Traffic from Vlan 30 to 10, 20 must be blocked, excluding a single source IP from Vlan 30 (192.168.30.200/24).
Will I be able to solve this using these switches and can you share an approximate configuration for this?

Best Answers

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,590  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    @Smartqwerty,

    Welcome to the Zyxel community!

    The below suggest configuration is based on the 4.80(ABML.1)C0 version.

    For the first question, you could reference our Handbook page 43 to set up the inter-VLAN routing.

    For the second and the third question, you could use the ACL to fulfill your requirement.

    Here's the setup suggestion:

    1. Please search ACL to enter Classifier > Classifier Global Setting. Change the “match order” to Manual.
    2. Please go to Classifier > Classifier Setup to add classifiers.
      1. Add classifier “VLAN 10 to VLAN 30 specific IP” with the source IP with VLAN 10 subnet and the destination IP with VLAN 30 specific IP address. And no need to change the weight.
      2. Add classifier “VLAN 30 specific IP to VLAN 10” with the source IP with VLAN 30 specific IP address and the destination IP with VLAN 10 subnet. And no need to change the weight.
      3. Add classifier “VLAN 30 deny all to VLAN 10” with the source IP with VLAN 30 subnet and the destination IP with VLAN 10 subnet. The weight should be changed to a lower weight, I use 3276 for example.
      4. Same setting for VLAN 20 to VLAN 30.
    3. Please go to ACL > Policy Rule to add the policy rules.
      1. Add a policy rule for the classifier “VLAN 10 to VLAN 30 specific IP”. All actions do not need to change.
      2. Add a policy rule for the classifier “VLAN 30 specific IP to VLAN 10”. All actions do not need to change.
      3. Add a policy rule for the classifier “VLAN 30 deny all to VLAN 10”. The Forwarding action should be changed to Discard the packet.

    If there's any question, please feel free to ask.

    Hope it helps.

    Zyxel Melen

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,590  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2023 Answer ✓

    Hi @Smartqwerty,

    Here's the CLI Reference Guide.

    By the way, here's the download library page of XS3800. You could also find the CLI Reference Guide and the firmware here.

    Zyxel Melen

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,590  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    @Smartqwerty,

    Welcome to the Zyxel community!

    The below suggest configuration is based on the 4.80(ABML.1)C0 version.

    For the first question, you could reference our Handbook page 43 to set up the inter-VLAN routing.

    For the second and the third question, you could use the ACL to fulfill your requirement.

    Here's the setup suggestion:

    1. Please search ACL to enter Classifier > Classifier Global Setting. Change the “match order” to Manual.
    2. Please go to Classifier > Classifier Setup to add classifiers.
      1. Add classifier “VLAN 10 to VLAN 30 specific IP” with the source IP with VLAN 10 subnet and the destination IP with VLAN 30 specific IP address. And no need to change the weight.
      2. Add classifier “VLAN 30 specific IP to VLAN 10” with the source IP with VLAN 30 specific IP address and the destination IP with VLAN 10 subnet. And no need to change the weight.
      3. Add classifier “VLAN 30 deny all to VLAN 10” with the source IP with VLAN 30 subnet and the destination IP with VLAN 10 subnet. The weight should be changed to a lower weight, I use 3276 for example.
      4. Same setting for VLAN 20 to VLAN 30.
    3. Please go to ACL > Policy Rule to add the policy rules.
      1. Add a policy rule for the classifier “VLAN 10 to VLAN 30 specific IP”. All actions do not need to change.
      2. Add a policy rule for the classifier “VLAN 30 specific IP to VLAN 10”. All actions do not need to change.
      3. Add a policy rule for the classifier “VLAN 30 deny all to VLAN 10”. The Forwarding action should be changed to Discard the packet.

    If there's any question, please feel free to ask.

    Hope it helps.

    Zyxel Melen

  • Good afternoon!

    Your answer was very helpful, thank you!

    Based on the
    handbook, we don't have to write static routes, it looks like a
    full-fledged level 3 switch!

    I didn't find the cli reference for this
    switch in the downloads library, could you give a link to the download cli reference or maybe full documentation pack?
    Thank you!

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,590  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2023 Answer ✓

    Hi @Smartqwerty,

    Here's the CLI Reference Guide.

    By the way, here's the download library page of XS3800. You could also find the CLI Reference Guide and the firmware here.

    Zyxel Melen