USG110 Inter VLAN routing (router on a stick)
Thank you in advance for any input or suggestions.
Short story, I am a Cisco person and recently purchased ZyXel for home to lower my hardware refresh cost. I am a network person and understand how it works and can configure this setup in my sleep on Cisco hardware. I am totally new to ZyXel and looking for direction to properly configure ZyXel for inter VLAN routing. I have not unboxed my hardware yet because I am still trying to get past my ZyXel learning curve.
Very basic on Cisco I would create a sub interface (virtual interface in ZyXel) for each VLAN on the router/firewall (ASA). Then enable the connecting trunk port with proper encapsulation and provide the allowed VLANs on the trunk.
I understand tag and untagged on the ZyXel switch, I am needing help with the USG110 and routing between VLANs.
The basics of my setup:
1 x USG110
2 x GS1920
6 x VLANs
Through documentation my understanding is that the virtual interfaces are only for assigning multiple IP addresses to the same physical WAN interface for example multiple ISPs (in my mind the same thing you are doing on Cisco when creating sub interfaces)
Indirectly the way I understand the little documentation on this topic for ZyXel, you DO NOT create a virtual interface (sub interface) on the USG110. You only create the VLANs on the USG110 and the switches.
Is this correct?
How is the routing/gateway properly configured without a virtual interface?
I would think that you would create a virtual interface for each VLAN on given physical interface and this IP is the gateway for the given subnet. Then the virtual interfaces populates the directly connected routing table.
Am I totally wrong on this thought with ZyXel?
Thanks again for any help in educating me on this product. I see great potential once I get past my lack of knowledge of this product.
Short story, I am a Cisco person and recently purchased ZyXel for home to lower my hardware refresh cost. I am a network person and understand how it works and can configure this setup in my sleep on Cisco hardware. I am totally new to ZyXel and looking for direction to properly configure ZyXel for inter VLAN routing. I have not unboxed my hardware yet because I am still trying to get past my ZyXel learning curve.
Very basic on Cisco I would create a sub interface (virtual interface in ZyXel) for each VLAN on the router/firewall (ASA). Then enable the connecting trunk port with proper encapsulation and provide the allowed VLANs on the trunk.
I understand tag and untagged on the ZyXel switch, I am needing help with the USG110 and routing between VLANs.
The basics of my setup:
1 x USG110
2 x GS1920
6 x VLANs
Through documentation my understanding is that the virtual interfaces are only for assigning multiple IP addresses to the same physical WAN interface for example multiple ISPs (in my mind the same thing you are doing on Cisco when creating sub interfaces)
Indirectly the way I understand the little documentation on this topic for ZyXel, you DO NOT create a virtual interface (sub interface) on the USG110. You only create the VLANs on the USG110 and the switches.
Is this correct?
How is the routing/gateway properly configured without a virtual interface?
I would think that you would create a virtual interface for each VLAN on given physical interface and this IP is the gateway for the given subnet. Then the virtual interfaces populates the directly connected routing table.
Am I totally wrong on this thought with ZyXel?
Thanks again for any help in educating me on this product. I see great potential once I get past my lack of knowledge of this product.
0
Best Answers
-
you DO NOT create a virtual interface (sub interface) on the USG110. You only create the VLANs on the USG110 and the switches.
Zyxel - virtual interface, a sub interface with secondary IP on the based interface
Basically, here the concept on Zyxel firewall ports, interface, vlan interface
1. First, to define the physical ports as a group to bind with an ip interface
Go to GUI, Network > Interface > Port Role page
In this example,
Port 3, 4, 5 binds to lan1 ip interface
Port 6, 7 binds to lan2 ip interface
2. Create vlan interface on top of the based interface
Go to GUI, Network > Interface > VLAN page
(1)Interface Type:
recommend you select "internal" type, it's like inside interface of ASA.
You can can configure DHCP server on this type of interface.
Also, the router will auto doing dynamic PAT for traffic from internal type interface(inside) to external type interface(outside)
(2)Interface Name:
It limit the name need to use "vlan" as prefix and following digit 0-4094, usually I configure it same as the vlan id for easy understand.
(3)Zone:
Zyxel firewall is a zone based firewall. This is the binding zone of this vlan inerface
There a default firewall rule allow zone:LAN1 to zone:any. So you can select LAN1 first then change it later as you want.
(4)Base Port:
This term might be a little bit confuse. It's means binds with the ports that binding on this base interface. (That configure in the first step)
Or you can think it the subinterface with vlan id of base interface.
(5)VLAN ID
The traffic send out from this vlan interface will tagged with this vlan id.
Also the incoming traffic tagged with this vlan id will routing/filtering by this vlan interface.
The base interface will routing/filtering the untagged traffic in & out.
So in your case, about the firewall settings.
First, at least 2 ports bind to lan1 interface as VLAN trunk port to connect 2 GS1920 switch.
Second, create 6 vlan interfaces for each VLAN
7 -
Just a detail:
Disable DHCP option in the base interface.5
All Replies
-
you DO NOT create a virtual interface (sub interface) on the USG110. You only create the VLANs on the USG110 and the switches.
Zyxel - virtual interface, a sub interface with secondary IP on the based interface
Basically, here the concept on Zyxel firewall ports, interface, vlan interface
1. First, to define the physical ports as a group to bind with an ip interface
Go to GUI, Network > Interface > Port Role page
In this example,
Port 3, 4, 5 binds to lan1 ip interface
Port 6, 7 binds to lan2 ip interface
2. Create vlan interface on top of the based interface
Go to GUI, Network > Interface > VLAN page
(1)Interface Type:
recommend you select "internal" type, it's like inside interface of ASA.
You can can configure DHCP server on this type of interface.
Also, the router will auto doing dynamic PAT for traffic from internal type interface(inside) to external type interface(outside)
(2)Interface Name:
It limit the name need to use "vlan" as prefix and following digit 0-4094, usually I configure it same as the vlan id for easy understand.
(3)Zone:
Zyxel firewall is a zone based firewall. This is the binding zone of this vlan inerface
There a default firewall rule allow zone:LAN1 to zone:any. So you can select LAN1 first then change it later as you want.
(4)Base Port:
This term might be a little bit confuse. It's means binds with the ports that binding on this base interface. (That configure in the first step)
Or you can think it the subinterface with vlan id of base interface.
(5)VLAN ID
The traffic send out from this vlan interface will tagged with this vlan id.
Also the incoming traffic tagged with this vlan id will routing/filtering by this vlan interface.
The base interface will routing/filtering the untagged traffic in & out.
So in your case, about the firewall settings.
First, at least 2 ports bind to lan1 interface as VLAN trunk port to connect 2 GS1920 switch.
Second, create 6 vlan interfaces for each VLAN
7 -
Just a detail:
Disable DHCP option in the base interface.5 -
Thank you for the feed back. This is great information and looking forward to learn this hardware platform.0
-
Boa tarde a todos,
Tenho um zyxell USG40 e estou precisando configurar umas VLANs nele, mas não estou conseguindo, alguém poderia me ajudar por favor ? ja tentei de um tudo e não funciona.0 -
Hi @PrimetekIts,
Welcome to Zyxel Community.
This forum is only supporting English and Chinese at the moment. Please describe the question in English.
0 -
zyman2008 I am configuring sub-interfaces on an a Zyxel ATP200. Is there anyway to do this using one port on my Zyxel instead of separate ports and assigning one vlan to each port, like a router on a stick configuration?
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight