VLAN & LAN - same interface
Freshman Member
Good morning everyone, I need to exit from USG FLEX 100H firewall on some ports untagged and on others tagged (because on some ports I need to connect a device, while on others I need to connect to a switch). Is this feasible? I would like to keep the same gateway.
All Replies
-
Hi @Alex_91
Do you mean some internal ports to be a VLAN member, and some ports are non VLAN member(general interface only)? Like this?
Please help to describe more if this is not what you want.
Zyxel Melen0 -
No, I mean exactly that an interface (for example ge3) is untagged on port 3 (IP:192.168.168.1/24) and tagged on port 4, but with VLANx (VLAN168) (Obviously Port4 VLAN 168 must have same IP of 192.168.168.1, same interface!).
Because a PC is connected to port 3, while a switch carrying other VLANs is connected to port 4.
0 -
Its not possible with one USG
I get your way of thinking so that the USG would know traffic is by P3 untagged to go out to the internet then the reply the USG would know the session was by P3 to send traffic to P3 not to VLAN 168 P4. Of course you then have the problem of NAT inbound to WAN to then have P3 with 192.168.168.1/24 and P4 VLAN 168 with 192.168.168.1/24 which the USG would not know unless a option say this port P3 or MAC.
Its a very advanced way of manipulating traffic…
0 -
Yes, the firewall does not allow to do this. You need to connect with a switch and use the switch that support VLAN to control the VLAN tag.
Zyxel Melen0
Zyxel Employee
Guru Member
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 211 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 544 USG FLEX H Series
- 340 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 295 Service & License
- 465 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 87 About Community
- 99 Security Highlight
