How to setup communication beetween VLANs

adi_dragnic
adi_dragnic Posts: 15  Freshman Member
First Comment Friend Collector Third Anniversary
edited April 2021 in Security
Hi,

I have divided departments with VLANs but i need them to communicate with Active directory Vlan. How can i  enable communication with other VLAN? 

Thanks in advance 
Adi 
«1

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @adi_dragnic  

    After added VLAN on USG, it will add routing automatically.

    So additional configuration is unnecessary.


    The traffic outgoing from USG VLAN interface is VLAN tag on.

    So you need additional switch to un-tag the packets.

    Then there is no problem to communicating between VLANs.


  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Comment Friend Collector Third Anniversary

    I have Wan fail over configured with policy based routing using this manual https://www.youtube.com/watch?v=6XhyZ3KWaxc , how to configure communication to other VLAN with policy based routing ?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @adi_dragnic

    Can you describe your topology of your scenario and what’s your goal that you want to achieve in your VLANs?

  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Comment Friend Collector Third Anniversary

    Hi Stanley ,

    I have 2 isp providers connected to Wan1 and Wan2 , devided network in 4 Vlans ( 10,11,12,and 20 ) configured Wan failover for all VLANS using Policy Based routing but when i have policies on there is no communication between VLANS i need to configure for all VLANS to have access to VLAN20 where i will have servers .

    image.png

    Regards

    Adi

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited June 2019

    Have you given each VLAN a zone like for VLAN10 make a zone VLAN10 then edit VLAN10 to be in zone VLAN10 . Then you make firewall policy from VLAN10 to VLAN20

  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Comment Friend Collector Third Anniversary

    Hi Peter i did not give VLAN zones i have all VLANS in zone Lan1

    image.png

    . How can i create Zones ?

    I dont have in zones menu vlans ?

    Thanks in advance

    Adi

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    To makes zones.

    Object > Zone

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @adi_dragnic

    I guess you have enabled “Use IPv4 Policy Route to Override Direct Route” function, so routing priority has changed.

    It leads VLANs unable community with each other by direct route.

    You can disable “Use IPv4 Policy Route to Override Direct Route” first, and make sure “Direct Route” priority is higher than “Policy Route” in your packet flow.

    1.png
    2.png

    Then your VLANs should able community with each other by Direct Route.

  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Comment Friend Collector Third Anniversary

    @Zyxel_Stanley Yes but when i unchecked this Wan failover rules wont't work am i correct ?

  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Comment Friend Collector Third Anniversary

    I will try that in non working hours ... :D thank you :)

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)