 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Using USG with an ONT modem Okay, going to try to remove the action tech router currently in bridge mode to my USG100. Not having any TV signal simplifies matter. Of the three vlans 33-managment, and 34 IPTV, it appears I only need concern myself with VLAN 35 - internet. That plus the mac address of the action tech - affiliated with my account.
(1) Okay for the easy any Llama could do this part, I can thru advanced settings under ethernet on Wan1 clone the mac address of hte actiontech.
(2) How do I setup my WAN1 to be on VLAN 35??
I see a create virtual interface under configuration, within the ethernet tab, when I edit my WAN1 but this does not seem to be the correct spot?
I also see a VLAN tab as one of the top menu choices under Network Interface (like ethernet). I suspect this is where I do the dirty deed.
Name: vlanX where x is any number from 0-4094
Zone: Wan
Base: Wan1
VlanID: 35
Description: text field optional
IP assignement: Get automatically
Interface parameters: leave blank for max thruput
Connectivity Check: optional
DHCP: leave as NONE
RIP: assume leave disabled
OSPF: assume leave as NONE
That should do it for the mostpart.
Do I need to configure WAN TRUNK or POLICY ROUTE?
One part I am a bit confused on is that in the ethernet tab I have set get IP automatically and then duplicated that in the VLAN tab. ???
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
|
|
 DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | Interesting setup with VLANs on the WAN interface. I've never done this but it should be possible with USG. Here is what I think you should do:
1) On the Interface/VLAN tab, setup vlan35 interface using WAN zone. Let it obtain IP via DHCP.
2) On the Zone tab, you should see the vlan35 along with your existing ge? interface. Remove the ge? from the WAN zone.
3) (Optional) If you want to access the ONT diagnostic pages etc. that happens to use non-tagged packets, you can create a new zone and add the interface you have removed in previous step to that zone and you will probably need to configure static IP for that interface (unless ONT implements a DHCP server using non-tagged packets). You will probably need to enter some firewall rules to let the packets flow between this ZONE and the LAN. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | said by DrTCP:Interesting setup with VLANs on the WAN interface. I've never done this but it should be possible with USG. Here is what I think you should do:
1) On the Interface/VLAN tab, setup vlan35 interface using WAN zone. Let it obtain IP via DHCP.
2) On the Zone tab, you should see the vlan35 along with your existing ge? interface. Remove the ge? from the WAN zone.
3) (Optional) If you want to access the ONT diagnostic pages etc. that happens to use non-tagged packets, you can create a new zone and add the interface you have removed in previous step to that zone and you will probably need to configure static IP for that interface (unless ONT implements a DHCP server using non-tagged packets). You will probably need to enter some firewall rules to let the packets flow between this ZONE and the LAN.
So what do you do on the ETHERNET TAB (interface) nothing? I have to clone the mac address here but what about get the IP automatically setting?
Okay So Put in the VLAN as described but not active yet.
Will monkey when others are not on the net.
Looking at the zone menu item under NETWORK (not sure what you mean by zone tab) what is in there now are the defaults (wan1 wan2, wan_1ppp, wan_22 ppp,aux) and the new vlan35.
As for talking to the ONT...........
No clue as to if that is possible nor really understand it.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | said by Anav:So what do you do on the ETHERNET TAB (interface) nothing? I have to clone the mac address here but what about get the IP automatically setting? Well, you will only do the cloning of MAC address. Your active WAN interface will be the VLAN interface you have just created. Set the Ethernet interface to static (unless your ONT can act as DHCP server w/o vlan tagging)
Looking at the zone menu item under NETWORK (not sure what you mean by zone tab) what is in there now are the defaults (wan1 wan2, wan_1ppp, wan_22 ppp,aux) and the new vlan35.
It looks like there are some small differences (like wlan1, wlan2 instead of ge2, ge3 on USG 300). Also zone setup might be slightly different.
My USG 300 default interfaces for zones are as follows:
LAN: ge1
WAN: ge2, ge3 (no ge2_ppp, ge3_ppp, aux)
DMZ: ge4, ge5
WLAN: ge6
There are also LAN1, LAN2 zones without assigned interfaces and ge7 is not assigned to any zone.
As for talking to the ONT...........
No clue as to if that is possible nor really understand it.
Edit: Just noticed that VLAN-33 is for management. Perhaps you would need another VLAN for interface for accessing the management interface of ONT (again if you care) |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to Anav
Okay I had mixed results.
I was able to pull an IP on the VLAN interface but I could not get data on any computers.
I cloned the mac address on the wan2 ethernet interface
I put wan as the zone and wan2 as the base on the vlan settings and get IP automatically. I think these parts worked.
The hard part was the wan 2 ethernet other settings.
I put in for static ip of 0.0.0.0 I had to fill a mask for this and ended up using 0.0.0.0
I am hoping this is where I went wrong as an explanation. I also tryed unchecking block intra zone traffic to see if that was interfering but no change.
half way there what else do I need to do.
by the way I have a second wan1 with cable on it, and I do not remember how I tell the router that wan2 is the primary.
THeir are metric settings for each interface but i seem to recall perhaps its an order thing on a list??
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Bump, need help getting this working.
(figured out my dual wan setup, via trunk, no worries there). |
|
DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | said by Anav:Bump, need help getting this working.
(figured out my dual wan setup, via trunk, no worries there).
Do you get blocks on firewall rules? I would enable logging on block rules to see if any packets are blocked. I am also not sure how your dual wan configuration is factoring in. I would forget dual wan initially and get this working with a single wan first. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Concur dual wan is not the issue. NO I did not check logs lol. I dont have any firewall rules that would pertain here. Not sure but will check if there needs to be some firewall rules for vlan interfaces I didnt think about that or know if there are any.
Can you confirm if the mask 0.0.0.0 is okay legit to put with the ip of 0.0.0.0 as a static address for the ethernet interface?? |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3
2 edits | reply to Anav
Tried again same results, nothing untoward in the logs. It shows vlan 35 becoming active, and router recreates dual wan rules. But I only have access to WAN1. When I remove WAN1, I have no internet access.
I checked my WAN to zywall rules and basically I have before the default rule one that blocks https. Then the default rule and then I added one after that blocks everything. This works fine all the time.
In other words,
the router works (fibre op on WAN2) with or without cable(wan1) enabled, when using the actioin tech in bridge mode to the USG.
Yes there are lots of packets both wan to zywall and wan to lan1 that are dropped in the logs but so what, the router works fine.
The issue has to be something else. I setup the vlan with the correct tag and it happily pulls an IP from the ONT (its in the WAN zone and affiliated correctly with WAN2.
Is there an additional policy route to make??
Is there an additional zone or trunk rule to make??
Do I have to use bridge to get vlan and ethernet interfaces connected?
Grasping at straws but maybe there is an issue with DNS in this configuration???
Where is bbarrera when you need him LOL.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
Reviews:
 ·Fairpoint Commun..
 ·Verizon FiOS
| Anav:
There may be clues in the support notes. In particular, the ZLD 2.21 Support Notes, starting on page 12. Frankly, I haven't internalized these or your present architecture, so I can't be too helpful, but one possible cause of your problem might be the manner in which load balancing is performed vis a vis the present naming conventions you have had to adopt.
kirby |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | I will have a re-look as I perused the support notes this morning and did not see anything particular and then read thru the UG again and have a few idea. |
|
| A VLAN to the WAN (there is a song waiting to be born here) is not something I've ever read about before, so you may be a pioneer of sorts.
kirby |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3
1 edit | No what it is doing is ensuring the WAN port or interface is part of the VLAN35 that the ISP has running on their fibreop for internet. They have another VLAN running for IPTV (vlan33).
Hmm maybe its because IM using open dns servers those are delineated on the lan1 page though.
Im thinking on the ethernet interface of wan2, that although 0.0.0.0 works for IP address I have to either put something diff than 0.0.0.0 for the mask or ignore the mask entry and put something in the for the gateway?? |
|
DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | said by Anav:No what it is doing is ensuring the WAN port or interface is part of the VLAN35 that the ISP has running on their fibreop for internet. They have another VLAN running for IPTV (vlan33).
Hmm maybe its because IM using open dns servers those are delineated on the lan1 page though.
Im thinking on the ethernet interface of wan2, that although 0.0.0.0 works for IP address I have to either put something diff than 0.0.0.0 for the mask or ignore the mask entry and put something in the for the gateway??
The fact that your vlan interface is able to get an IP via DHCP implies you are correctly set. I think leaving wan2 unconfigured is OK.
I think you might need to add the vlan35 interface to wan trunk. Most likely you are using SYSTEM_DEFAULT_WAN_TRUNK. Go to Configuration -> Interface -> Trunk. You can look at the default wan trunk but you cannot modify it. Create a new trunk (WAN_TRUNK) emulating the default and add your vlan35 interface to the trunk. Switch from default wan trunk to new user defined wan trunk on the same page and apply.
Hopefully this will get your vlan35 interface going.
If not, I would like you to try a few commands on console interface.
enable
show interface-group WAN_TRUNK
(you should see vlan35 as alive!)
also
show ip route
(You should see the current routing table of the router). You should see a 2+ routes for vlan35 interface. One of them should be the default route (0.0.0.0/0) through vlan35 interface gateway.
Good luck! |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Thanks will give trunk idea a go. I do have a configured Trunk already for my spillover dual wan setup but it includes wan 2 and not specifically vlan 35.......... hopefully thats the golden ticket. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Okay I stuck the VLAN in the truck (replaced the WAN2 with VLAN35). Still had no problems pulling an IP and noticed in the vlan traffic stats that it talked to the DNS servers I have entered in the lan1 side. BUT NO JOY for internet traffic.
For some reason there is a disconnect between LAN side and WAN2 - VLAN side. |
|
DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | said by Anav:For some reason there is a disconnect between LAN side and WAN2 - VLAN side. Did you check the output of the commands above. Do you see the default route for vlan35?
Another thing we might want to investigate at this point is NAT. I am not sure if router by default is doing NAT for vlan35. It might need manual NAT mappings. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3
1 edit | Not sure what you mean by see default route for vlan35.
In the vlan setting I state that the VLAN interface belongs to the WAN zone.
I state that the ethernet interface it runs (base port) on is wan2.
Im thinking maybe I should select LAN1 for zone????
Note on the Wan Ethernet interface, the type External is automatically selected. The manual states tthat the zywall automatically assigns snat settings and default route for traffic it routes from internal interfaces to external interfaces
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | said by Anav:Not sure what you mean by see default route for vlan35. Did you see the console commands I asked you to execute? I am interested on the output of "show ip route". Had you executed that command, you would see which route belongs to which interface.
Im thinking maybe I should select LAN1 for zone????
Note on the Wan Ethernet interface, the type External is automatically selected. The manual states tthat the zywall automatically assigns snat settings and default route for traffic it routes from internal interfaces to external interfaces. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3
1 edit | reply to Anav
First picture is current status quo....... the 14 is fibre op, the 20 is cable.
Second picture is with vlan activated and all associated changes made.
What is very interesting is that when I try to connect thru the vLAn, the router is NOT able to get to my cable WAN1 at all. It doesnt switch to WAN1 |
|
