| USG50 Subnet Traffic I'm in the process of migrating from an Untangle box to a new USG50 and am running into a bit of an issue that I haven't been able to wrap my mind around.
I currently use 2 subnets (10.1.1.x and 10.1.2.x) to segment data traffic from security cam traffic. All the cams are assigned static ip's on the .2 subnet along with their NVR.
There is only 1 cable going from Lan1 to my switch (this is also true on the Untangle setup) however Untangle has a feature where you can assign an "Alias" to an adapter letting it act as if it's also part of another subnet, in my case 10.1.1.254/24 has an alias of 10.1.2.254/24 which is how I've been able to access my cams and NVR from the .1 subnet.
Seems that I can't find the secret sauce to get the USG50 to behave in a similar fashion. I've tried a static route, disabling the firewall and several other attempts but have not been successful. I can't ping any device on .2 from .1 however I can ping Lan2 which is configured as 10.1.2.254 so I can see the interface just not the devices.
Any suggestions would be super appreciated!
Miguel |
|
 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:3
 ·Bell Fibe
| First of all, IP Alias does not give you any security in terms of traffic separation. Everyone on the same cable / switch can listen to both of the LANs.
If you really want to separate the traffic you need to either use port based subnets or VLANs. In either case both can't run through the same cable.
To answer your questions, IP alias on ZyNOS device would be equal to Virtual Interface on ZLD devices (configure on interface settings pages). |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to MIGUEL
Not sure how you get one cable into the box from all the devices. Surely there are switches in mix. As Brano stated simply go to the switch where the ONE wire is coming from and wire a second cable from that switch to a separate port on the USG and run this as a separate LAN2 etc.. Conversely, it may be possible to tag all the cameras etc at the switch level with VLAN tags which the router will recognize as well.
In any event you need to let us know the switch situation (smart switches??)
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
| Sorry guys I might have thought the switches would have been implied LOL
I added the Virtual Interface to Lan1 as Lan 1:1 10.1.2.254/24 and viola it's working just as the Untangle box did.
The Cams (10.1.2.x) are on a Netgear GS110TP PoE (10.1.2.250) switch that is connected to a Cisco SLM2024 (10.1.1.250) which is linked to another SLM2024 (10.1.1.253) in the lan closet. 1 cat5 cable comes out of port 24 on the SLM2024 and goes to the Lan1 port on the USG50 and wan1 on the usg50 is connected to the DSL modem.
miguel |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | As noted by Braino, suggest you change the configuration so that its actually secure, if that is the goal or at least the requirment. |
|
