dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2105

StuartMW
Premium Member
join:2000-08-06

4 edits

StuartMW

Premium Member

ZyWall 2 Plus VLAN question

Edit #1: Never mind. Got it

Edit #2: For the benefit of others. I didn't know, and didn't find it documented, that the router is smart enough to automatically route traffic between different VLAN's (subnets). That said you still need firewall rules to allow/block traffic. In my case all traffic between different VLAN's is blocked except for the AP.

I've configured my Z2+ with a number of VLAN's (LAN, WLAN and DMZ) all with completely different subnets. All is working fine.

However I have one issue and am wondering if there's a solution.

My wireless AP connects to the Z2+ via a port that is designated as WLAN. That means it is in subnet2. However I'd like to be able to access the AP, for configuration/monitoring purposes, from my machines on my LAN (subnet1). Is there a way to do this?

dnoyeB
Ferrous Phallus
join:2000-10-09
Southfield, MI

dnoyeB

Member

as long as the firewall allows LAN to access WLAN I would think administering the AP shouldn't be an issue. Your AP must be configured to allow management through its LAN side and not just its Wifi side though.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano to StuartMW

MVM

to StuartMW
Hope you don't mind correcting the terminology a bit.
VLAN typically stands for virtual LAN something done on layer 2 »en.wikipedia.org/wiki/Vi ··· tual_LAN

Z2+ is not capable doing VLANs (ZyWall USG series is)

What you see there on Z2+ are multiple LANs, often referenced just as subnets or networks (the layer 3 stuff)

OSI model (the 7 layers en.wikipedia.org/wiki/OSI_model
Brano

Brano to dnoyeB

MVM

to dnoyeB
said by dnoyeB:

as long as the firewall allows LAN to access WLAN I would think administering the AP shouldn't be an issue. Your AP must be configured to allow management through its LAN side and not just its Wifi side though.

If the firewall permits the traffic the router should create the needed routes by default. However, inter-LAN routing can be disabled by CLI command (I'm 99% sure it's enabled by default though).
Point is, if it's not working you need to check the CLI and validate this.
Also the AP has to have proper default gateway set.

StuartMW
Premium Member
join:2000-08-06

1 edit

StuartMW to Brano

Premium Member

to Brano
said by Brano:

Z2+ is not capable doing VLANs (ZyWall USG series is)

Thanks for the clarification. I assumed the Z2+ had a VLAN capable switch and was using that. Still (firewalled) subnets are better than nothing.

FYI the AP was correctly configured etc as I'd been using it before (in a single subnet). The part I didn't know was

If the firewall permits the traffic the router should create the needed routes by default.

I thought I'd have to create routing between the subnets myself and couldn't figure out how.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano

MVM

said by StuartMW:

said by Brano:

Z2+ is not capable doing VLANs (ZyWall USG series is)

Thanks for the clarification. I assumed the Z2+ had a VLAN capable switch and was using that. Still (firewalled) subnets are better than nothing.

No worries, L3 firewall is OK.
What you have there is actually an 'Interface Network' or 'Interface Subnet'

From the CLI manual
enif0: LAN
enif1: WAN
enif2: DMZ
enif4: WLAN
wanif0: PPPoE/PPTP

So is it working now or not?
CLI guide here »ftp://ftp.zyxel.com/ZyWALL_2_P ··· e_guide/
somewhere there should be info how to enable/disable routing between lan networks

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

said by Brano:

So is it working now or not?

It's been working since this morning which is why I edited my original post
said by StuartMW:

Edit #1: Never mind. Got it

StuartMW

1 recommendation

StuartMW to Brano

Premium Member

to Brano
said by Brano:

CLI guide here »ftp://ftp.zyxel.com/ZyWALL_2_P ··· e_guide/
somewhere there should be info how to enable/disable routing between lan networks

Got the CLI manual already. Perhaps you don't remember but I used to maintain a website about the CLI commands.

»ZyWALL 2/2X 3.62 WH.1 CI Command List now in HTML!