dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1315
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

4 edits

ZyWall 2 Plus VLAN question

Edit #1: Never mind. Got it

Edit #2: For the benefit of others. I didn't know, and didn't find it documented, that the router is smart enough to automatically route traffic between different VLAN's (subnets). That said you still need firewall rules to allow/block traffic. In my case all traffic between different VLAN's is blocked except for the AP.

I've configured my Z2+ with a number of VLAN's (LAN, WLAN and DMZ) all with completely different subnets. All is working fine.

However I have one issue and am wondering if there's a solution.

My wireless AP connects to the Z2+ via a port that is designated as WLAN. That means it is in subnet2. However I'd like to be able to access the AP, for configuration/monitoring purposes, from my machines on my LAN (subnet1). Is there a way to do this?
--
Don't feed trolls--it only makes them grow!



dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast

as long as the firewall allows LAN to access WLAN I would think administering the AP shouldn't be an issue. Your AP must be configured to allow management through its LAN side and not just its Wifi side though.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to StuartMW

Hope you don't mind correcting the terminology a bit.
VLAN typically stands for virtual LAN something done on layer 2 »en.wikipedia.org/wiki/Virtual_LAN

Z2+ is not capable doing VLANs (ZyWall USG series is)

What you see there on Z2+ are multiple LANs, often referenced just as subnets or networks (the layer 3 stuff)

OSI model (the 7 layers en.wikipedia.org/wiki/OSI_model



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to dnoyeB

said by dnoyeB:

as long as the firewall allows LAN to access WLAN I would think administering the AP shouldn't be an issue. Your AP must be configured to allow management through its LAN side and not just its Wifi side though.

If the firewall permits the traffic the router should create the needed routes by default. However, inter-LAN routing can be disabled by CLI command (I'm 99% sure it's enabled by default though).
Point is, if it's not working you need to check the CLI and validate this.
Also the AP has to have proper default gateway set.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit
reply to Brano

said by Brano:

Z2+ is not capable doing VLANs (ZyWall USG series is)

Thanks for the clarification. I assumed the Z2+ had a VLAN capable switch and was using that. Still (firewalled) subnets are better than nothing.

FYI the AP was correctly configured etc as I'd been using it before (in a single subnet). The part I didn't know was

If the firewall permits the traffic the router should create the needed routes by default.

I thought I'd have to create routing between the subnets myself and couldn't figure out how.
--
Don't feed trolls--it only makes them grow!


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

said by StuartMW:

said by Brano:

Z2+ is not capable doing VLANs (ZyWall USG series is)

Thanks for the clarification. I assumed the Z2+ had a VLAN capable switch and was using that. Still (firewalled) subnets are better than nothing.

No worries, L3 firewall is OK.
What you have there is actually an 'Interface Network' or 'Interface Subnet'

From the CLI manual
enif0: LAN
enif1: WAN
enif2: DMZ
enif4: WLAN
wanif0: PPPoE/PPTP

So is it working now or not?
CLI guide here »ftp://ftp.zyxel.com/ZyWALL_2_Plus/cli_···e_guide/
somewhere there should be info how to enable/disable routing between lan networks


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by Brano:

So is it working now or not?

It's been working since this morning which is why I edited my original post

said by StuartMW:

Edit #1: Never mind. Got it

--
Don't feed trolls--it only makes them grow!


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to Brano

said by Brano:

CLI guide here »ftp://ftp.zyxel.com/ZyWALL_2_Plus/cli_···e_guide/
somewhere there should be info how to enable/disable routing between lan networks

Got the CLI manual already. Perhaps you don't remember but I used to maintain a website about the CLI commands.

»ZyWALL 2/2X 3.62 WH.1 CI Command List now in HTML!
--
Don't feed trolls--it only makes them grow!