dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
740
share rss forum feed


net problem

@2.229.15.x

Zyxel GS1510-16 problem

hi all, I have a GS1510-16 switch and I am trying to create 2 VLANS. VLAN 1 and VLAN 2. VLAN 2 contains the ports 1-8. VLAN 1 contains the ports 9-16. internet enters in port 1 directly from the ISP. then from port 3, it goes to a firewall. The firewall takes internet from port 3, transforms it to a protected internet and sends it to port 9, that is part of VLAN 1. so practically the VLAN 2 is DMZ and VLAN 1 is PROTECTED. the problem is that when I try to apply this configuration in my switch, the whole PROTECTED zone goes offline and after rebooting the switch i see that the VLAN 1 configuration is not saved as port 9-16 anymore but as ports 1-16, so practically all ports... it doesn't save the configuration if rebooted. The firmware is the latest one offered from the zyxel website. anyone that can help ?



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Your approach seems very weird.
Please state your requirements more clearly without stating the words VLAN or port.

In other words describe what functionality you desire. It appears you have two groups of users?? Go from there describing what they need in terms of access tot he internet, to devices (printers etc). Is any interaction needed between the groups?

If you have other pieces of equipment in the mix (you stated firewall). State the current function or intended use of that equipment.

With the above then we can design the switch setup that makes sense.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


HELLFIRE
Premium
join:2009-11-25
kudos:17
reply to net problem

said by net problem :

internet enters in port 1 directly from the ISP. then from port 3, it goes to a firewall. The firewall takes internet from port 3, transforms it to a protected internet and sends it to port 9, that is part of VLAN 1. so practically the VLAN 2 is DMZ and VLAN 1 is PROTECTED.

You also know this design practically is a major fail security-wise, and introduces a single point of
failure overall? Nevermind you're looping your traffic several times thru the switch... switches do
NOT have any sort of brains against looped traffic.

What make / model firewall are you using here? I also second Anav See Profile's thoughts of not worrying
about the GS1510 and focusing on more what you want your design to do for you.

Regards