dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1187
share rss forum feed


Gir888

@mckinleycc.org

Zyxel USG 20 Routing Policy

Click for full size
Hello All,

I'm new to Zyxel, and was hoping I could get some assistance. I've attached a quick diagram I drew up hoping it would help explain what i'm trying to accomplish. We currently have 3 DSL lines coming in, and would like for VLAN 33 users to use a dedicated DSL line for internet ONLY. But...when trying to access the internal resources, it should be hitting 10.10.2.X network.

We have a L3 switch (HP) that has multiple vlans. The main vlan we'll be working with is 192.168.12.X/24. Within the HP switch, I put an ip helper-address which points to my DHCP server which then hands out the addresses to our users if their ports are in VLAN 33.

With me so far?

Within my DHCP server, I set my scope options to point to 192.168.12.5 (Zyxel router), and also the DNS is pointing to 192.168.12.5. So all my computers in VLAN 33 are getting the proper addresses through DHCP and can get out to the internet, but now I need help routing them over to 10.10.2.X when trying to reach any resources internally. Also, is it possible to point the DNS back to my server so it knows how to reach X@mydomain.com.

note: All vlans can see each other (pingable) from within the vlan interfaces.

Thanks in advance


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

I love the diagram, I feel like im in a classroom (takes me back oh 30 years).

I am confused, when you say you have 3 dsl lines coming in.
Do you mean you have three public IP addresses to use or three separate modems and lines from the same ISP (which would make no sense in terms of redundancy and throughput - just get one fatter single pipe and a cable ISP for backup redundancy wired, and a third cellular account just in case).

Im confused why you set the router LANIP to .12 when it should be .1 (I dont think it matters but any setups seem to show this sort of nomenclature).
Oh I see youve not used the router as your DHCP device, which I also find confusing. What advantage is to be gained by removing the DHCP functionality at least at the top level from the USG.

The router can also read VLAN tagged data so that should not be an issue.

Im also confused when you say one DSL line for internet only. Well please let me know what other use can you make of a DSL line other than a connection to the internet???????

Or do you mean you only wish VLAN33 users to access the internet and not any internal bits.

Or do you mean that of the three dsl lines VLAN 33 users can only use one of them and the other two for everybody else.....

Why would VLANs be setup to see each other Ithought they were for segmenting groups..........

+++++++++++++++++++++++++++++++++++++++++++++++++

Bottom line is that your half and half describing requirements with solutions you think that will work and only end up confusing simpletons like me.

What I need is a discussion of your requirements and dont use the words, router, switch, vlan DNS, server. IN other words what are the functional requirements?? What work needs to be done what access to what resources are required to do that work. who is doing the work and what access should they have to the resources.

My sense is that you
a. dont need a separate DHCP server
b. done need vlans.

But will wait for better clarification of your WORK requiremnts.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment



Gir888

@mckinleycc.org

Sorry I guess I did include unnecessary information. Not really sure if your making fun of the diagram, or if it was not detailed enough lol.

Simply put. I have a group of users that have been using the company's resources for streaming, downloading, etc . But now we've put in a dedicated line, specifically for their internet access to avoid any slow downs for the main line. All while still granting them access to the internal resources.

The 3 DSL lines are used for separate groups. ex. Group 1 goes over DSL line #1. When I mentioned INTERNET ONLY. I meant when Group 1 wants to reach the internet it will only go through DSL line #1.

We have multiple VLAN's configured to route to a specific DSL line, but it does not grant them access to any internal bits as you mentioned. However, the "VLAN 33" is the exception in this case.

There is no requirement for the DHCP server, I was just testing some ideas.

Hope this helps. Thanks for taking the time and trying to help out.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to Gir888

Well lets start at the DSL ISP end. When you say you have three lines I am still confused. The zyxel 20 is not a multiWAN router, from what I recall it can accept only one line. How are you getting three into it^^^^



Gir888

@mckinleycc.org

The Zyxel is only handling one DSL line. The other two have dedicated routers/modems that are being used by the specified groups.
Ex. Group 2 is using the second line , Group 3 is using the last line. As mentioned, both these groups do not have access to the internal resources.

success = Group 1 use the DSL line for web browsing, while maintaining access to the internal network.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Well thats another story altogether.
Basically you have a group of users on an internal LAN that has nothing to do with the zyxel router and its connection to the internet.

I am not sure how the heck you would do this unless their computers had two ethernet cards^??? They cant be part of two different LANs at the same time. You need an ISP that is giving you multiple IP addresses and a router that can handle multiple IP addresses or a multiwan router.......
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment