dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
157

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav to NPB

Premium Member

to NPB

Re: ZyWALL USG 20W Setup

Okay it seems Jonatan (possibly a tech drive by LOL) provided a working solution as follows........
Hi.
I noticed that you have had some trouble with the USG 20W.
I sugest that you try the following:
(you will find guide with pictures attached.)
---
ZyWALL USG-20W
Guideline to create a bridge between LAN and WLAN subnet.

This guideline describes how to setup ZyWALL USG-20W to bridge between LAN and WLAN, so the wireless network is on same network as LAN1.

1.Select Network->Interface menu. Select the Bridge tab. Click Add.

2.Enable Interface. Select an Interface Name (br1) and select LAN1 as Zone.

3.Select the lan1 and wlan-1-1 interface as member.

4.Click the Show Advanced Settings button.

5.Type an Interface IP-address within a new subnet.

6.Set DHCP as DHCP-Server and type an IP Pool Start Address and Pool Size.

7.Set ZyWALL as First DNS Server. Click OK.

To allow traffic from Bridge-interface to the Internet, we need to create an address object and a policy route.

8.Go to Object->Address menu, and click Add.

9.Type a name for the address object. Select Interface Subnet as Address Type, and select the bridge interface.

Now we will complete the last steps, by creating a policy route.

10.Go to Network->Routing menu. Select Policy Route tab, and click Add.

11.Enable Interface.

12.Set Source Address as your bridge interface. Set Service Type as Any.

13.Set Next-Hop as Trunk, and select the SYSTEM_DEFAULT_WAN_TRUNK.

14.Select Outgoing-interface as Source Network Address Translation. Click OK.

Configuration is now completed. Clients on LAN and WLAN is now on same subnet, and are able to communicate through NetBIOS. All clients are also able to connect to the Internet.
---
NPB
join:2013-06-05
San Diego, CA

NPB

Member

Sorry but that's either not a complete solution, or there is an error in my understanding. That process leaves me with a frozen device at step 7. I input those exact settings, hit apply, and the device freezes up.
polarisdb
join:2004-07-12
USA

polarisdb to Anav

Member

to Anav
said by Anav:

ZyWALL USG-20W
Guideline to create a bridge between LAN and WLAN subnet.

This guideline describes how to setup ZyWALL USG-20W to bridge between LAN and WLAN, so the wireless network is on same network as LAN1.

1.Select Network->Interface menu. Select the Bridge tab. Click Add.

2.Enable Interface. Select an Interface Name (br1) and select LAN1 as Zone.

3.Select the lan1 and wlan-1-1 interface as member.

4.Click the Show Advanced Settings button.

5.Type an Interface IP-address within a new subnet.

6.Set DHCP as DHCP-Server and type an IP Pool Start Address and Pool Size.

7.Set ZyWALL as First DNS Server. Click OK.

To allow traffic from Bridge-interface to the Internet, we need to create an address object and a policy route.

8.Go to Object->Address menu, and click Add.

9.Type a name for the address object. Select Interface Subnet as Address Type, and select the bridge interface.

Now we will complete the last steps, by creating a policy route.

10.Go to Network->Routing menu. Select Policy Route tab, and click Add.

11.Enable Interface.

12.Set Source Address as your bridge interface. Set Service Type as Any.

13.Set Next-Hop as Trunk, and select the SYSTEM_DEFAULT_WAN_TRUNK.

14.Select Outgoing-interface as Source Network Address Translation. Click OK.

This is pretty much the procedure I used on my parents' USG20w with firmware version BDR.4. I wonder if OP got a bad unit if the GUI keeps locking up when configuring the bridge?

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

I suspect the bridge is hanging things up.

Polaris can you shed light on step...
When it says type an interface IP address with new subnet...

What does that mean ...... that were creating a brand new subnet and IP structure......... such as 192.168.20.1 ???
The data to be filled in this step including subnet^^ are not clear.

I suspect its this step that is buggering up the router.
polarisdb
join:2004-07-12
USA

polarisdb

Member

said by Anav:

I suspect the bridge is hanging things up.

Polaris can you shed light on step...
When it says type an interface IP address with new subnet...

What does that mean ...... that were creating a brand new subnet and IP structure......... such as 192.168.20.1 ???
The data to be filled in this step including subnet^^ are not clear.

I suspect its this step that is buggering up the router.

For step #5, the Interface IP-address within a new subnet is just the IP of the USG20w you want the bridge to use, in the case of your example 192.168.20.1. With the bridge in place everything is accessible in the 192.168.20.0 network instead of segregated into 192.168.1.0 for LAN1 and 10.59.1.0 for WLAN. There is a guide with the GUI screens here, although their example uses network 192.168.100.0 for the bridge.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Thanks I will try that on my non working USG. I also froze up the other day playing with bridge. I got the CLI error of death. Whenever i get that (Major Beef), I have physically reset router to defaults and upload a good configuration.
Another major beef is that often I get DNS issues when I reconnect the network. Its as if various PCs can get a new IP but their DNS does not reset or work. Not sure if its just me but its a pain in de butt. I have resorted to using zywall as my interface dns, vice putting in others such as dyndns or ISp directly
FirebirdTN
join:2012-12-13
Brighton, TN

FirebirdTN

Member

WOW! He joins two days ago, and gives up after one day???

Guess I must have some serious patience. I have come across quite a few projects that have taken me MUCH longer than a day to figure out.

Not meaning to wreck the OP's thread, but I don't think he is coming back anyway.....The ZyXel just never ceases to amaze me. Okay, so I am easily amused. I have configured MORE than my fair share of consumer grade routers, and "dabbled" in one or two "business grade" routers. I don't know what "extras" you get buy purchasing some of the expensive Cisco's, or Sonicwalls, but as far as I am concerned, my USG50 is the greatest thing since sliced bread. The only bad thing is I am constantly thinking to myself "I wonder if I can do x", configure it, and it has done everything I have asked. I am not doing anything too complicated, but wow, I LOVE this thing. My *BEST* computer related purchase EVER.

-Alan

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

My main problem is garbage in garbage out......... ie the weak link is me LOL.
jc112203
join:2013-06-07
Cortez, CO

jc112203

Member

Hey guys, I just happened to be in the same exact boat as Anav and the OP. I have been messing around with my Zywall USG 20W for about 3 or so months trying to figure a bunch of things out. One thing was this whole "Bridge my WLAN with my LAN" issue. Everytime I tried to make a bridge I got that CLI error and I have to reset the firewall to defaults.

I had all but given up on the project until I tried again last night and got it! I now have my LAN and WLAN bridged, pinging eachother and my NAS with my desktop and my smartphones and tablets. I will write down exactly how to do this and post again. I am at work ATM and I don't have time.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

JC, thats fantastic. Jpegs are great too.
Important is the order in which you were successful and by that I mean avoided the damn CLI errors LOL.
jc112203
join:2013-06-07
Cortez, CO

jc112203

Member

Click for full size
step 1
Click for full size
step 2
Click for full size
step 3
Click for full size
step 4
Okay here is how I created a virtual Bridge between my LAN1 and WLAN1 subnets. POST 1 of 2
jc112203

jc112203

Member

Click for full size
step 5

step 6
Click for full size
step 7
Click for full size
step 8
And here are the last steps. I also want to note that once you create the bridge your computer needs to aquire a new IP address and you need to re-connect to the Zywall Firewall using the new default gateway address 192.168.100.1 then proceed with the screenshots. I also wanted to point out I am using Firmware version 3.00(BDR.4) / 1.17 / 2013-01-18 16:53:20

Gork
Ou812ic
join:2001-10-06
Bountiful, UT

Gork

Member

My setup is a bit different; I'm only allowing a single computer on the WLAN to access the LAN. But I didn't use bridge or anything fancy. I simply assigned a static DHCP address to that computer (IP/MAC binding) and created a WLAN to LAN1 firewall rule allowing that computer to access "all". I was surprised it worked that easily, but it does.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Hi Gork, that was my initial thoughts simply create WLAN to LAN firewall rules to access resources on the LAN.

(1) Did you change any other settings (ie which zone the wlan was part of for example).

(2) Could you copy and ADD through that wlan to lan1 rule. Ie two way comms push and pull data??

Note: I would think you could pull only (copy) and not post data ie if doing ftp you could download but not upload - assuming perhaps incorrectly that one would need a lan1 to WLAN rule to be able to upload.
Anav

Anav to jc112203

Premium Member

to jc112203
JC, great tutorial there.
What I do not understand is how you decide which computers will get new IP (bridge IPs). DO you set those on the PCs statically? OR
now ALL PCs on LAN1 will no longerbe in LAN1 and will get dhcp from the bridged DHCP, or will this only force WLAN users onto the bridge LAN and get new IPs?

I understand the policy routing to ensure all bridged users (new IP) have access to the internet. The only subtle change would be to use a user defined trunk vice default if needed (already in place).

The other thing on the Policy route is incoming,,,,, why not state the bridge interface instead of any (except zywall). Its a routing policy for all those on the bridged interface??? Source you should be able to leave as ANY.
polarisdb
join:2004-07-12
USA

polarisdb

Member

said by Anav:

JC, great tutorial there.
What I do not understand is how you decide which computers will get new IP (bridge IPs). DO you set those on the PCs statically? OR
now ALL PCs on LAN1 will no longerbe in LAN1 and will get dhcp from the bridged DHCP, or will this only force WLAN users onto the bridge LAN and get new IPs?

After I set up the bridge, LAN1 & WLAN clients all got IPs from the bridged network.
jc112203
join:2013-06-07
Cortez, CO

jc112203 to Anav

Member

to Anav
said by Anav:

JC, great tutorial there.
What I do not understand is how you decide which computers will get new IP (bridge IPs). DO you set those on the PCs statically? OR
now ALL PCs on LAN1 will no longerbe in LAN1 and will get dhcp from the bridged DHCP, or will this only force WLAN users onto the bridge LAN and get new IPs?

I understand the policy routing to ensure all bridged users (new IP) have access to the internet. The only subtle change would be to use a user defined trunk vice default if needed (already in place).

The other thing on the Policy route is incoming,,,,, why not state the bridge interface instead of any (except zywall). Its a routing policy for all those on the bridged interface??? Source you should be able to leave as ANY.

Thanks,
As far as LAN and WLAN having their own separate IPs I think Zywall is referring to the physical bridge of the network, not the Logical. Think this: Zywall asking where to physically look for these clients to bridge them together, not what you logically defined as LAN and WLAN (not to be confused with changing Router Port Roles on the back of your Zywall).

As far as using a User defined Trunk yes, that is fine, except Trunking isn't really covered in my example. Setting up a working Trunk is a whole nother beast, so I simply used the one created by default in the Zywall.

I didn't set my rule as "any" because this hasn't worked for me in the past. It might be because I was doing other things wrong, but I find that when I am setting up a routing policy or a network object it is better to be more specific so that your policy/object doesn't have unintended consequences (like creating an exploit by accident). I guess I am just paranoid. (I am almost done getting my associates degree in Network Security)
said by polarisdb:

said by Anav:

JC, great tutorial there.
What I do not understand is how you decide which computers will get new IP (bridge IPs). DO you set those on the PCs statically? OR
now ALL PCs on LAN1 will no longerbe in LAN1 and will get dhcp from the bridged DHCP, or will this only force WLAN users onto the bridge LAN and get new IPs?

After I set up the bridge, LAN1 & WLAN clients all got IPs from the bridged network.

Correct, All clients will now use the B ridged network's IP. This shouldn't be a problem because we want traffic to be routed to eachother anyway.

Gork
Ou812ic
join:2001-10-06
Bountiful, UT

Gork to Anav

Member

to Anav
said by Anav:

(1) Did you change any other settings (ie which zone the wlan was part of for example).

(2) Could you copy and ADD through that wlan to lan1 rule. Ie two way comms push and pull data??

1) Not that I recall... wlan-1-1 shows in the WLAN zone and my LAN shows in the LAN1 zone... And the laptop is assigned an IP address in the wlan-1-1's range of 192.* whereas LAN1 is 10.*.

2) It's been awhile since I had my laptop at home, but I can't imagine I wouldn't have used it to upload and download information from and to the LAN (where my file server is) when it was connected through the WLAN. But I don't precisely recall for sure. I do have a LAN1 to ANY (excluding ZyWALL) rule in place though. I actually tried not to pipe up with details herein because I would have liked to completely test with my laptop before posting - just to be sure. But I couldn't keep my mouth shut.

Now that you bring it up, however, it does seem that I initially set up the WLAN on the LAN1 zone to allow for the type of activity we're discussing and it worked perfectly. (I had forgotten I did this.) From memory, it was very simple with no bridges or the like necessary. I later made the changes I did (as I've described) because I really only wanted my own laptop to be able to connect to LAN1 network resources, not anyone who wants Internet access on their own device who might be visiting.