dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
689
phayze
join:2013-09-17
singapore

phayze

Member

Zyxel USG50 & Cisco SG300-10

USG50 does not assign IP to port 1 when it is in VLAN2 using the setting below

Cisco Switch
Port 2 to 10 - VLAN1(Default VLAN)
Port 1 & 10 - VLAN2 (For Guest Access - to isolate port 1 from access LAN in Port 2 to 9)
(Port 10 is connect to USG50 LAN1)

But if i create VLAN like below, i am able to get it work.
Port 10 - VLAN1
Port 2 to 10 - VLAN2
Port 1 & 10 - VLAN3
(Port 10 is connect to USG50 LAN1)

Anyone know the reason why is this so? I do not want to move away from default vlan as i will lose access to the switch management if i connect from any port from 2 to 9. Port 1 is for guest access, internet use only.

Anyone can help?
C4Xplosive
join:2002-02-21
Vancouver, WA

C4Xplosive

Member

I'm guessing you are trunking port 10? Would be interesting to see the exact configs to know for sure whats going on, but ZyXel implements VLAN's in a very, weird way.

As far as accessing the switch management goes that's easy. In the Cisco switch all you'd need to do is add a physical ip address to the VLAN interface for each one with a ip from the subnet they would be assigned.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith to phayze

Member

to phayze
In Cisco terminology, port 10 here has to be assigned as a trunk port in the switch setup menus, and the other ports have to be access ports (unless they go to another switch that deals with VLAN tags).

The VLAN setup menu in the USG need to know that the IP address of the switch (it should be set to the subnet of the LAN1 USG IP address) as the next hop to the VLAN client addresses.

(I have an SG200-26 so the 300 series will have added complexity, I expect.)

Each VLAN established in the switch has to also be established in the USG unless no VLAN tags for that VLAN ever get to the USG and the USG doesn't have to do DHCP for the VLAN in question.

kirby
phayze
join:2013-09-17
singapore

phayze

Member

I am getting lost now. I am using USG50 Zone and firewall policy to allow guest access to internet only. I am learning to use layer 2 to restrict.

Typo error in the first post.

If i create VLAN like below, i am able to get it work.
None - VLAN1
Port 2 to 10 - VLAN2
Port 1 & 10 - VLAN3
(Port 10 is connect to USG50 LAN1)
phayze

phayze

Member

Thanks everyone for the replies. I have got it work already.