phayze join:2013-09-17 singapore |
phayze
Member
2014-Apr-29 12:29 pm
Zyxel USG50 & Cisco SG300-10USG50 does not assign IP to port 1 when it is in VLAN2 using the setting below
Cisco Switch Port 2 to 10 - VLAN1(Default VLAN) Port 1 & 10 - VLAN2 (For Guest Access - to isolate port 1 from access LAN in Port 2 to 9) (Port 10 is connect to USG50 LAN1)
But if i create VLAN like below, i am able to get it work. Port 10 - VLAN1 Port 2 to 10 - VLAN2 Port 1 & 10 - VLAN3 (Port 10 is connect to USG50 LAN1)
Anyone know the reason why is this so? I do not want to move away from default vlan as i will lose access to the switch management if i connect from any port from 2 to 9. Port 1 is for guest access, internet use only.
Anyone can help? |
|
|
I'm guessing you are trunking port 10? Would be interesting to see the exact configs to know for sure whats going on, but ZyXel implements VLAN's in a very, weird way.
As far as accessing the switch management goes that's easy. In the Cisco switch all you'd need to do is add a physical ip address to the VLAN interface for each one with a ip from the subnet they would be assigned. |
|
|
to phayze
In Cisco terminology, port 10 here has to be assigned as a trunk port in the switch setup menus, and the other ports have to be access ports (unless they go to another switch that deals with VLAN tags).
The VLAN setup menu in the USG need to know that the IP address of the switch (it should be set to the subnet of the LAN1 USG IP address) as the next hop to the VLAN client addresses.
(I have an SG200-26 so the 300 series will have added complexity, I expect.)
Each VLAN established in the switch has to also be established in the USG unless no VLAN tags for that VLAN ever get to the USG and the USG doesn't have to do DHCP for the VLAN in question.
kirby |
|
phayze join:2013-09-17 singapore |
phayze
Member
2014-Apr-30 10:46 am
I am getting lost now. I am using USG50 Zone and firewall policy to allow guest access to internet only. I am learning to use layer 2 to restrict.
Typo error in the first post.
If i create VLAN like below, i am able to get it work. None - VLAN1 Port 2 to 10 - VLAN2 Port 1 & 10 - VLAN3 (Port 10 is connect to USG50 LAN1) |
|
phayze |
phayze
Member
2014-May-1 8:22 am
Thanks everyone for the replies. I have got it work already. |
|