6

Iam trying to configure a network that looks like this:

enter image description here

My Vlans and static routing seams to work fine, i am able to ping between the VLANs. My problem is, when i try to make a connection to the internet, I get a time out when trying to ping, i am aware that i need to configure some sort of NAT. But cant quite figure out what goes wrong.

I have tried to create a Policy Route, when i apply the policy but there is a unstable pattern in the replies, got a lot of timeouts, then at ones there is connectivity for a while and then it dies again.

Here are screenshots of my configurations on FW1 and SW1

FW1:

Network -> Interface -> VLAN

enter image description here

Network -> Interface -> Port Role

enter image description here

Network -> Routing -> Static Route

enter image description here

Network -> Routing -> Policy Route

I have only added a rule and tested for the 102 vlan.

enter image description here

SW1:

Configuration -> VLANs -> VLAN Membership

enter image description here

Configuration -> VLANs -> Ports

enter image description here

Rune Jensen
  • 163
  • 1
  • 3
  • What router do you have for your WAN and does it have routes back to the other networks? – GerryEgan Nov 08 '13 at 13:08
  • Does Zyxel have a paid support option? I couldn't find any mention on the website, but I would think the do as they have a "Service Provider" line of equipment. – YLearn Nov 08 '13 at 15:43
  • @RuneJensen, I don't see any configuration for your "WAN" interface in anything you provided, nor for any routes to direct traffic to the internet. – YLearn Nov 08 '13 at 15:52

1 Answers1

2

I have the exact same setup as you (ZyXEL ZyWALL USG 100 and GS1910 switch). I had similar settings as you, but I did not create any static routes and my Network -> Interface -> VLAN page looked a bit different (not sure which of ours is more correct).

Anyways, I had the same problem with not being able to get out to the WAN from a VLAN. I was getting an IP address but traffic was not getting to the internet. Then it dawned on me... A FIREWALL RULE! I added a rule to allow traffic from the VLAN to the WAN and voila! (Note: All those other firewall rules in my screenshot are stock; they came pre-configured).

Also, I'm not sure what the "Policy Route" is used for. I disabled it, and everything is still working fine. Here are a couple screenshots from my environment that differ from the ones in your original question; hopefully it will help others in the future that try to setup a VLAN on Zyxel USG firewall routers:

FW1:

Network -> Interface -> VLAN

VLAN

Firewall

Firewall

Configuration -> Network --> Routing --> Policy Route

Note: I originally had this activated but I later deactivated it, as show in the screenshot, and everything continues to work fine as far as I can tell...

Policy Route

Configuration -> Network --> Routing --> Static Route

Static Route

Andrew Bucklin
  • 136
  • 4