Port link from VPN300 on V4.60 causes VLAN problems for USG60W

PeterUKPeterUK Member Posts: 741  Guru Member
edited November 4, 2020 7:59PM in ZyWALL VPN Series

So this is the setup

v9lqvcve2wox.png (2590×2455) (v-cdn.net)


Whats not shown is VLAN's 6,53,443 on based port LAN1 with tagged ports 1 and 2 on NETGEAR M4100-D12G for the VLAN's

on USG60W

VLAN6

192.168.255.241/255.255.255.192

VLAN53

192.168.53.11/255.255.255.240

VLAN443

192.168.44.6//255.255.255.248


So with VPN300 on V4.60 and I ping to 192.168.53.11 from 192.168.53.2 I get timeouts if I inactivate ge6 on the VPN300 same problem but here is when things get odd if I unplug ge6 then ping to 192.168.53.11 works! I go back to V4.39(ABFC.0)ITS-WK38-r96153 with ge6 plugged in and a activate no problem.


Comments

  • Zyxel_CharlieZyxel_Charlie Moderator, Zyxel Offical Agent Posts: 996  mod
    @PeterUK
    When the issue occur, can you packet capture Vlan53 interface, and VPN300's ge6 for check further.
  • PeterUKPeterUK Member Posts: 741  Guru Member

    So I have gone back to the V4.60 for more testing and things get odder if I unbound MAC rule on the Netgear M4100-D12G G2toG3 which mirrors the ARP then ping works fine but if I bound G2toG3 and put a switch between VPN300 G6 port to Netgear M4100-D12G port 3 that works too!

    So whats going on here? I can connect VPN300 G6 port to Netgear M4100-D12G port 3 on V4.39(ABFC.0)ITS-WK38-r96153 fine but with V4.60 I need a switch between VPN300 G6 port to Netgear M4100-D12G port 3 for the same setup to work!


  • PeterUKPeterUK Member Posts: 741  Guru Member
    Tried 460ABFC0ITS-WK48-r97191 same problem.
  • Zyxel_CharlieZyxel_Charlie Moderator, Zyxel Offical Agent Posts: 996  mod
    edited December 16, 2020 9:09AM
    @PeterUK
    Regarding to this case,
    we would like to compare the routing trace, and IP route on issued situation and non-issued environment on USG60W and VPN300. Please private message the compared result which you have got.
    Reproduce the issue
    Ping: 192.168.53.2 to 192.168.53.11 continuously. Go to USG60W's and VPN300's routing traces press capture. The screenshot the result.
    Type the "show ip route" via console
    EX:


  • PeterUKPeterUK Member Posts: 741  Guru Member

    I think I might know the cause of this and change between V4.39 and V4.60 the ingress to ge6 it not filtering untag and tag packets so for ge6 there are no VLAN to it base port but V4.60 is seeing these tag VLAN packets and causing the problem instead of dropping them?


  • PeterUKPeterUK Member Posts: 741  Guru Member
    So this is a mystery and case left open why everything works fine with V4.39 so I have done another way to DHCP the LAN which works with V4.60.
Sign In to comment.