VLAN routing between NXC2500 and USG210

WojtasWojtas Member Posts: 7
edited January 8, 2021 5:07PM in Discussions
Hello, 

I would like to build a network with dynamic VLAN's based on 802.1X. Network topology looks like this

I have:
- USG210
- NXC2500
- GS1920-24Hv2
- 4x WAC6303D-S

On USG210 I have a few Site 2 Site to AWS and Azure clouds. The old network topology has no VLANS and all traffic from local networks was routed to AWS / Azure. 

All addresses in security groups, ACLs, routes tables have IPs from VLAN10 (192.168.10.0./24). When I add NXC2500 between USG210 and GS1920 the routing stops working. 

My first idea is to set up NAT Many 1:1 NAT for  incoming traffic from VLAN10  and use the same IP range as the mapped IPs range.

Should it start working? Do you have other ideas how to solve the issue?  

EDIT:

Maybe do you know how to achieve it with route policy?
Tagged:

Comments

  • Nebula_FredaNebula_Freda Moderator, Zyxel Offical Agent Posts: 302  mod
    Hi @Wojtas ,
    Because there's no VLAN in the original topology, you have to add VLAN interface on USG210, NXC2500, and  GS1920 to let the VLAN traffic pass. And, Because the dynamic VLAN setting is in the NXC controller, it only supports radius server type “Internal” in CONFIGURATION > Object > AP Profile > SSID > Security List.

    Here's an example for how to setup the dynamic VLAN on NXC2500 for your reference.

  • @Nebula_Freda thank you for the answer.

    I set up VLANs on USG210, with base port P4 (my LAN interface).

    On NXC2500 I added ports GE1 and GE2 as VLANs with Tx Tagging. GE1 has type: general, and GE2 has internal.

    Connections to clouds working... but strange thing....

    When DHCP server for VLANs was on NXC, the client got correct network configuration but had no internet access. When I moved the DHCP server to USG, everything started working normally....?!?!?
  • ZYXEL_JoslynZYXEL_Joslyn Member, Zyxel Offical Agent Posts: 274  mod
    Hi @Wojtas

    Since NXC will add the routing for the NXC DHCP client automatically, we have to add it by ourselves. If the NXC will release the same IP address subnet with USG, as my testing, I have to add the gateway(USG VLAN interface) in the NXC VLAN setting.

    If it still does not work, can you provide the configurations of USG, NXC and Switch for us to test? Please send them via private message.
    Thanks.

    Joslyn
  • Thank you @Zyxel_Joslyn

    I can't test it now, but will do it in next week, , and I will let you know. Please don't close the topic.
Sign In to comment.