VLAN to Internet

X101
X101 Posts: 4  Freshman Member
First Comment
edited April 2021 in Security

Hi everyone, been trying to get this to work with no success. Any help will be appreciated.

Setup: ISP > Layer 3 switch > WAN1 on USG100.

Switch manages vlan10 (VOIP) 10.10.15.0/24, gateway is 10.10.15.1, Static IP for LAN1 is 192.168.1.254

USG 100 (192.168.1.1) manages Lan1 (computers)

From vlan I can ping 192.168.1.254, but can’t ping 192.168.1.1.

From switch I can ping 192.168.1.1.

From lan1 I can ping 10.10.15.1

Trying to provide vlan access to internet.

 I tried policy route > source 10.10.15.0/24 > Next Hop wan1 (and next hop trunk)

Also Disabled firewall temporarily.

Can someone help point me in the right direction.

 

Thanks in advance.

Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello X101,
    For this case, 
    could you please pm me your USG configuration for check further.
    Moreover, please share more details of your topology with IP address(if possible, please draw it and share)
    Charlie
  • X101
    X101 Posts: 4  Freshman Member
    First Comment
    I sent you a PM. Thanks.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello X101,
    After checking with your configuration, please delete the static route which I show you as below. You dont need this rule, because the device will do this routing automatically. After I deleted it, the PC can access internet locally. If still cannot surf network on you site, you need to double check configuration on your switch.

    Charlie

  • X101
    X101 Posts: 4  Freshman Member
    First Comment

    I had that in there to test only. Forgot to remove it before sending it to you. It wasn't working before I added that and after.

  • X101
    X101 Posts: 4  Freshman Member
    First Comment
    Will look at the switch again. Thanks.
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Hi X101,
    on a USG device, in some cases i had to enable RIP v1 and v2 in the vLAN config to get connected to the internet.

    You wrote
    "Switch manages vlan10 (VOIP) 10.10.15.0/24, gateway is 10.10.15.1, Static IP for LAN1 is 192.168.1.254".
    Is the static IP for LAN1 configures in the part "IP Address assignment" in the filed "IP Address ?
    By a default config, the IP Address value is 192.168.1.1 and subnet 255.255.255.0 / IP-Pool starts at 192.168.1.33.

    Is the vLAN lcated in a seperate ZONE on the USG ? what is your actually status ?

    brg
    Christian

Security Highlight