crangle22
asked on
Setup 2 seperate Vlans with 1 TL-SG3424 managed switch
i have 1 TL-SG3424 managed switch & want to setup 2 seperate networks. network A cant see network B & vice versa. I have a basic vodafone HG658c efiber router which has no static route option. Any simple instructions on how to set this up please?
And is it possible with this hardware? Do we need a 2nd switch & another router?
vodafone router is 192.168.0.254
tp link switch is 192.168.0.1
i would like a separate network (192.168.2.x) which can still access the web
And is it possible with this hardware? Do we need a 2nd switch & another router?
vodafone router is 192.168.0.254
tp link switch is 192.168.0.1
i would like a separate network (192.168.2.x) which can still access the web
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
Any advise on how best to configure the router and firewall?
Eg Does the router have to be in bridge mode?
Do you have any links that might help?
An idiots guide!
Any advise on how best to configure the router and firewall?
Eg Does the router have to be in bridge mode?
Do you have any links that might help?
An idiots guide!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
not having much joy!
the switches default ip is 192.168.0.1
vodafone router is 1.1
zyxel firewall is 1.2
can i change the switch to 192.168.1.3 so i can easily access it & set the gateway to 1.1?
i setup 2 static routes on the firewall - 192.168.5.1 (called it vlan2) & 6.1 (vlan3)
on the switch i created vlan2 & set it to port 2 on the switch (thinking if i connected a pc to it, it would be in the range 5.1) didnt work!
i also thought that by calling them vlan2 on both the firewall & switch that they could communicate??
i know it must be easy if i just get the settings right!
i can send you all the screenshots later?
tearing my hair out!
the switches default ip is 192.168.0.1
vodafone router is 1.1
zyxel firewall is 1.2
can i change the switch to 192.168.1.3 so i can easily access it & set the gateway to 1.1?
i setup 2 static routes on the firewall - 192.168.5.1 (called it vlan2) & 6.1 (vlan3)
on the switch i created vlan2 & set it to port 2 on the switch (thinking if i connected a pc to it, it would be in the range 5.1) didnt work!
i also thought that by calling them vlan2 on both the firewall & switch that they could communicate??
i know it must be easy if i just get the settings right!
i can send you all the screenshots later?
tearing my hair out!
With this equipment you can have just two working VLANs on switch. You can change switch IP address to 1.3 switch should be in the same network as router for maintenance.
Static routes on firewall will do you no good since all traffic goes to default route. Static routes should be set on Vodafone router. If Zyxel WAN port IP address is 1.2 it is OK, if LAN IP is 1.2 it is not good.
Point here is that you have two separate networks, each behind NAT, and each network need to be in different IP range. All traffic from VLAN behind firewall will be sent to Vodafone router from WAN's IP address and Vodafone router have no idea that other network exists. So if you need to communicate - you need static route there to point to network behind firewall.
If WAN IP address is 192.168.1.2 and network behind firewall is 192.168.5.1/24 static route should be
ip route 192.168.5.1 255.255.255.0 192.168.1.2
Be free to attach screeshots - you know what thay say "one picture is worth a thousand words".
:)
Static routes on firewall will do you no good since all traffic goes to default route. Static routes should be set on Vodafone router. If Zyxel WAN port IP address is 1.2 it is OK, if LAN IP is 1.2 it is not good.
Point here is that you have two separate networks, each behind NAT, and each network need to be in different IP range. All traffic from VLAN behind firewall will be sent to Vodafone router from WAN's IP address and Vodafone router have no idea that other network exists. So if you need to communicate - you need static route there to point to network behind firewall.
If WAN IP address is 192.168.1.2 and network behind firewall is 192.168.5.1/24 static route should be
ip route 192.168.5.1 255.255.255.0 192.168.1.2
Be free to attach screeshots - you know what thay say "one picture is worth a thousand words".
:)
ASKER
Predrag! Here they are!!
I was using the zywall because there is no static route option on the vodafone router.
I cant seem to change the ip of the switch. it always defaults back to 192.168.0.1
I know this is all very messy!
switch1.docx
switch2.docx
switch3.docx
voda1.docx
Voda2.docx
voda3.docx
voda4.docx
zywall1.docx
zywall2.docx
zywall3.docx
zywall4.docx
zywall5.docx
zywall6.docx
zywall7.docx
zywall8.docx
I was using the zywall because there is no static route option on the vodafone router.
I cant seem to change the ip of the switch. it always defaults back to 192.168.0.1
I know this is all very messy!
switch1.docx
switch2.docx
switch3.docx
voda1.docx
Voda2.docx
voda3.docx
voda4.docx
zywall1.docx
zywall2.docx
zywall3.docx
zywall4.docx
zywall5.docx
zywall6.docx
zywall7.docx
zywall8.docx
Sorry for delay...
Since your Vodafone router is network 192.168.1.0/24, Zyxel needs to be some other network, otherwise firewall will not get IP on WAN from Vodafone router (you can set Zyxell LAN 192.168.100.0/24 anything other than 192.168.1.0/24) and turn on DHCP on firewall so network devices get IP address from the same range. Delete static routes on Firewall - you don't need those, all traffic for networks other than local network will be forwarded to Vodafone router.
Gateway address is always address in the same network range (Zyxell6) if network is 192.168.0.0/24 default gateway must be from the same range 192.168.0.x (that should be address of Firewall itself in this scenario) - your gateway for 192.168.5.0/24 network is 192.168.1.1 - impossible scenario). You don't need to create any VLAN on Firewall.
I am not familiar with Zyxell firewalls, there is possibility that firewall can route between VLANs, and in that case configuration should be completely different (and much better). But that would be even harder to configure then this.
Since your Vodafone router is network 192.168.1.0/24, Zyxel needs to be some other network, otherwise firewall will not get IP on WAN from Vodafone router (you can set Zyxell LAN 192.168.100.0/24 anything other than 192.168.1.0/24) and turn on DHCP on firewall so network devices get IP address from the same range. Delete static routes on Firewall - you don't need those, all traffic for networks other than local network will be forwarded to Vodafone router.
Gateway address is always address in the same network range (Zyxell6) if network is 192.168.0.0/24 default gateway must be from the same range 192.168.0.x (that should be address of Firewall itself in this scenario) - your gateway for 192.168.5.0/24 network is 192.168.1.1 - impossible scenario). You don't need to create any VLAN on Firewall.
I am not familiar with Zyxell firewalls, there is possibility that firewall can route between VLANs, and in that case configuration should be completely different (and much better). But that would be even harder to configure then this.
ASKER
thanks Predrag.
I will do my best to follow this!
It's all a bit complicated!
there must be an easier way to isolate the networks?
I will do my best to follow this!
It's all a bit complicated!
there must be an easier way to isolate the networks?
ASKER
any easy ways?
i just need to split the 2 networks (network a cant ping network b) but both need internet access.
i just need to split the 2 networks (network a cant ping network b) but both need internet access.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i gave up in the end!
Predrag was very helpful thanks.
Predrag was very helpful thanks.
ASKER
Would that work?