Hey /r
Somehow I'm unable to get VLAN's working in my lab setup which we will implement to our customers once we get some more understanding on it. We have an USG 50.
In my setup I have created 1 vlan, assigned it to the LAN port and hooked up a client to the LAN port.
I setup DHCP on my vlan but the notebook is refusing to get an IP address.
There is no switch between the USG 50 and the client.
I also do not understand how the Notebook should know it is assigned vlan10 ?
I am used to cisco devices to which a specific vlan was assigned to a specific port. Yet this should be able to work with tagging? We want to configure this port to have (for example, VLAN10, VLAN20, VLAN30, etc...) and that servers will get vlan20, clients vlan30, AP devices vlan10, etc....
This is my current setup:
hardware-watchdog-timer 10 ! software-watchdog-timer 300 ! interface-name ge1 wan1 interface-name ge2 wan2 interface-name ge3 lan1 interface-name ge4 lan2 interface-name ge5 dmz ! port-grouping lan1 port 3 port 4 port 5 ! port-grouping lan2 ! port-grouping dmz port 6 ! account pppoe WAN1_PPPoE_ACCOUNT ! account pppoe WAN2_PPPoE_ACCOUNT ! ip dhcp pool LAN1_POOL network 192.168.1.0/24 default-router 192.168.1.1 first-dns-server ZyWALL starting-address 192.168.1.33 pool-size 200 lease 2 ! ip dhcp pool LAN2_POOL network 192.168.2.0/24 default-router 192.168.2.1 first-dns-server ZyWALL starting-address 192.168.2.33 pool-size 200 lease 2 ! ip dhcp pool DMZ_POOL network 192.168.3.0/24 default-router 192.168.3.1 starting-address 192.168.3.33 pool-size 200 first-dns-server ZyWALL lease 2 ! ip dhcp pool Network_Pool_VLAN10 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 starting-address 192.168.10.3 pool-size 30 first-dns-server 192.168.1.1 second-dns-server 8.8.8.8 lease 2 0 0 ! interface wan1 ip address dhcp type external ! interface wan2 ip address dhcp type external ! interface lan1 ip address 192.168.1.1 255.255.255.0 ip dhcp-pool LAN1_POOL type internal ! interface lan2 ip address 192.168.2.1 255.255.255.0 ip dhcp-pool LAN2_POOL type internal ! interface dmz ip address 192.168.3.1 255.255.255.0 ip dhcp-pool DMZ_POOL type internal ! interface vlan10 port lan1 vlan-id 10 ip address 192.168.10.1 255.255.255.0 upstream 1048576 downstream 1048576 mtu 1500 type internal ip rip send version 2 ip rip receive version 2 ip ospf priority 1 ip ospf cost 10 ip dhcp-pool Network_Pool_VLAN10 ! interface wan1_ppp account WAN1_PPPoE_ACCOUNT ! interface wan2_ppp account WAN2_PPPoE_ACCOUNT ! address-object LAN1_SUBNET interface-subnet lan1 address-object LAN2_SUBNET interface-subnet lan2 address-object DMZ_SUBNET interface-subnet dmz address-object IP6to4-Relay 192.88.99.1 ! eps warning-message windows-auto-update enable ! eps warning-message windows-security-patch enable ! eps warning-message personal-firewall enable ! eps warning-message anti-virus enable ! isakmp policy Default_L2TP_VPN_GW mode main transform-set 3des-sha 3des-md5 des-sha lifetime 86400 local-ip interface wan1 peer-ip 0.0.0.0 0.0.0.0 authentication pre-share local-id type ip 0.0.0.0 peer-id type any xauth type server default deactivate group2 deactivate ! crypto map Default_L2TP_VPN_Connection ipsec-isakmp Default_L2TP_VPN_GW encapsulation transport transform-set esp-3des-sha esp-3des-md5 esp-des-sha set security-association lifetime seconds 86400 set pfs none scenario remote-access-server adjust-mss auto deactivate remote-policy any ! vpn-configuration-provision authentication default ! router rip ! router ospf ! zone LAN1 interface lan1 ! zone LAN2 interface lan2 ! zone WAN interface wan1 interface wan1_ppp interface wan2 interface wan2_ppp block ! zone DMZ interface dmz block ! zone SSL_VPN ! zone IPSec_VPN crypto Default_L2TP_VPN_Connection ! zone TUNNEL ! ip http server ! ip http secure-server cert default ip http secure-server ip http secure-server force-redirect ip http secure-server cipher-suite aes 3des des rc4 ! hostname zywall-usg-50 ! ip ssh server cert default ip ssh server ! console baud 115200 ! ip ftp server cert default ip ftp server ! ntp ! snmp-server ! ip load-balancing link-sticking activate ! no firewall activate ! ! session-limit activate session-limit limit 1000 ! session-limit6 activate session-limit6 limit 1000 ! idp signature update auto ! idp signature update weekly sun 0 ! idp signature LAN_IDP base lan ! idp signature DMZ_IDP base dmz ! idp anomaly ADP_PROFILE base all flood-detection tcp-flood block flood-detection udp-flood block flood-detection icmp-flood block flood-detection ip-flood block flood-detection icmp-flood threshold 1000 flood-detection ip-flood threshold 1000 flood-detection tcp-flood threshold 1000 flood-detection udp-flood threshold 1000 scan-detection sensitivity medium scan-detection block-period 5 flood-detection block-period 5 ! idp signature rule 1 from-zone any to-zone LAN1 bind LAN_IDP activate ! idp signature rule 2 from-zone any to-zone LAN2 bind LAN_IDP activate ! idp signature rule 3 from-zone any to-zone DMZ bind DMZ_IDP activate ! idp anomaly rule 1 from-zone any to-zone LAN1 bind ADP_PROFILE activate ! idp anomaly rule 2 from-zone any to-zone LAN2 bind ADP_PROFILE activate ! idp anomaly rule 3 from-zone any to-zone DMZ bind ADP_PROFILE activate ! idp anomaly rule 4 from-zone any to-zone ZyWALL bind ADP_PROFILE activate ! anti-virus rule 1 activate no from-zone no to-zone scan http scan smtp scan pop3 scan ftp scan imap4 infected-action destroy infected-action send-win-msg no bypass white-list no bypass black-list file-decompression no file-decompression unsupported destroy log ! anti-virus update auto ! anti-virus update daily 0 ! no bwm activate ! policy controll-ipsec-dynamic-rules activate ! app SMTP defaultport 25 ! app POP3 defaultport 110 ! app SIP defaultport 5060 ! app HTTP defaultport 80 app HTTP defaultport 8080 app HTTP defaultport 3128 ! alg sip defaultport 5060 ! users retry-limit users retry-count 5 users lockout-period 30 ! users update-lease automation ! app-watch-dog activate ! htm phase 1 add all ! force-auth exceptional-service DNS ! force-auth default-rule authentication unnecessary no log ! no usb-storage activate no diag-info copy usb-storage ! no logging usb-storage ! logging system-log suppression logging system-log category forward-web-sites disable ! logging mail 1 category all level all ! logging mail 2 category all level all ! vrpt send interface statistics interval 15 vrpt send system status interval 15 vrpt send device information interval 3600 
No comments:
Post a Comment