Announcement

Collapse
No announcement yet.

Draytek Vigor 2830 VLAN Routing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Draytek Vigor 2830 VLAN Routing

    I have setup 2 VLANs and would like both to be connectable via separate WiFi and for VLAN1 traffic to only access VLAN0 to use the default gateway and not see any other devices on VLAN0.

    VLAN0 (Subnet LAN1) - 192.168.1.x is contactable via WiFi (SSID1), and is connected via a cable to the default gateway 192.168.1.254 on physical Port1

    VLAN1 (Subnet LAN2) - 192.168.2.x which can be connected via WiFi (SSID2)

    I have set Inter LAN routing between LAN1 and LAN2

    When logging onto VLAN0 I get a correct address and can talk to the internet via the gateway 192.168.1.254

    On VLAN1 I get an address on the 192.168.2.x range and have a default gateway as 192.168.2.1 and can ping 192.168.2.1 and 192.168.1.1 but cannot get to 192.168.1.254

    Is this due to the gateway (192.168.1.254) not being able to talk back to the 192.168.2.x range?

    How do I set a route to the default gateway of 192.168.1.254 from the 192.168.2.x range?

    Thanks really appreciate any help.

  • #2
    The default gateway is the single address used for a device to communicate to any network other than it's own. This means that, for your VLAN1 (Subnet LAN2), the default gateway will be the address on the Draytek for VLAN1 clients to talk to anything not also in VLAN1. In your case, the default gateway for VLAN1 is 192.168.2.1. The IP of 192.168.1.254 is in VLAN0 (Subnet LAN1), so if VLAN1 clients can hit any IP in VLAN0 already, they should be able to get traffic to the (assumed WAN port) of 192.168.1.254. I'm guessing that your device at that IP itself doesn't know where the VLAN1 subnet is, and so no return traffic is going back to VLAN1. To confirm, it would help to have a bit more info, such as which WAN config you're using on the Vigor, and what type of device is at that last IP. Got any drawings handy??
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      The Vigor box and my internet box are joined with a cable
      both in the LAN not WAN

      The router on 192.168.1.254 is the internet connection via Fibre

      I guess the router isnt aware of traffic on the 192.168.2.x subnet to send traffic back

      sound right?

      Comment


      • #4
        If the router holds the address of 192.168.2.1, then it should be able to route into and out of that VLAN, because it holds a leg in that VLAN subnet. If your internet device IS your router for all subnets, then it has to know how to find this VLAN if it doesn't hold the gateway address of that subnet. I'd still like to see a diagram that shows which IPs on which devices for your setup. Is the Vigor device your router, or is the WAN device?
        *RicklesP*
        MSCA (2003/XP), Security+, CCNA

        ** Remember: credit where credit is due, and reputation points as appropriate **

        Comment


        • #5
          Broadband Connection via WAN
          Broadband router LAN address is 192.168.1.254
          DHCP server giving addresses 192.168.1.100-200
          Gives clients Default Gateway of 192.168.1.254

          Draytek Router connects to Broadband Connection via LAN cable
          Draytek LAN address is 192.168.1.1 and 192.168.2.1 for 2 Wireless VLAN0 and VLAN1
          DHCP server for address 192.168.1.10-100 and 192.168.2.10-100

          VLAN0 gets address from Draytek
          Default Gateway is 192.168.1.1

          VLAN1 gets address from Draytek
          Default Gateway as 192.168.2.1

          Does this help?

          If I turn DHCP off for the DRAYTEK the clients in the VLANs pick up an IP address from the Broadband Connection DHCP server (192.168.1.100-200) and therefore a default gateway of 192.168.1.254 and can access the internet

          Thanks
          Am

          Comment


          • #6
            So you're using 2 different routers in this configuration, with 3 DHCP scopes between them. And if both DHCP scopes in the Draytek are disabled so that only your Broadband router's DHCP is used, everything works. Sounds like your b'band router doesn't know how to get to Vlan1. It is almost certainly receiving traffic from Vlan1 to go out to the Internet, but if it doesn't have a routing statement to tell it how to talk to Vlan1 addresses, it won't know where to direct the web responses. You'll have to configure the routing statement to say something like: 'to get to 192.168.2.0/24, using 192.168.1.1', using whatever commands are correct for the model of router for your WAN access.

            This whole thing would be a lot simpler if you used the Draytek as the sole routing device and WAN endpoint. Reading it's specs makes it sound like it's an all-singing/all-dancing device, so you shouldn't need another router in the house. But without knowing the make/model of that b'band device, I think we've gone as far as we can with this. As far as blocking devices from seeing anything on Vlan1 except the gateway portal itself on Vlan0, that would be down to access rules inside the Draytek. What does their manual tell you?
            *RicklesP*
            MSCA (2003/XP), Security+, CCNA

            ** Remember: credit where credit is due, and reputation points as appropriate **

            Comment

            Working...
            X