Draytek 2960 / VLAN Setup (Internet Access)

Soldato
Joined
18 Oct 2002
Posts
7,052
Location
Kuala Lumpur, Malaysia
I'm sure what I'm trying to do is relatively simple, however I haven't been able to get it to work.

We're using a Draytek 2960 router and I need to add a separate independent VLAN (port based) which can't access any other PCs on the network but should have internet access.

So far setup is as below :

LAN 1 = VLAN ID 10 = 192.168.100.xxx , default gateway 192.168.100.2 (the 2960 router)
All PCs etc. connect to each other fine, no problems.
LAN 2 = VLAN ID 20 = 192.168.200.xxx, PCs are getting IPs via DHCP OK, however no internet access.

What setting would I need to change to allow LAN 2 internet access?

I'm sure this is simple enough, however networking really isn't my strong point, and everything I've tried doesn't work :confused:

Thanks in advance :)
 
Devices on LAN2 can ping the Draytek on the LAN2 IP (192.168.200.1) but not on its LAN1 IP (192.168.100.2)

IP for Draytek on LAN2 is set to 192.168.200.1

I did look at static route after some brief research yesterday but couldn't figure out which values to use :p
 
If both VLANs have an interface in the subnet, and they get a DHCP address for the right subnet, then it could just be the firewall rules that need looking at (Allowing traffic out via LAN2 for example)Can the draytek ping a PC? (with its firewall off or icmp allowed to it)

Firewall rules are the same as for existing LAN1, so those seem fine.

Currently only one PC on LAN2, can be pinged OK from the router
 
PC on LAN1 can ping router on LAN1 IP, LAN2 can ping LAN2 IP.

I can't access the test PC any more as I'm doing this remotely and colleagues have gone home for the day - can only access the router for now (unless the test PC on LAN2 comes online on Teamviewer)

Yes subnet is 255.255.255.0/24

Tracert using router diagnostic to 8.8.8.8 has same results when using both LAN1 and LAN2.

This is routing table from diagnostics of router if that helps at all :

Zn1osek.png
 
I would look at the firewall logs to see if traffic from LAN2 is being blocked. I don't see anything wrong with the routing if it's all as described above. Was the tracert from the router or the clients?

You were correct - it was a firewall issue.

I didn't add the new IP range to the firewall rules :o

Thanks for the help, seems to be working now :)
 
Back
Top Bottom