Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: Iam_TJ on August 03, 2017, 01:30:59 PM

Title: Zyxel VMG8924 / VMG8324 - How To configure Isolated local VLANs
Post by: Iam_TJ on August 03, 2017, 01:30:59 PM
I've had Zyxel VMG8324-B10A and VMG8924-B10A devices since 2013. As well as hacking on their software I also use one as my primary VDSL gateway on the end of an approximately 1.95km copper line from the nearest OpenReach cabinet. The original BT-supplied VDSL modem (HG612 I think) could only sync for incoming (downstream) at around 7Mbps. These Zyxel's sync above 10Mbps. At these distances every little helps! However, I digress.

Starting with the first firmware version I was able to configure and operate 2 separate internal VLANs - the default and a management VLAN (id 99). I configured the WAN Ethernet port as a 5th LAN port, added the VLAN id and tag, and configured a separate IP subnet via the LAN Setup page.

I upgraded the firmware pretty regularly as newer releases were published and the VLANs continued to work. Then, in late 2015, after upgrading to version 15 the device lost the separate VLAN ability. Despite extensive investigation I couldn't figure out what had changed but had other priorities and left it.

Until this past week when I upgraded the device to version 18 and was irked by still not having the separate VLAN function. I raised a suppport ticket with Zyxel (which they have escalated) and set about figuring out a solution.

The original loss of functionality when version 15 was released seems to have coincided with the moving of the LAN VLAN settings page from being a Home Networking tab, to being a separate sub-menu of the Network Setting menu. The user guides (V1.00 dated 2013 and V2.00 dated 2015) document this move but nothing else regarding VLAN settings.

Today I finally figured out why it failed and a (manual intervention) step to have it work once more  :fingers:

I'm documenting the steps here both for others and as an aide-memoire in case I forget!

Pre-requisites:

0. This assumes the VDSL interface is the active outgoing connection. If using ADSL, or Ethernet WAN, then you'll need to modify the steps below to use an unused WAN interface in the Interface Group.

Code: [Select]
> sh
brctl show
brctl addif br1 eth4.99
brctl delif br1 eth4
exit
Note: if the device is rebooted you'll need to repeat this step as there's no way I've found so far to save this change so that it is applied at boot-time.

Now configure another device on the 5th Ethernet port (mine is connected to a 48-port switch) in the VLANs sub-net, ensure that device can already ping other devices in the VLAN, then try pinging the IP address of the router (e.g. ping 10.254.0.254 in my case).

You can apply this solution to use another Ethernet port, it doesn't require using the 5th Ethernet port, but I use it because it is already logically and colour-code separated from the other LAN ports.
Title: Re: Zyxel VMG8924 / VMG8324 - How To configure Isolated local VLANs
Post by: burakkucat on August 03, 2017, 04:01:17 PM
Thank you for documenting those details.  :)
Title: Re: Zyxel VMG8924 / VMG8324 - How To configure Isolated local VLANs
Post by: Iam_TJ on September 08, 2017, 10:51:40 AM
I've finally had a response from Zyxel on this and it turns out there is a way to configure a VLAN using the web interface that will be saved in the configuration. It's obscure and not entirely obvious it will be the result of the steps but it is simple to do.
Code: [Select]
~ # brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.28285d077608       no              eth0.0
                                                        eth1.0
                                                        eth2.0
                                                        eth3.0
                                                        wl0
                                                        wl1
                                                        eth4.0
br1             8000.28285d077608       no              eth4.99
Title: Re: Zyxel VMG8924 / VMG8324 - How To configure Isolated local VLANs
Post by: soydemadrid on November 27, 2017, 08:21:52 PM
Hi I followed your guide but I seem to be missing something here as I just can't get this to work. I wondered if you or others may be able to help  ;D

Basically I did all your steps and I'm using adsl as my connection, with a vdsl there not being used but active (wanETH I had to delete in order to enable wan as a 5th ethernet port).

So after setting all this up I plugged a device into the wan port which then (as far as I can work out) should be on the newly defined ip range rather than the default (192.168.1.x)

BUT, no matter how much I reboot the device or the router it is just designated with an ip in the default range and not one from the vlan...

I don't get it at all. Does vlan required a managed switch to work or something? I thought the Zyxel could just use the specified ports to put devices on their own subnets?

I even tried setting the device with its MAC address in Static Route settings to give it a vlan range IP address but again when I ifconfig on the device it reports back as 192.168.1.x again!