topic Re: Route Default GW not via WAN interface but via sub-vlan interface in Spark Firewall (SMB)

Route Default GW not via WAN interface but via sub-vlan interface

mrknthny — Fri, 19 Aug 2022 01:22:17 GMT

Hi All, hope someone can help me.

I am having a setup to configure trunk on an interface (either WAN or LAN). But this interface need to be configured as trunk and create sub-vlan interfaces. To put simply, say

LAN 1

LAN1.2 (vlan 2): 192.168.29.0/24

LAN1.3 (vlan 3): 192.168.30.0/24

Then say, I want to create the default route via LAN1.2. Is there a way I can do that?

If I create LAN1 as internet, it doesnt allow me to create sub-interfaces. If i create LAN1 as normal LAN port and create sub-vlan interfaces, it knows that the WAN (default) should have the default route since it is the internet gateway.

I am using SMB device 1450 series in cluster.

If there is no way, then i guess I will just use two interfaces on my device, one WAN and one LAN.

Thank you.

Re: Route Default GW not via WAN interface but via sub-vlan interface

Chris_Atkinson — Mon, 22 Aug 2022 03:58:20 GMT

Have you tried the configuration on the DMZ port?

Re: Route Default GW not via WAN interface but via sub-vlan interface

mrknthny — Fri, 19 Aug 2022 14:55:26 GMT

Hi Chris,

thank you for replying. I have not tried yet. As I tried on port WAN and LAN ports but just wouldn't work. May I know if you have tried the setup before? I will give your suggestion a try. Thank you.

Re: Route Default GW not via WAN interface but via sub-vlan interface

AngelettaA — Sat, 20 Aug 2022 18:28:33 GMT

On Gaia Embedded You must have the default GW on the WAN interface or a bond interface that contains the WAN interface.

I also faced a topology like yours, and there was no way to make it work properly, if there is no link up on the WAN interface even the IPS will not work for you, you can check it with the command "ips stat "

Re: Route Default GW not via WAN interface but via sub-vlan interface

mrknthny — Sun, 21 Aug 2022 00:54:06 GMT

Hi AngelettaA,

thank you for your response. Agree. But It doesnt necessarily need to be on a Wan interface. We can use a Lan interface as long as you set the lan interface as the internet it will use that as the interface for default gateway. But the problem happens when I need to trunk the interface, it wont allow me to use any sub-interface as a route for default gateway. Port only needs to be a normal wan/lan port.

Re: Route Default GW not via WAN interface but via sub-vlan interface

Chris_Atkinson — Mon, 22 Aug 2022 04:03:54 GMT

Note Bond interfaces are not supported on 1400 series appliances per sk114217.

Re: Route Default GW not via WAN interface but via sub-vlan interface

Chris_Atkinson — Mon, 22 Aug 2022 04:06:48 GMT

To be clear your requirement is not only to have the Internet over a VLAN but also on the same single (trunk) port as the Internal networks?

I don't believe the Web UI allows such a configuration but will test via CLI and update here.

Re: Route Default GW not via WAN interface but via sub-vlan interface

mrknthny — Mon, 22 Aug 2022 04:07:14 GMT

Hi Chris,

i have not yet, only tried on WAN and LAN interfaces so far (which havent worked obviously) but am keen to give this (DMZ) a try tomorrow and will update you. Once i have configured this, do i need to configure manual default route? or will it be automatically created based on which vlan i want to be routed as the internet gateway?\

Cheers!

Mark

Re: Route Default GW not via WAN interface but via sub-vlan interface

mrknthny — Mon, 22 Aug 2022 04:17:13 GMT

Yes correct Chris. On the same single (trunk) port i will configured one vlan to route over internet and one other vlan as internal network. I know this can be easily done with making 2 separate physical interfaces one (WAN) and one (LAN). But just want to confirm first if there is a way to make this setup or not? because if there is no way then i will go to the original plan to use 2 physical interfaces instead. just to note i am using SMB device 1450 on a cluster.

Please let me know how it goes then.

thank you.

Re: Route Default GW not via WAN interface but via sub-vlan interface

Chris_Atkinson — Mon, 22 Aug 2022 06:29:05 GMT

From my testing this isn't possible, both the Web UI and CLI block the configuration of Internet+LAN as VLANs together on a single port.

Re: Route Default GW not via WAN interface but via sub-vlan interface

mrknthny — Mon, 22 Aug 2022 07:08:20 GMT

Hi Chris,

Basing on your testing, i will conclude then that it is not possible to create a trunk on any interface of an SMB appliance to use as both Internet + LAN. I will proceed then to configure individual interfaces one on WAN and another on LAN for my requirement. I appreciate your help taking time to check on this.

Cheers!

Mark

Re: Route Default GW not via WAN interface but via sub-vlan interface

AngelettaA — Mon, 22 Aug 2022 11:39:36 GMT

regardless of the SMB Series, it is precisely on Gaia Embedded that the default can be inserted on the WAN interface or on a bond that contains the WAN interface.

Re: Route Default GW not via WAN interface but via sub-vlan interface

Maarten_Sjouw — Tue, 23 Aug 2022 06:38:33 GMT

The problem with embedded and default route is that it can only be set on a WAN interface, but there is a simple way around it.

Set 2 routes: 0.0.0.0/1 (mask 128.0.0.0) to your nexthop and 128.0.0.0/1 to the nexthop.

Re: Route Default GW not via WAN interface but via sub-vlan interface

faridb — Thu, 07 Dec 2023 09:21:19 GMT

Hi Maarten ,

Can you confirm this workaround could work ?

what if we use a bond with the WAN interface that will be not used ?

Farid