|
Title: Can't split GREEN zone using VLANs Post by: ixe013 on Saturday 22 November 2014, 04:07:12 pm This is a fairly frequent question, but I have read every post about it and still can't figure it out.
I have Endian Community 3.0 running in my lab. I use it to reproduce a larger deployment for testing purposes. I start with 3 machines on the GREEN interface, static ip. They can connect to the Internet and I have set up rules that allow me to ssh from the RED interface to them. I have also set up access to Endian's GUI and SSH via the RED interface before, so I am not locked out. Now I want to split the GREEN. I would like to add 192.168.1.0/24 and 192.168.2.0/24 to the existing 192.168.0.15/24. Any IP/CIDR will do, as long as they are separate. So I created two VLANs, ran the network configuration Wizard, selected the VLAN as part of the green interface. Now machines that were on the GREEN interface can't connect to anything, not even Endian itself (192.168.0.15:10443 for example). What steps am I missing that will allow me to have multiple vlans in the GREEN zone? Here is the output in Status>Network status Code: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN Title: Re: Can't split GREEN zone using VLANs Post by: kieronrob on Saturday 22 November 2014, 05:03:13 pm Hi,
Please give this a try and post if it works: http://help.endian.com/entries/25391848-How-to-split-a-zone-in-sub-zones Title: Re: Can't split GREEN zone using VLANs Post by: ixe013 on Sunday 23 November 2014, 12:08:31 pm I wanted to try it, but I can't get past the requirement "Two or more subnets configured to the same zone (ex. 10.0.1.0/24 and 10.0.2.0/24 for GREEN Zone)".
Configuring subnets to the same zone is what I am trying to acheive. Isolation will come later. I have created vlan's but it is like no IP/CIDR are assigned to them. For starters, I would be happy if any host on any vlan would be able to ping the firewall... Title: Re: Can't split GREEN zone using VLANs Post by: kieronrob on Sunday 23 November 2014, 07:08:26 pm Hi,
Use the "network configuration" wizard under the system tab to add subnets on the green interface. Title: Re: Can't split GREEN zone using VLANs Post by: TheEricHarris on Tuesday 16 December 2014, 05:36:42 pm I have a layer 3 switch that handles the routing for my vlans. I just create a route for each vlan in Endian and point it to my l3 switch.
Title: Re: Can't split GREEN zone using VLANs Post by: soldolphin on Monday 22 December 2014, 01:25:41 pm Hi, ixe013!
I have same problem. My lab has three subnets, but i can't split their ranges. Did you resolve it? Title: Re: Can't split GREEN zone using VLANs Post by: TheEricHarris on Monday 22 December 2014, 02:12:07 pm Do yourself a favor, use Sophos or pfsense. This project is dead.
Title: Re: Can't split GREEN zone using VLANs Post by: mmiat on Monday 22 December 2014, 09:24:17 pm attention: subnets and vlans are different concepts and different technologies
Title: Re: Can't split GREEN zone using VLANs Post by: ixe013 on Wednesday 24 December 2014, 12:51:08 pm Thanks everybody, but I needed more help, the step-by-step with screen shots. I had already tried to "Use the network wizard" before posting. I acheived what I wanted to do with pfsense.
|