Switch - Configure Two ISPs in One Switch

A business may need to connect two different ISPs to the same switch. This connection option can be helpful for both single-firewall and dual-firewall configurations using HA Pro mode. In our example, we will consider a configuration with two firewalls that work in HA Pro mode.  
mceclip0.png

1. HA Pro Setup

2. Switch Setup

3. Firewall Setup 

 

1. HA Pro Setup

In our example, we first configured HA Pro mode on our devices. To configure HA Pro mode, use the article in our database: Firewall - Configure Device HA Pro

2. Switch Setup

Note: Before you begin, ensure that you have the necessary login credentials and access to the Zyxel Switch's web interface.

1) Login to the Switch Web Interface: Open a web browser and enter the IP address of your Zyxel Switch to access its web interface. Enter your login credentials to log in.

2) Navigate to VLAN Setup:

a. Once logged in, navigate to the "SWITCHING" menu.

b. Under "VLAN," select "VLAN Setup" and then choose "Static VLAN."

3) Add VLAN100: a. Click on "Add/Edit" to add a new VLAN. b. Fill in the following details for VLAN100:

      • Activate the VLAN with the "Active" slider
      • Name: Choose a suitable name (e.g., VLAN100).
      • VLAN Group ID: 100
      • Control: Fixed c. Tagging:
      • Untick the "Tx Tagging" box for ports 2, 3, and 4 (ISP1 and firewall connection).
      • Then click "Apply."

4) Add VLAN200: a. Click on "Add/Edit" again to add another VLAN. b. Fill in the following details for VLAN200:

      • Activate the VLAN with the "Active" slider
      • Name: Choose a suitable name (e.g., VLAN200).
      • VLAN Group ID: 200
      • Control: Fixed c. Tagging:
      • Check the "Tx Tagging" box for ports 5, 6, and 7 (ISP2 and firewall connection).
      • Leave the "Tx Tagging" box unchecked for the ports you want untagged (e.g., ports 1, 4). d. Click "Apply."

5) Set PVID for VLAN100 Ports:

a. Navigate to "VLAN Port Setup."

b. Set the PVID to 100 for ports 1, 2, and 3. These are the untagged ports for VLAN100 (ISP1).

c. Set the PVID to 200 for ports 5, 6, and 7. These are the untagged ports for VLAN200 (ISP2).

d. Click "Apply."

 

6) Save Configuration: a. After making all the changes, navigate to the "System" menu. b. Click on "Maintenance" and then select "Save Configuration." c. Confirm the action to save your configuration settings. This step is crucial to retain your changes after a switch reboot.

7) Disable VLAN1 on ISP Ports: a. Go back to the "SWITCHING" menu and select "VLAN Port Setup." b. For ports 2, 3, 5, and 6 (ISP ports), uncheck the box for "VLAN1" to disable VLAN1 on these ports. This prevents accidental connections to other ports. c. Click "Apply."

 

Your Zyxel Switch is now configured with two ISPs using VLANs. The ports connected to the ISPs and the firewall are tagged with the respective VLAN IDs, while the untagged ports are assigned to the appropriate VLANs using PVID settings. Don't forget to save your configuration to ensure your settings are retained.

We used the GS1920 switch in our example, but you can use any other Zyxel switch that supports VLAN.  

Enter the web GUI:

 

Then navigate to:

SWITCHING > VLAN > VLAN Setup 

- Check mark in the "ACTIVE" field
- Set a friendly name in the "Name" field
- Specify the VLAN GroupID for one of the providers

In our case, 3 ports are needed for each provider. One incoming for the ISP and 2 outgoings, one for each firewall.
- Select ports 2, 3, and 4 as Fixed and no tag is needed. All other ports switch to "Forbidden".
- Click “
Add”.

Now we need to create a VLAN for our second ISP.

Now we need to specify the PVID for our VLANs. 
Menu > Advanced Application > VLAN > VLAN Configuration > VLAN Port Setup.
- Set port 2,3,4 as PVID=
100 (VLAN 100) and port 5,6,7 as PVID=200 (VLAN 200).
- Click "Apply"

After making all the changes, be sure to click "Save". If this is not done after rebooting the switch, the changes will not be saved.


It is recommended to disable VLAN1 on the ports we used for VLAN100(ISP1) and VLAN200(ISP2). This will protect you from accidental connections to other ports of the switch. 

 

3. Firewall Setup

Now we need to configure WAN1 and WAN2 on our firewall. Since our firewalls work in HA Pro mode, all settings need to be done only on the active device. Then the settings are automatically copied to the passive device. Depending on how your ISP will issue an IP address, static or by DHCP, you will need to make the appropriate settings. In our case, we have static IP addresses. 

Enter the web GUI and go to 
Configuration ⇾ Network ⇾ Interface ⇾ Ethernet



- Enter the necessary data for your connection, IP, mask and gateway of your ISP.

- Click "OK".

 

4. Switch Setup (Legacy GUI) 

We used the GS2220-10HP switch in our example, but you can use any other Zyxel switch that supports VLAN.  

Enter the web GUI and go to  Menu > Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup

- Check mark in the "ACTIVE" field
- Set a friendly name in the "Name" field
- Specify the VLAN GroupID for one of the providers

In our case, 3 ports are needed for each provider. One incoming for the ISP and 2 outgoings, one for each firewall.
- Select ports 2, 3, and 4 as Fixed and no tag is needed. All other ports switch to "Forbidden".
- Click “
Add”.

Now we need to create a VLAN for our second ISP.

Now we need to specify the PVID for our VLANs. 
Menu > Advanced Application > VLAN > VLAN Configuration > VLAN Port Setup.
- Set port 2,3,4 as PVID=
100 (VLAN 100) and port 5,6,7 as PVID=200 (VLAN 200).
- Click "Apply"

After making all the changes, be sure to click "Save". If this is not done after rebooting the switch, the changes will not be saved.


It is recommended to disable VLAN1 on the ports we used for VLAN100(ISP1) and VLAN200(ISP2). This will protect you from accidental connections to other ports of the switch. 

 

 

Articles in this section

Was this article helpful?
5 out of 6 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.