Objective

Validate that the zWAN Gateway Router can:

• Create a tagged VLAN on a LAN interface and serve DHCP on that VLAN.
• Bridge a VLAN interface with another LAN interface (same L2 domain).
• Route between VLANs only when LAN↔LAN forwarding is enabled.

Prerequisites

• Admin access to zWAN Director UI.
• One z40 (branch) online in Director.
• Two test clients:
  • Client A (Windows or Linux) connected to a VLAN-aware switch trunk or an endpoint NIC that can tag VLANs.
  • Client B connected to an untagged access port for LAN01 (for the bridge test).
• Known LAN addressing for your default LAN (typically LAN00 untagged).
• (Optional) An external switch port configured:
  • Trunk carrying VLAN 20 (tagged) to z40 LAN00.
  • Access port for LAN01 (untagged).

Test 1 — Create VLAN on LAN00 and enable DHCP

A. Add VLAN (tagged) on LAN00

1. Director: Edge Controllers > [Device] > Network > Interfaces.
2. On the LAN00 card, click the ⋮ menu → Add VLAN.
3. In Add VLAN:
   • Tag: 20 (use any 1–4094 that fits your design).
   • Description: LAN00 VLAN 20.
   • Click Add.
     (You should now see LAN00 VLAN 20 listed under VLANs on that card.)

B. Add DHCP scope for the new VLAN

1. Go to Network > DHCP > Manage.
2. Click New Subnet.
3. In Available, choose the VLAN you just created (e.g., 10.10.64.0/255.255.255.0 (LAN00 vlan 20)).
4. Fill out the subnet details (example):
   • Network: 10.10.64.0
   • Netmask: 255.255.255.0
   • Default Gateway: 10.10.64.1 (z40 will own this on the VLAN interface)
   • DNS: as appropriate (e.g., 10.10.64.1 or your upstream resolver)
   • IP Range: 10.10.64.100 – 10.10.64.110 (or your preferred pool)
   • Lease timers as desired.
5. Click Create then Save Changes (if shown).

C. Validate DHCP & Internet reachability

• Wire the client:
  • Connect Client A to a switch trunk that tags VLAN 20 towards the z40 (or configure the client NIC to tag VLAN 20).
• On Windows (Client A):
  • ipconfig /release then ipconfig /renew
  • Confirm you receive an IP in 10.10.64.0/24, gateway 10.10.64.1, DNS as configured.
  • ping 10.10.64.1 (default gateway) → success
  • ping 8.8.8.8 (or another reachable IP) → success
  • nslookup amzetta.com (or any domain) → success
• On Linux (Client A):
  • ip addr (verify VLAN sub-interface or VLAN-aware port got address)
  • ping -c 3 10.10.64.1 and ping -c 3 8.8.8.8
  • dig amzetta.com (or nslookup) to verify DNS

Pass criteria

• Client A receives a DHCP lease from the VLAN pool and can reach the gateway and the Internet.

Test 2 — Bridge a VLAN to another LAN (same L2 domain)

A. Create a bridge

1. Director: Edge Controllers > [Device] > Network > Bridges → Create Bridge.
2. Description: test.
3. Interfaces: select LAN00 VLAN 20 and LAN01.
4. (Optional) Tune STP/bridge timers if needed; leave defaults for POC.
5. Click Create. The bridge card will show its IP (e.g., 10.10.64.1) and members.

B. Validate L2 connectivity across ports

• Connect Client B to LAN01 (untagged).
• Give Client B a DHCP lease by enabling DHCP on the bridged subnet if not already active:
  • If you created the DHCP scope in Test 1 on the VLAN interface, it will also serve clients on the bridge (same broadcast domain).
• Verify on Client B:
  • Gets an IP in 10.10.64.0/24, gateway 10.10.64.1.
  • ping Client A’s IP (should succeed—same VLAN/L2 domain).
  • arp -a (Win) / arp -n (Linux) shows the peer’s MAC.

Pass criteria

• Clients on LAN00 VLAN 20 and LAN01 are in the same L2 domain (can ARP each other and communicate without routing).

Test 3 — Inter-VLAN routing behavior & forwarding controls

Note: Default LAN is LAN00 (untagged). Inter-VLAN routing only occurs when LAN↔LAN forwarding is enabled.

A. Prepare a second VLAN (optional quick check)

• Repeat Test 1 with VLAN 30 on LAN00 and give it a distinct DHCP scope (e.g., 10.10.30.0/24).

B. Check forwarding toggles

1. Director: Network > Router > Routes.
2. At the top, review Forwarding toggles:
   • LAN ↔ LAN must be ON for inter-VLAN routing.
   • WAN ↔ LAN governs WAN reachability; keep ON for Internet testing.

C. Validate routing on/off

• With LAN ↔ LAN OFF:
  • Place Client A on VLAN 20 and Client B on VLAN 30.
  • ping between clients should fail (no inter-VLAN routing).
• Turn LAN ↔ LAN ON:
  • ping between clients on VLAN 20 and VLAN 30 should now succeed (L3 routing through the z40).

Pass criteria

• Inter-VLAN traffic follows the LAN↔LAN forwarding toggle as expected.

Troubleshooting / Tips

• No DHCP on VLAN clients
  • Ensure the DHCP scope was created for the VLAN (selected from the “Available” dropdown when adding the subnet).
  • Confirm the switch port to the z40 is a trunk carrying the VLAN tag; client port must be access (untagged) for bridged interface or tagged if NIC is tagging.
• Clients can’t talk across VLANs
  • Check LAN ↔ LAN toggle under Router > Routes.
  • Verify clients are actually in different subnets and have the z40 as default gateway.
• Bridge not passing traffic
  • Confirm the bridge members are the intended interfaces (e.g., LAN00 VLAN 20 and LAN01).
  • If you use STP on upstream switches, avoid topology loops; enable the bridge’s STP toggle if needed.
• Quick client commands
  • Windows: ipconfig /all, arp -a, ping <ip>, tracert <ip>
  • Linux: ip addr, nmcli dev show, arp -n, ping -c 3 <ip>, traceroute <ip>

Clean-Up

• DHCP: remove the VLAN scopes you created.
• Bridges: Network > Bridges → ⋮ → Remove Bridge.
• VLANs: Network > Interfaces → on the parent interface ⋮ → (Manage/Remove VLAN) as applicable.

Validation Summary

• VLAN creation and DHCP on tagged VLAN confirmed.
• Bridge successfully places VLAN and LAN interfaces into the same L2 segment.
• Inter-VLAN routing adheres to LAN↔LAN forwarding control.