Change Management VLAN ID on WAX610D disrupts SSID in VLAN1
Options
Niels2021
Posts: 7
For an existing network I'm implementing a bunch of WAX610D(30 pieces) with controller on Flex 500. On the Flex 500 I've configured VLAN88. There are 2 SSID's:
- Internal LAN with VLAN tag 1
- Guestnetwork with VLAN tag 88 with only internet access
So far so good everything works, guestnetwork works fine. But to save IP addresses and to make it a bit cleaner, I want to put the Access Points themselves on a different VLAN. So I created VLAN99 with DHCP enabled.
When I change Management VLAN ID on the access points to 99, they get the IP from VLAN99, so that's fine and I can access them. So security policy on firewall is ok. My Guestnetwork on VLAN88 also keeps working. But the SSID for internal LAN which is on VLAN1 then fails to work. Clients are not able to receive IP adresses and also with static IP address I have no network access anymore.
I thought then, I have to turn off "As Native VLAN", after that the whole party is over and I'm not able to access and the network and the access point.
In my eyes I thought this would be simple, but it turns out I'm out of options and don't know how to resolve the problem.
Keep in mind that I want to keep the default network with VLAN1, I don't want to change the whole network just for just management IP addresses.
Any idea's?
0
Accepted Solution
-
Hi Neil,
The reason why devices fail to get IP when connecting to VLAN1 SSID is about the misconfiguration on the VLAN Tag.
By default, AP(and all other network devices) use VLAN1 as management VLAN, a the traffic in VLAN1 is untagged(general default setting), meanwhile traffic in other VLAN (e.g.: VLAN88) should be tagged with corresponding ID, so that each device is able to process the VLAN traffic correctly.
Back to the issue itself, when you change the management VLAN of AP into VLAN99, In order to let AP correctly process the traffic within the VLAN 1 SSID(wireless network) and the Ethernet, you also need to set the traffic in VLAN1 to be tagged with ID=1, from the switch to AP.
As for the least effort configuration change, please set the port to be tagged out VLAN1 on the switch. On Zyxel Switch, the directory is at [Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup > Select VID=1 > Set ports where AP connects as Tx Tagging]
Best Regards,
Richard0
Zyxel Employee
All Replies
-
Hi Neil,
The reason why devices fail to get IP when connecting to VLAN1 SSID is about the misconfiguration on the VLAN Tag.
By default, AP(and all other network devices) use VLAN1 as management VLAN, a the traffic in VLAN1 is untagged(general default setting), meanwhile traffic in other VLAN (e.g.: VLAN88) should be tagged with corresponding ID, so that each device is able to process the VLAN traffic correctly.
Back to the issue itself, when you change the management VLAN of AP into VLAN99, In order to let AP correctly process the traffic within the VLAN 1 SSID(wireless network) and the Ethernet, you also need to set the traffic in VLAN1 to be tagged with ID=1, from the switch to AP.
As for the least effort configuration change, please set the port to be tagged out VLAN1 on the switch. On Zyxel Switch, the directory is at [Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup > Select VID=1 > Set ports where AP connects as Tx Tagging]
Best Regards,
Richard0
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 78 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
