VLAN 333 as native vlan/ lan1 with SSID
i want to use vlan id 333 as native vlan. All ports in switch (HP 1820-48G Switch J9981A) are untagged in vlan333. The gateway zyxel flex 200 has a lan1 interface with no vlan tag and is correctly
connected to vlan333 because the usg port ist untagged in vlan333.
Now i want to open a ssid with a zyxel nwa110ax for lan1 (vlan333). the nwa110ax is also untagged in vlan333 at switch. In nebula the pvid is set to 333, but i have to insert a vlan id in ssid settings.
How can i add a ssid for my native vlan / lan1 without a vlan tag?
Thanks!
All Replies
-
Can you share the network topology diagram to us? That can help us understand your situation. BTW, if you need us to check the Nebula configuration, you can enable "Invite Zyxel support as administrator"(as below steps) and tell us your Nebula org and site name to us via private message, thanks.
To navigate to "Help: -> "Support request"
To enable "Invite Zyxel support as administrator".
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
Hi @Zyxel_Jeff,
sure :-)
Topology:
Firewall:
Zyxel USG Flex 200
Switch:HP 1820-48G Switch J9981A
TP-Link TL-WR1043ND v1 with OpenWRT 19.07
Access Point:
Zyxel NWA110AX
Thanks!0 -
Hi @baba
Below is your current topology:
If you want to change to the below topology:
Please configure switches that just forward packets between NWA 110AX APs and USG Flex200 without VLAN tags then set the VLALN ID 1 on the Zyxel NWA 110AX APs, as below:
Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
Hi @Zyxel_Jeff!
Two Problems:
1. Switches does not support forward
2. It is recommended not to use vlan1 (vlan hopping, etc.)
Do you have any other solution?0 -
Baba, I hope that my thougts will help you.
Any vLAN capable port can support only one untagged vLAN and several (depending on device) tagged vLAN ports.
If untagged, any "non vLAN instructed" device will consider that as the only ethernet traffic, but it won't be able to forward tagged data to other ports.
Also
For manage the APs, if they are managed by USGFlex 200, the APs should receive all the vLAN needed plus one, the one used for dialoge to USGFlex 200 and manage it. In a USG40+NWA-5124, the APs receives three networks.
-Untagged LAN1 traffic.
-VLAN3, used for one wireless subnet
-VLAN4, used for another wireless subnet.
vLAN3 and vLAN4 are defined into USG40, the non-POE switch used as core switch (which receives into partition the untagged traffic, plus a specific port with untagged, vLAN3, vLAN4) and a PoE switch that powers on both NWA-5124, still receiving all three networks.
vLAN3 and vLAN4 are forwarded to SSIDs
untagged network is used only for management of the AP.
0 -
Hi @baba,The previous topology that I mean is the switch does nothing and directly forwards the Zyxel native valn1 traffic to USG Flex 200’s lan interface.However, based on your current environment you still need to inset vlan333 on the AP and be untagged on switches, so cannot without vlan tag on the AP.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight