VLAN 333 as native vlan/ lan1 with SSID

baba
baba Posts: 72
First Comment Friend Collector
 Ally Member
Hi,

i want to use vlan id 333 as native vlan. All ports in switch (HP 1820-48G Switch J9981A) are untagged in vlan333. The gateway zyxel flex 200 has a lan1 interface with no vlan tag and is correctly
connected to vlan333 because the usg port ist untagged in vlan333.

Now i want to open a ssid with a zyxel nwa110ax for lan1 (vlan333). the nwa110ax is also untagged in vlan333 at switch. In nebula the pvid is set to 333, but i have to insert a vlan id in ssid settings.

How can i add a ssid for my native vlan / lan1 without a vlan tag?

Thanks!

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 517
    50 Answers First Comment Friend Collector Second Anniversary
     Guru Member

    Can you share the network topology diagram to us? That can help us understand your situation. BTW, if you need us to check the Nebula configuration, you can enable "Invite Zyxel support as administrator"(as below steps) and tell us your Nebula org and site name to us via private message, thanks.

    To navigate to "Help: -> "Support request" 


     To enable "Invite Zyxel support as administrator".



  • baba
    baba Posts: 72
    First Comment Friend Collector
     Ally Member
    Hi @Zyxel_Jeff,

    sure :-)

    Topology:


    Firewall:
    Zyxel USG Flex 200

    Switch:
    HP 1820-48G Switch J9981A
    TP-Link TL-WR1043ND v1 with OpenWRT 19.07

    Access Point:
    Zyxel NWA110AX

    Thanks!

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 517
    50 Answers First Comment Friend Collector Second Anniversary
     Guru Member

    Hi @baba

    Below is your current topology:


    If you want to change to the below topology:


    Please configure switches that just forward packets between NWA 110AX APs and USG Flex200 without VLAN tags then set the VLALN ID 1 on the Zyxel NWA 110AX APs, as below:


     Thanks.

  • baba
    baba Posts: 72
    First Comment Friend Collector
     Ally Member
    Hi @Zyxel_Jeff!

    Two Problems:
    1. Switches does not support forward
    2. It is recommended not to use vlan1 (vlan hopping, etc.)

    Do you have any other solution?
  • mMontana
    mMontana Posts: 1,073
    1000 Comments 25 Answers Friend Collector Third Anniversary
     Guru Member
    Baba, I hope that my thougts will help you.
    Any vLAN capable port can support only one untagged vLAN and several (depending on device) tagged vLAN ports.
    If untagged, any "non vLAN instructed" device will consider that as the only ethernet traffic, but it won't be able to forward tagged data to other ports.
    Also

    For manage the APs, if they are managed by USGFlex 200, the APs should receive all the vLAN needed plus one, the one used for dialoge to USGFlex 200 and manage it. In a USG40+NWA-5124, the APs receives three networks.
    -Untagged LAN1 traffic.
    -VLAN3, used for one wireless subnet
    -VLAN4, used for another wireless subnet.

    vLAN3 and vLAN4 are defined into USG40, the non-POE switch used as core switch (which receives into partition the untagged traffic, plus a specific port with untagged, vLAN3, vLAN4) and a PoE switch that powers on both NWA-5124, still receiving all three networks.
    vLAN3 and vLAN4 are forwarded to SSIDs
    untagged network is used only for management of the AP.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 517
    50 Answers First Comment Friend Collector Second Anniversary
     Guru Member
    Hi @baba,

    The previous topology that I mean is the switch does nothing and directly forwards the Zyxel native valn1 traffic to USG Flex 200’s lan interface.
    However, based on your current environment you still need to inset vlan333 on the AP and be untagged on switches, so cannot without vlan tag on the AP. 

Nebula Tips & Tricks