How to setup a multiple SSID with ZyWall-110 and WAX610D?

JBUL

Hi,

I have for some time tried to set up a Guest network using my ZyWall-110 and two WAX610D (both controlled via the ZyWall) but not succeeding. I have for a long time been running a single SSID based solution, however, I need to separate the network now. Here is what I have done:

1. Created an internal VLAN (vlan10) based on LAN1 using an IP 192.168.10.1 and  mask 255.255.255.0 also defined a DHCP (in the VLAN setup) with a pool of 20 addresses starting from 192.168.10.100
2. Created a new SSID object using vVLAN10 and also created the corresponding security/encryption using wpa2/auto
3. Created a zone object for lan10
4. Updated my AP-group with the new SSID object
5. Defined a policy to allow lan10 (no restrictions yet)
6. Reboot of the ZyWall and both WAX610D

 

Here is what happens a client detects the new SSID and it can be associated with it connects but without IP so in logs from DHCP (ZyWall) there is no sign of any IP assignments logs from the WAX610D shows that the station is associated and then dropped because of reason1. My questions are:

1. Is there an adequate description how to set up a multiple SSID with the ZyWall-110 as controller and (preferably using WAX610D) so far I have not been able to find a good match.
2. Do I need to create a VLAN pool in some other place than in the VLAN setup?
3. Do I need to reserve address space in the LAN1 DHCP (now 192.168.1.1 / 255.255.255.0 perhaps -> (not a good solution) 255.255.240.0)?
4. Specific requirements on switches between AP and FW?

 

Best regards

/Ulf

JBUL

Thanks for the very detailed answer. The steps taken in you answer is what I have done. However, the GUI you are using suggest that is a different HW, than mine (Yous seems to have a built-in AP my ZyWall-110 does not have a built-in AP it controls two external APs). For example the AP Group in my device do not have the green circles with a white plus inside. So when I add a SSID I have to create it from
Configuration >> Object  >> AP Profile >> SSID
And the GUI dialog looks the same as yours.

One thing that bothers me with my GUI is that in the AP Group (Configuration >> AP management >> AP group) at the section port settings the model specific setting always shows nwa5301-nj. In case I set it to wax610d and ok the dialog then next time I edit the profile the model specific Setting is back on nwa5301-nj. In addition, under Port Setting > VLAN Configuration I have added vlan10 using VID = 10 using Tx tagging yes for both Model Specific Settings (nwa5301-nj and wax610d).

and


Reading your post and after writing the above I checked the switches (mine are not Zyxel) and discovered two issues.

1) In the paths to the APs I had to configure VID 10 and tag-ports related to the paths. This helped for one of the APs.
2) The second AP were powered by a PoE+ switch that don't support VLAN, I will replace it.

Thanks for your post you helped with several of my questions. The problem was not my Zyxel devices but rather the switches.

/Ulf 

Zyxel_Judy

Hi there,

This guide will show you how to set up a multiple SSID with the ZyWall-110 as controller and AP (preferably using WAX610D) with VLAN10 for example.

Set VLAN10 on your ZyWall-110 by going to Configuration >> Network >> Interface >> VLAN.

In your step 1, I did not see you mentioned about configure VLAN ID = 10. Please double-check this issue.

You don’t need to reserve address space in the LAN1 DHCP and don’t need to create a VLAN pool in some other place than in the VLAN setup.
For DHCP Setting, besides the First DNS Server as ZyWALL, you also can choose Custom Defined as 8.8.8.8 for the Second DNS server.

Configure SSID VLAN ID = 10 by going to Configuration >> Wireless >> AP management >> AP group, click to your AP group.

SSID profile > Add

Type the information and VLAN ID = 10

Verification: Clients will get VLAN10 IP when connecting to this SSID.

If there is a switch between AP and GW, there is no specific requirement. You just go to Switch GUI and check 2 places below.

Advanced Application > VLAN > VLAN configuration > VLAN Port Setup

Advanced Application > VLAN > VLAN configuration > Static VLAN Setup

Note that: You don’t need to reboot your ZyWall and both WAX610D.

JBUL

Thanks for the very detailed answer. The steps taken in you answer is what I have done. However, the GUI you are using suggest that is a different HW, than mine (Yous seems to have a built-in AP my ZyWall-110 does not have a built-in AP it controls two external APs). For example the AP Group in my device do not have the green circles with a white plus inside. So when I add a SSID I have to create it from
Configuration >> Object  >> AP Profile >> SSID
And the GUI dialog looks the same as yours.

One thing that bothers me with my GUI is that in the AP Group (Configuration >> AP management >> AP group) at the section port settings the model specific setting always shows nwa5301-nj. In case I set it to wax610d and ok the dialog then next time I edit the profile the model specific Setting is back on nwa5301-nj. In addition, under Port Setting > VLAN Configuration I have added vlan10 using VID = 10 using Tx tagging yes for both Model Specific Settings (nwa5301-nj and wax610d).

and


Reading your post and after writing the above I checked the switches (mine are not Zyxel) and discovered two issues.

1) In the paths to the APs I had to configure VID 10 and tag-ports related to the paths. This helped for one of the APs.
2) The second AP were powered by a PoE+ switch that don't support VLAN, I will replace it.

Thanks for your post you helped with several of my questions. The problem was not my Zyxel devices but rather the switches.

/Ulf