NWA50AX Layer 2 Isolation
Dear Support,
Recently Enabled Intra-BSS Traffic blocking for ssids on Radio 1 2.4G
Currently i am facing issues with client connected via Radio 1 with enabled Layer-2 Isolation Profile cannot communicate 11b/g (within same SSID)
when clients connect via Radio 2 5G on the same SSID can communicate,
Thanks
Julian
All Replies
-
Hi @JJANP
Enabling Intra-BSS traffic blocking may result in the blocking of traffic within the same SSID and same AP. However, Layer-2 isolation offers another level of security by preventing WiFi clients from communicating with other WiFi clients, APs, computers or routers on the network. It's important to note that Intra-BSS traffic blocking and Layer-2 isolation function aren’t related to Wi-fi standards (802.11 a/b/g/n/ac/ax).
For more information on this topic, you may refer to the following article:
How to set up Guest access to the network on Standalone mode — Zyxel CommunityIf you are experiencing any issues with the functionality of Intra-BSS traffic blocking on your site, please share with us the symptom in detail and provide us with the following information so that we can assist you better:
- What is the firmware version of your NWA50AX? It’s recommend to update your AP to the latest firmware V6.29(ABYW.1)C0.
- Please collect your AP diagnostic file and config file (startup-config.conf) and send them to us. This will allow us to investigate the issue more efficiently.
Kay
Kay
0 -
Kay thanks a lot for your quick response.
Would like to clear how i configured.
Enabling Intra-BSS traffic prevents WiFi clients from communicating with other WiFi clients within the same SSID (once i have enable clients within that SSID was not able to communicate each other)
Then i configured Layer-2 Isolation Profile: Allow devices with these MAC addresses:
Specified the MAC address of the devices that can communicate each other.
Client-A: Connected to Radio-1 2.4 Was not able to connect to the printer
Client-B: Connected to Radio-2 5G can communicate with the printer
Printer: Connected to Radio-1 2.4
Then moved the client B to Radio-1 2.4
Client-B: Connected to Radio-2 5G (client was not able to connect to the printer)
V6.29(1) / 2022-11-04 15:20:39
This was really strange problem i faced.
i will send you startup-config file
Thanks
Julian
0 -
Hi @JJANP
Based on your description, it seems that you have enabled Layer-2 Isolation on Radio 1 (2.4GHz), which is why the client connected to that radio was unable to communicate with other clients in the same 2.4GHz SSID, except for the ones in the Layer-2 Isolation Profile's allow list.
Then moved the client B to Radio-1 2.4
Client-B: Connected to Radio-2 5G (client was not able to connect to the printer)
Regarding your statement, could you please clarify if you meant that you moved Client B to Radio 1 or if it's still connected to Radio 2? If Client B is connected to Radio 1, it won't be able to communicate with other clients in the same 2.4GHz SSID.
Kay
Kay
0 -
Kay thanks a lot for your quick response.
Would like to clear how i configured.
Enabling Intra-BSS traffic prevents WiFi clients from communicating with other WiFi clients within the same SSID (once i have enable clients within that SSID was not able to communicate each other)
Then i configured Layer-2 Isolation Profile: Allow devices with these MAC addresses:
Specified the MAC address of the devices that can communicate each other.
Client-A: Connected to Radio-1 2.4 Was not able to connect to the printer
Client-B: Connected to Radio-2 5G can communicate with the printer
Printer: Connected to Radio-1 2.4
Then moved the client B to Radio-1 2.4
Client-B: Connected to Radio-2 5G (client was not able to connect to the printer)
V6.29(1) / 2022-11-04 15:20:39
This was really strange problem i faced.
i will send you startup-config file
Thanks
Julian
0 -
Hi Kray,
Client B is connected to Radio 1 2.4GHz and cannot communicate.
Is there any possibility to allow certain clients in 2.4GHz to communicate each other.
In my use case all clients in 2.4GHz & 5GHz need to access the Printer that is connected to 2.4GHz Radio 2
Thanks
Julian
0 -
Hi @JJANP,
To address your need for allowing your 2.4GHz and 5GHz clients to access the printer, you may create a separate 2.4GHz SSID exclusively for the printer and leave all your clients to connect to the default 2.4GHz printer. For example:
Radio1:
- SSID_24GHz (Disable Layer-2 isolation, enable Intra-BSS Traffic blocking)
- SSID_for_Printer
Radio 2:
- SSID_5G
This way, your clients will be able to access the printer without any issues while still maintaining the security provided by Intra-BSS Traffic Blocking.
Hope this solution works for you.
Kay
Kay
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
