Nebula joined AP Layer 2 isolation

nielsscheldeman
nielsscheldeman Posts: 49  Freshman Member
First Comment Friend Collector Second Anniversary
edited November 2023 in Nebula

So here is the implementation I'm doing at my cliënts now: NWA210AX AP's configured in Nebula with extra SSID's in separate VLAN. VLAN configured in firewall so that it can't communicate with LAN1 and also can't communicate with ZyWALL and in Nebula Layer 2 Isolation enabled that cliënts only can communicate with LAN1 interface on Firewall.

Pretty tightened down: Cliënts can't access management interface ZyWALL, cliënts can't access other cliënts connected through wifi and they can't see devices in LAN1.

But what they have access to is the management interface of the Access points (IP in LAN1). It's strange in how this is possible because the security rule in the firewall doesn't allow this(ZyXEL FLEX 200)

All Replies

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Not sure if you can do this with Nebula but what I have done is given AP's their own VLAN so on boot they connect by Native get the config then load on set VLAN so you can't access management interface

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,584  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @nielsscheldeman ,

    Firstly, could you please verify if your NWA210AX is running on the latest firmware version, which is 6.60P1? Also, please check if the Captive Portal (Sign-in method) is enabled for the SSID.

    image.png

    If the Captive Portal is enabled and the NWA210AX firmware is not up-to-date, you can upgrade it by navigating to Configure > Firmware Management > Device Tab, selecting the device, and clicking on 'Upgrade Now'. This is a known issue that has been resolved.

    image.png

    Another possible reason could be a misconfiguration in the firewall rules or the VLAN settings. I would suggest double-checking the firewall rules and the VLAN configurations. Make sure that the rules are correctly applied for the VLANs are properly isolated.

    In case the issue still recurs after implementing the recommendation above, please share with us your Org/ site name and enable Zyxel support by going to Help (On the top of right) > Support Request > Zyxel support Access to enable and save. Additionally, please send us the USG FLEX 200 configuration file and diagnostic file via private message. This will allow us to review your specific firewall rules and any other relevant configurations.

    Untitled Image

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)