Nebula joined AP Layer 2 isolation
Freshman Member
So here is the implementation I'm doing at my cliënts now: NWA210AX AP's configured in Nebula with extra SSID's in separate VLAN. VLAN configured in firewall so that it can't communicate with LAN1 and also can't communicate with ZyWALL and in Nebula Layer 2 Isolation enabled that cliënts only can communicate with LAN1 interface on Firewall.
Pretty tightened down: Cliënts can't access management interface ZyWALL, cliënts can't access other cliënts connected through wifi and they can't see devices in LAN1.
But what they have access to is the management interface of the Access points (IP in LAN1). It's strange in how this is possible because the security rule in the firewall doesn't allow this(ZyXEL FLEX 200)
All Replies
-
Not sure if you can do this with Nebula but what I have done is given AP's their own VLAN so on boot they connect by Native get the config then load on set VLAN so you can't access management interface
0 -
Hi @nielsscheldeman ,
Firstly, could you please verify if your NWA210AX is running on the latest firmware version, which is 6.60P1? Also, please check if the Captive Portal (Sign-in method) is enabled for the SSID.
If the Captive Portal is enabled and the NWA210AX firmware is not up-to-date, you can upgrade it by navigating to Configure > Firmware Management > Device Tab, selecting the device, and clicking on 'Upgrade Now'. This is a known issue that has been resolved.
Another possible reason could be a misconfiguration in the firewall rules or the VLAN settings. I would suggest double-checking the firewall rules and the VLAN configurations. Make sure that the rules are correctly applied for the VLANs are properly isolated.
In case the issue still recurs after implementing the recommendation above, please share with us your Org/ site name and enable Zyxel support by going to Help (On the top of right) > Support Request > Zyxel support Access to enable and save. Additionally, please send us the USG FLEX 200 configuration file and diagnostic file via private message. This will allow us to review your specific firewall rules and any other relevant configurations.
Be a Community MVP: Win a VIP Deal Dash on Your Next Zyxel Purchase!
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 395 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 82 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 415 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
