How to step-by-step check when clients can't access the internet via Guest SSID?

Zyxel_Bella
Zyxel_Bella Posts: 526  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch 50 Answers

Organizations often require secure and streamlined wireless connectivity for guests usage like creating a guest SSID with different vlan subnet separated from main management vlan and enabled L2 Isolation. When user finished setup but couldn't obtain an IP address, this guide will walk you through the steps to troubleshoot and rectify such issues.

Topology and Scenario:

Gateway --- Switch --- AP ))) Guest SSID

(This article uses example Management VLAN1 & VLAN99 for guest users)

Configuration:

1. Go to Site-wide > Configure > WiFi SSID settings > Create a SSID for guest users

2. Go to Site-wide > Configure > Access points > SSID advanced settings > Set VLAN ID as 99.

In the same menu, adjust the WiFi security settings and ensure L2 isolation is enabled. Add required MAC addresses to the L2-isolation allowed list.

(VLAN Tagging for Management: Ensure the AP’s management VLAN1 is set to untagged.)

Verification:

1. IP Address Allocation: Clients connecting to Guest SSID should receive an IP address.

2. L2 Isolation: Devices with MAC addresses not in the L2-isolation list should not be able to communicate with each other.

Noted:

VLAN Mismatch: Ensure the VLAN configuration on the AP matches the switch settings. Mismatches might prevent clients from getting an IP address.