How to step-by-step check when clients can't access the internet via Guest SSID?
Zyxel Employee
Organizations often require secure and streamlined wireless connectivity for guests usage like creating a guest SSID with different vlan subnet separated from main management vlan and enabled L2 Isolation. When user finished setup but couldn't obtain an IP address, this guide will walk you through the steps to troubleshoot and rectify such issues.
Topology and Scenario:
Gateway --- Switch --- AP ))) Guest SSID
(This article uses example Management VLAN1 & VLAN99 for guest users)
Configuration:
1. Go to Site-wide > Configure > WiFi SSID settings > Create a SSID for guest users
2. Go to Site-wide > Configure > Access points > SSID advanced settings > Set VLAN ID as 99.
In the same menu, adjust the WiFi security settings and ensure L2 isolation is enabled. Add required MAC addresses to the L2-isolation allowed list.
(VLAN Tagging for Management: Ensure the AP’s management VLAN1 is set to untagged.)
Verification:
1. IP Address Allocation: Clients connecting to Guest SSID should receive an IP address.
2. L2 Isolation: Devices with MAC addresses not in the L2-isolation list should not be able to communicate with each other.
Noted:
VLAN Mismatch: Ensure the VLAN configuration on the AP matches the switch settings. Mismatches might prevent clients from getting an IP address.
Categories
- All Categories
- 398 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 83 Nebula Status and Incidents
- 5.2K Security
- 99 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 922 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 212 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.1K FAQ
- 1K Nebula FAQ
- 445 Security FAQ
- 238 Switch FAQ
- 213 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 142 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight