How to step-by-step check when clients can't access the internet via Guest SSID?
Organizations often require secure and streamlined wireless connectivity for guests usage like creating a guest SSID with different vlan subnet separated from main management vlan and enabled L2 Isolation. When user finished setup but couldn't obtain an IP address, this guide will walk you through the steps to troubleshoot and rectify such issues.
Topology and Scenario:
Gateway --- Switch --- AP ))) Guest SSID
(This article uses example Management VLAN1 & VLAN99 for guest users)
Configuration:
1. Go to Site-wide > Configure > WiFi SSID settings > Create a SSID for guest users
2. Go to Site-wide > Configure > Access points > SSID advanced settings > Set VLAN ID as 99.
In the same menu, adjust the WiFi security settings and ensure L2 isolation is enabled. Add required MAC addresses to the L2-isolation allowed list.
(VLAN Tagging for Management: Ensure the AP’s management VLAN1 is set to untagged.)
Verification:
1. IP Address Allocation: Clients connecting to Guest SSID should receive an IP address.
2. L2 Isolation: Devices with MAC addresses not in the L2-isolation list should not be able to communicate with each other.
Noted:
VLAN Mismatch: Ensure the VLAN configuration on the AP matches the switch settings. Mismatches might prevent clients from getting an IP address.
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight