VLAN Setup for WiFi across multiple APs
Hello! I need help configuring my home network. I have 3 Zyxel access points connected to a XS1930-12HP switch. The access points are plugged into the switch via ports 1, 2, and 3. These are configured as trunc ports (tx tagging enabled, pvid=1, management control=1). I have defined 3 VLANS, each mapped to an individual SSID and network : 1010(mgmt,10.10.10.1/24), 1020(IOT, 10.10.20.1/24), and 1030(guest, 10.10.30.1/24). For port 1,2,3, allowed VLANS=1, 1010,1020,1030. I use port 12 as the link, connecting to a VLAN-aware pfSensefirewall. This is also defined as a trunc port, has management control enabled, and has the same allowed VLANS (1,1010,1020,1030). Additionally, this port has loop guard enabled (hence spanning tree protocol is disabled on the switch at large). I also have a few ACL rules set up: two that pass UDP traffic to the destination firewall LAN for DHCP / ip assignment (allow UDP from any MAC to firewall lan network ip on ports 67,68, any VLAN) one that allows any traffic from the firewall LAN network to the interface mac (alllow any protocol from any MAC, source=firewall LAN network, destination=MAC/FF:FF:FF:00:00:00, any VLAN), a rule that allows the inverse (source=MAC/FF:FF:FF:00:00:00, destination=firewall LAN network)
Presently my APs are blinking green and orange and all of my components are marked as offline in the Nebula cloud portal. I believe the issue is rooted in the VLAN definition / tagging setup or something to do with spanning tree protocol? Any guidance here would be greatly appreciated!
All Replies
-
Hi @slurrrp,
I found you have raised a ticket for this problem. We have checked the log and didn't see the port has been blocked because of the loop guard and STP should take effect if there is a ring topology, based on your description, it should not relate to STP.
In addition, all of your devices are disconnected from the Nebula server, may I know if you are still surfing the Internet or not? Your VLAN configuration is fine, could you please check if your firewall has allowed UDP port 123 (for NTP) and TCP 4335 and 6667, for more detailed information please check in Help > Firewall information.
If still have the issue, please help to collect the tech support file via login to switch local GUI.
Zyxel Melen
0
Zyxel Employee
Categories
- All Categories
- 395 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 83 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 415 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
