How to direct packets with a specific VLAN ID to the WAN only
I have a WAP on which I have setup a Guest WiFi SSID. That SSID is assigned the VLAN ID of 20…so all traffic on that SSID is tagged with VLAN ID 20.
The WAP is connected directly to a managed switch which is properly setup to direct traffic, coming from the WAP tagged with VLAN ID 20, to the LAN1 port of the Zyxel VPN100.
What I can't figure out is how to setup the Zyxel VPN100 to only allow the VLAN tagged traffic to have access to the WAN port on the Zyxel VPN100 and no access back to the local network.
In short, I want to give network traffic tagged with VLAN ID 20 internet access only.
All Replies
-
So you have it tag all the way to the switch then untag it to LAN1 on VPN100?
Zyxel have default rules that allow LAN1 to other LANs which you should check and change
so if guest is on LAN1 do you have another subnet LAN2? For other traffic?
It be best to make a VLAN on the VPN100 with VLAN20 on base port LAN1 then tag from the switch to VPN 100 you should make a new zone 1st like VLAN20_guest to set the zone for VLAN20 then you can make a routing rule if needed from VLAN20 to next hop WAN and a policy control rule VLAN20_guest to WAN
0
Guru Member
Categories
- All Categories
- 398 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 83 Nebula Status and Incidents
- 5.2K Security
- 99 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 923 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 212 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.1K FAQ
- 1K Nebula FAQ
- 445 Security FAQ
- 238 Switch FAQ
- 213 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 142 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
