NWA210AX | Capative Portal not working with L2 Isolation

Options
Kilian
Kilian Posts: 3
Friend Collector First Comment
edited May 21 in Wireless

Hi,

I’m using Nebula managed NWA210AX together with XMG1950-10E Switches and an OPNsense Firewall.

I want to host an open WiFi-Hotspot with Nebula Authentication and L2 Isolation. My problem is, that the capative portal is not working anymore when L2 Isolation is activated.

MAC-Adresses of the Guestnetwork Interface and the Gateway are whitelisted in nebula.

If I deactivate the Authentication every works fine. If I activate it, clients cannot connect to Internet and Capative Portal doesn’t show up.

HTTPs is not allowed till authentication.

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,757  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Kilian,

    I did a quick test in my lab and the capative portal shows up when enabling L2 Isolation. Could you enable Zyxel support and PM me your org/site name for me to check? Thanks in advance.

    Zyxel Melen

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,757  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Kilian,

    The captive portal shows up after the client can resolve DNS. Please check your OPNsense firewall's policy rule if it allows this VLAN traffic. I used the configuration below and my clients can automatically pop out the captive portal page. And if my OPNsense firewall doesn't allow VLAN 2 traffic, the captive portal won't show up after connecting this SSID.

    Hope it helps.

    Zyxel Melen

  • Kilian
    Kilian Posts: 3
    Friend Collector First Comment
    Options

    Hi Melen,

    I double checked my Opnsense configs and everything seems to be fine.

    Until I activate both, L2 Isolation and authentication via captive portal, I can see traffic in the live logs between client, firewall interfaces and internet. If I activate both features there is no traffic anymore.

    That means:

    SSID BSKS-Hotspot with activated L2 Isolation and deactivated captive portal → works.

    SSID BSKS-Hotspot with deactivated L2 Isolation and activated captive portal → works.

    SSID BSKS-Hotspot with activated L2 Isolation and activated captive portal → doesn't work.

    Thx and best regards,

    Kilian

  • Zyxel_Melen
    Zyxel_Melen Posts: 1,757  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Kilian,

    So "SSID BSKS-Hotspot with deactivated L2 Isolation and activated captive portal → works." means the captive portal shows up, right?

    To investigate deeper, could you allow me to access your firewall to check your firewall's configuration first? I will send you my public IP in the private message. Thanks in advance.

    Zyxel Melen

  • Kilian
    Kilian Posts: 3
    Friend Collector First Comment
    Options

    Hi Melen,

    right, that means, that the portal shows up. I can give you access to my firewall but only via teamviewer.

    FYI: I do not use VLANs on my opnsense. VLANs only configured on my switches and these are connected to phisycal interfaces on the opnsense.