[USG20W-VPN] VPN error while assigning a profile to local AP
Hello,
I'm getting the below error when I'm assigning a profile to the local-ap with:
ap-group-member
[ap_group_profile]
member local-ap
Knowing that I have also the following configuration:
wlan-ssid-profile [
ssid_profile
]
>{…}
>outgoing-interface lan1
***
sslvpn policy Main_SSL_VPN
>{…}
>network-extension network LAN1_SUBNET
>network-extension network DMZ_SUBNET
If I remove "network-extension network LAN1_SUBNET", the error is not popping out anymore.
I don't see an immediate link between an AP profile and a VPN network extension that could explain such an error. Also, I had previously this configuration working on a USG40W.
Could you help me figure it out ?
Happy to give you more details if needed.
Thanks,
Chris
All Replies
-
Hi @Chris10,
May I know how did you change the settings? By command line or by web GUI?
0 -
Hello @Zyxel_Melen ,
By command line.
The GUI changed, and I'm not able to set AP profiles/AP groups anymore through the GUI (I only have "Built-in AP" menu).
0 -
Hi @Chris10,
Thanks for the information. Since USG20W-VPN doesn't support the AP controller function, you won't see the controller option, and cannot apply this configuration.Below table is from USG20W-VPN user's guide:
For manage your Zyxel APs, please consider upgrade the firewall models to which support AP controller functions, like USG FLEX 100 or above. Or, you can use Nebula control center for centrolized management.
0 -
Hi @Zyxel_Melen ,
Thanks for the information.
What would be an equivalent basic configuration with 2 SSID (and 2 different outgoing-interface for those) for this model ?
Is it possible to completely disable built-in AP by command line ?
- Somehting like this :
ap-group-profile Disabled-WLAN
slot1 ap-profile default
slot1 output-power 0dBm
ap-group-profile Enabled-WLAN
slot1 ap-profile default
slot1 output-power 30dBm
0 -
Hi @Chris10,
Apologize for the delayed reply. Let me answer the second question first.
Please enter the command
show capwap ap all
to find the default SSID profile. Then use the commands below to disable the default SSID. P.S. You might need to disable more than one slot.#Configure terminal
(config)#Capwap ap local-ap
(AP local-ap)#no <slot x> ssid-profile 1
You can also edit the default SSID to have 2 different SSID that each using different outgoing interfaces.
Please check the CLI reference guide USG20-VPN_V5.37.pdf Chapter 9 Wireless LAN profiles > SSID profile commands(page 89) for more details.
By the way, you may also use web GUI to edit. The path is Wireless > Built-in AP > General >Add/Edit SSID.
Hope it helps.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 264 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 244 Service & License
- 383 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 84 About Community
- 71 Security Highlight