Wireless Clients List in DHCP Table Using Mgmt Vlan Interface

jayd691
jayd691 Posts: 20  Freshman Member
Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula
in Security

I have a USG Flex 700, GS1920-24 HPv2, and a Mist AP-41 on my network. I have 5 Vlans with Mgmt Vlan being 1 and 10,20,40,50 as the others. Each Vlan has a corresponding SSID on the Access point.

My problem is when I connect any new wireless clients to the network, they always seem to connect under the Mgmt Interface on the firewall instead of the correct interface on the firewall corresponding to the Vlan on the switch and AP. I show 20-30 IP/MAC bindings on the interface for the mgmt instead of only 2 (switch/ap). I used to have it setup router-on-a-stick method but have enough ports that I set it up on individual ports instead for better throughput and control.

I do not have vlans setup on the firewall and have each port setup as a /24 for each of the 5 vlans. It all works ok, but it seems like it could be better if the non-mgmt clients would connect to the correct interface, it would be smoother.

What have a done wrong? Should I have used Vlans on the firewall and if so how?

Thank you,

Jay

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,584  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @jayd691 ,

    Please refer to the articles below for instructions on configuring VLANs on the USG Flex 700 and GS1920-24 HPv2.

    USG Flex 700:

    https://community.zyxel.com/en/discussion/19397/how-to-configure-a-vlan-interface-with-dhcp-server-in-on-premise-mode-firewall

    GS1920-24 HPv2:

    https://community.zyxel.com/en/discussion/19489/tutorial-of-switch-vlan-configuration-v4-80

    Untitled Image

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • jayd691
    jayd691 Posts: 20  Freshman Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula

    Thank you for the assistance Zyxel_Judy.

    I do know how to create the actual interface on the firewall and switch, but I am unsure of how to setup the firewall for the vlans.

    1. What do I use for the base port for the vlans?
      1. Do I create a network just for the firewall itself and then use that for the base port for all the vlans?
      2. Do I need to combine the multiple ports together LAG style and then use a separate network for each base port?

    These are my major issues with adding vlans on the firewall. Right now, I just use a /24 subnet as a port on the firewall which then I have connected to the corresponding vlans on the switch and the AP which is LAG to the switch router-on-a-stick style as there are only 2 ports on the AP.

  • PeterUK
    PeterUK Posts: 3,387  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited November 16

    I seem to not get how you have done this without VLANs so its down to your switch setup for the VLAN to then untag to a given port on Flex 700?

    So if port 24 was the AP and ports 1-5 to Flex 700 ports
    VLAN 1 ports 24 and 1 untag ports 24,1 PVID 1 ports 2-5 forbidden

    VLAN10 port 24 tag port 2 untag port 2 PVID 10 ports 1, 3-5 forbidden
    VLAN20 port 24 tag port 3 untag port 3 PVID 20 ports 1-2, 4-5 forbidden
    and so on?

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)