How to Set WiFi Multiple SSID for Office Environment (when NXC is DHCP Server)

Options
Zyxel_Panda
Zyxel_Panda Posts: 97  Zyxel Employee
First Anniversary Friend Collector First Answer First Comment
edited June 2022 in SSID
  • When NXC is DHCP Server for VLAN10 and VLAN20

The example instructs how to configure VLANs and set different VLANs for different SSIDs in NXC when NXC is DHCP server for VLANs. The USG does not need to do any other settings when there are different VLANs add to the environment since NXC is a DHCP server for VLANs. In this example, we configure interfaces, set VLANs, create security and SSID profiles, and then configure AP profiles for managed APs.

image.png

Figure. Set different VLANs for different SSIDs when NXC is DHCP server


Note:

All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG20v2 (Firmware Version: V4.15), NXC5500 (Firmware Version: 5.30), GS2210-8HP (Firmware Version: V4.30).

1.1 Configure Interface ge1 to Go to Internet

1     Connect ge1 (P1) to USG LAN port. In USG, LAN ports are DHCP server and all APs get IP from LAN.

2     In the NXC, go to CONFIGURATION > Network > Interface > VLAN to set USG’s LAN IP as the gateway. Double click vlan0 to edit IP Address Assignment section. Click OK.

image.png


1.2 Configure VLAN

1     Connect Switch to NXC ge2, and connect all APs to the switch.

2     In the NXC, go to CONFIGURATION > Network > Interface > VLAN, Click Add to create a new VLAN.

image.png


3     In General Settings, check Enable.

In Interface Properties, key in Interface Name: vlan10; VID: 10

In Member Configuration, set ge2 to be a Member and Tx Tagging.

In IP Address Assignment, Use Fixed IP Address and key in IP Address, Subnet Mask, and Gateway.

In DHCP Setting, select DHCP server and key in IP Pool Start Address and Pool Size. First DNS server select to Customer Defined 8.8.8.8. The users on VLAN 10 get IP from this DHCP server. Click OK.

image.png


4     Click Add to create VLAN20 in CONFIGURATION > Network > Interface > VLAN.

image.png


5     In General Settings, check Enable.

In Interface Properties, key in Interface Name: vlan20; VID: 20

In Member Configuration, set ge2 are Member and Tx Tagging.

In IP Address Assignment, Use Fixed IP Address and key in IP Address, Subnet Mask, and Gateway.

In DHCP Setting, select DHCP server and key in IP Pool Start Address and Pool Size. First DNS server select to Customer Defined 8.8.8.8. The users on VLAN 20 get IP from this DHCP server. Click OK.

image.png


1.3 Set Policy Route

1     Set Policy Route in CONFIGURATION > Network > Routing > Policy Route to create new routing rule. Click Show Advanced Settings.

In Configuration, check Enable.

In Criteria, select Incoming as Interface and Please select one member is vlan10.

In Next-Hop, select Type as Interface and Interface is vlan0

In Address Translation, select Source Network Address Translation to outgoing-interface to use the IP address of the outgoing interface as the source IP address of the packet that matches this route. Click OK.

image.png


2     Set Policy Route in CONFIGURATION > Network > Routing > Policy Route to create new routing rule. Click Show Advanced Settings.

In Configuration, check Enable.

In Criteria, select Incoming as Interface and Please select one member is vlan20.

In Next-Hop, select Type as Interface and Interface is vlan0

In Address Translation, select Source Network Address Translation to outgoing-interface to use the IP address of the outgoing interface as the source IP address of the packet that matches this route. Click OK.

image.png


1.4 Configure Security and SSID

1     Go to CONFIGURATION > Object > AP Profile > SSID > Security List, Click Add to create a new security profile for staff.

In General Settings, key in Staff as profile name, and set security mode to wpa2.

In Authentication Settings, select to PSK and key in Pre-shared Key. Click OK.

image.png


2     Click Add to create a new security profile for guest.

In General Settings, key in guest as profile name, and set security mode to none. Click OK.

image.png


3     Go to CONFIGURATION > Object > AP Profile > SSID > SSID List and click Add to create a SSID for staff.

In Profile Name and SSID, key in Staff.

In Security Profile, select Staff.

In VLAN ID, key in 10. Click OK.

image.png


4     Click Add to create a SSID for guest in vlan20.

In Profile Name and SSID, key in guest.

In Security Profile, select guest.

In VLAN ID, key in 20. Click OK.

image.png


1.5 Configure AP Profile to Broadcast SSID

1     Go to CONFIGURATION > Wireless > AP Management > AP Group, click Edit for default group.

In Radio 1 and Radio 2, set the SSID profile, Staff and guest. Click OK to apply the configuration.

image.png


2.1 Test the Result

1     Use a laptop to select SSID Staff and key in the security setting for connection. After connection successful, laptop can get an IP in VLAN10.

image.png


2     Use a mobile phone to select SSID guest and connect to it. After connection is successful, mobile phone can get an IP in VLAN20.

image.png


3     The connected stations are visible in NXC controller MONITOR > Station Info > Station List.

image.png


3.1 What Could Go Wrong?

1     When USG is a DHCP server, users may not get IP if USG and switch do not set VLAN10 and VLAN20.

2     When NXC is a DHCP server, user may not go to Internet if the policy route does not set to outgoing-interface.

3     For the broadcasting the radio, the example only sets radio1 for 2.4GHz. If 5GHz also needs to broadcast the same setting, you can set in radio2 with the same operation steps.

Tagged:

Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)