How to configure a vlan with DHCP server and an external access point on zyxel USG 60

BlueTeam

How to configure a vlan with DHCP server and an external access point on zyxel USG 60. Thanks

Zyxel_Emily

Hi @BlueTeam,

If you'd like to connect external access point to a managed switch with vlan support, follow the settings below to configure the name, zone, base port and VLAN ID.

You have to configure the corresponding PVID setting on the managed vlan switch.

USG60(vlan)-----managed switch-----external access point

If you just need to separate the subnet of the external access point from LAN1, assign LAN2 for a port and connect the external access to this port.

itxnc

You also will want to manipulate your Security Policy. By default LAN1 can access any network (which may not be what you want). And in the above example, you're still in the LAN1 zone. We usually create  a separate ZONE for the VLAN, select it as the zone in the VLAN config (leave baseport LAN1 if you're using tagged VLAN or say lan2 if you use one of the USG ports for the access point like mentioned above), and that allows for more granular security control

We generally disable the LAN1 to ANY policy and create a LAN1 to WAN. Then you have to create a rule for each VLAN to WAN and also each VLAN to the ZyWALL router (here's a config with many VLANs):

This also makes it easy to have different content filter profiles for public wifi, etc.

For the ZyWall rule you should limit what can reach the ZyWall. We create a service group called Default_Allow_VLAN_to_ZyWALL and add six services (including 3 ICMP you have to add):

This setup has worked well for us at multiple sites.

BlueTeam

Hi

OK

thank you very much