How to configure a vlan with DHCP server and an external access point on zyxel USG 60

BlueTeam
BlueTeam Posts: 9
First Anniversary First Comment
edited April 2021 in Security
How to configure a vlan with DHCP server and an external access point on zyxel USG 60. Thanks

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @BlueTeam,

    If you'd like to connect external access point to a managed switch with vlan support, follow the settings below to configure the name, zone, base port and VLAN ID.

    You have to configure the corresponding PVID setting on the managed vlan switch.

    USG60(vlan)-----managed switch-----external access point



    If you just need to separate the subnet of the external access point from LAN1, assign LAN2 for a port and connect the external access to this port.



  • itxnc
    itxnc Posts: 98  Ally Member
    First Anniversary 10 Comments Friend Collector
    edited October 2019
    You also will want to manipulate your Security Policy. By default LAN1 can access any network (which may not be what you want). And in the above example, you're still in the LAN1 zone. We usually create  a separate ZONE for the VLAN, select it as the zone in the VLAN config (leave baseport LAN1 if you're using tagged VLAN or say lan2 if you use one of the USG ports for the access point like mentioned above), and that allows for more granular security control

    We generally disable the LAN1 to ANY policy and create a LAN1 to WAN. Then you have to create a rule for each VLAN to WAN and also each VLAN to the ZyWALL router (here's a config with many VLANs):

    This also makes it easy to have different content filter profiles for public wifi, etc.

    For the ZyWall rule you should limit what can reach the ZyWall. We create a service group called Default_Allow_VLAN_to_ZyWALL and add six services (including 3 ICMP you have to add):

    This setup has worked well for us at multiple sites.
  • Hi
    OK
    thank you very much

Security Highlight