How to configure a vlan with DHCP server and an external access point on zyxel USG 60
All Replies
-
Hi @BlueTeam,
If you'd like to connect external access point to a managed switch with vlan support, follow the settings below to configure the name, zone, base port and VLAN ID.
You have to configure the corresponding PVID setting on the managed vlan switch.
USG60(vlan)-----managed switch-----external access point
If you just need to separate the subnet of the external access point from LAN1, assign LAN2 for a port and connect the external access to this port.
0 -
You also will want to manipulate your Security Policy. By default LAN1 can access any network (which may not be what you want). And in the above example, you're still in the LAN1 zone. We usually create a separate ZONE for the VLAN, select it as the zone in the VLAN config (leave baseport LAN1 if you're using tagged VLAN or say lan2 if you use one of the USG ports for the access point like mentioned above), and that allows for more granular security control
We generally disable the LAN1 to ANY policy and create a LAN1 to WAN. Then you have to create a rule for each VLAN to WAN and also each VLAN to the ZyWALL router (here's a config with many VLANs):
This also makes it easy to have different content filter profiles for public wifi, etc.
For the ZyWall rule you should limit what can reach the ZyWall. We create a service group called Default_Allow_VLAN_to_ZyWALL and add six services (including 3 ICMP you have to add):
This setup has worked well for us at multiple sites.1 -
HiOKthank you very much0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight