"Easy mode" "Guest Wi-Fi" cannot adjust VLANs for guest Isolation

ppandmary
ppandmary Posts: 15
First Anniversary
edited August 2022 in WirelessLAN
Beta testing VLAN100 for corporate wifi and VLAN 200 for Guest Wi-Fi on new USG60; latest fw. Could not get internet access on switches configured VLAN100 or 200.

So go with easy mode..... GUI shows LAN1: P3 p4 p5 wired and Wi-Fi. Guest network: P6 wired and "Guest Wi-Fi". Super......NOT!

Wired Guest is on separate IP range, for P6
"Guest Wi-Fi" is on same range as P3, P4, P5.

Cannot get P6 Wi-Fi to be on correct IP range

I have searched all the KBs and attempted most. Please do not respond with a link without reviewing the whole issue. i.e. how to set up VLAN, how to L2 isolation, etc

Thanks in advance. Paul
«13

All Replies

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2021

    Don't use Easy mode

    What are you using as a AP? is the USG60 acking as the controller? 

    Your VLAN setup on the switch? or and setup on the USG60?

    Can you draw out the setup   
  • ppandmary
    ppandmary Posts: 15
    First Anniversary
    That is what I figured. WAC6503D-s Been working on vLans all last week. The only way I have been able to get vLan 100 or 200 to internet connect is to set them as management. Then usually have to reset AP and start over.
  • ppandmary
    ppandmary Posts: 15
    First Anniversary
    Will removing the associated EZ ssids break the EZ connection. Or have to remove objects as well?
  • ppandmary
    ppandmary Posts: 15
    First Anniversary
          USG60 Controller
                |
           Switch
                |
              AP

    Or: USG60 controller
                |
               AP


    Or:   USG60
                |
               AP configured as a stand-alone

    I removed the switch for stage isolating no wan connection. I have not reset the AP as stand alone.

    Idea is begin simple and add complexity

    Simple means no EZ, 1 VLAN, no controller.
    Next add controller
    Next add switch
  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Its some what hard to remove EZ settings but you can set up around them so their not in use.

    Its easier if the WAC6503D-s is connected to the USG60

    The way I have done a guest network is LAN1 P4 as non-guest SSID Local bridge VLAN 1 VLAN Support off.

    Make a VLAN 200 on the USG60 base port LAN1 make a zone call it Guest Wi-Fi so its not lan1 SSID Local bridge VLAN 100 VLAN Support on.

    Have a routing rule from Guest Wi-Fi to WAN1 and a firewall rule


  • ppandmary
    ppandmary Posts: 15
    First Anniversary
    OK will start w 6503 attached to USG. Get it working then post again.

    PS: It was not too hard to repl EZ. Reset, back to 1234 pw. Starting again.

    I thought EZ was too EZ. WiFi/Guest wizard is useless except for home use. This is not home hardware.

    Thanks will get to it. Frustrated Paul.
  • ppandmary
    ppandmary Posts: 15
    First Anniversary

    The way I have done a guest network is: 

    LAN1 P4 as non-guest SSID Local bridge VLAN 1 VLAN Support off.
    1) P3,4,5 Lan1 (P6 is guest interface), ssid is default Zyxel vLan support off..... OK

    Make a VLAN 200 on the USG60 base port LAN1 make a zone call it Guest Wi-Fi so its not lan1 SSID Local
    bridge VLAN 100 VLAN Support on. Zone GuestWiFi members guest and vLan200
    1) vLan200, base port lan1, id 200, fixed ip 0.0.0.0, dhcp: none, Enable proxy arp ,
    2)Zone User config added: GuestWifi, member: vLan200 & guest
    3) SSID: GuestSSID, local bridge, vLan ID: 200 vLan support : ON

    Have a routing rule from Guest Wi-Fi to WAN1 and a firewall rule????
    1) Policy Control??? New object: GuestPolicy from: GuestWiFi to: WAN other fields: default
    2) Routing rule????

    Zyxel SSID only 1 broadcasting Has internet. Guestssid SSID not broadcasting.

  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 360  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited April 2021
    Hi @ppandmary

    Our easy mode does not support to configure VLAN setting for the SSID. If you need to use VLAN interface for the stations, you have to use expert mode.
    According to your requiremen, you need two SSID. One is with VLAN100, and another is with VLAN200. Here is the SOP to create two AP profiles that I assume you only have one AP which is connected to LAN1 itnerface.
    First, please ensure the AP has been managed by USG60, and connect the AP to the lan1.
    1. Create VLAN100 and VLAN200 interfaces based on lan1 with static IP address and DHCP server.

    2. Create 2 AP profiles. One is for VLAN100, and another is for VLAN200. Please add the security profiles if needed.



    The station should get different IP address when connecting to different SSID. Not sure what you need for Guest WiFi. Please describe your requirement more detail, then I will know how to provide the suggested configurations.

    Joslyn
  • ppandmary
    ppandmary Posts: 15
    First Anniversary
    This is beta testing. All guest wifi needs so far is isolation and internet.
    A) Create VLAN100 and VLAN200 interfaces based on lan1 with static IP address and DHCP server.
    DONE.
    B) Create 2 AP profiles. One is for VLAN100, and another is for VLAN200. Please add the security profiles if needed.
    DONE.
    C) The station should get different IP address when connecting to different SSID.
    YES different IP ranges for diff SSID. Only Zyxel SSID can ping 8.8.8.8 all others no internet.

    6 picts attached showing vLan100













  • ppandmary
    ppandmary Posts: 15
    First Anniversary
    Once wifi is set Threshold and steering will be set for both SSIDs