configure private and guest WLAN on NWA1123-AC-PRO with USG110

SiSZyComm
SiSZyComm Posts: 10
First Anniversary First Comment
edited August 2022 in WirelessLAN
Dear community

oh boy, it looks like I bought the wrong AP.

I have a NWA1123-AC-PRO and USG110 with latest firmware as of today.

What I simple want, is to setup up a WLAN for guests and a WLAN for to access my other devices in the network.

I configured/definied
- LAN1 with USG ports 4,5,6, IP 192.168.2.x
_ LAN2 with USG ports 7, IP 192.168.3.x, which connects to tue NWA1123
- SSID "guest", with Layer-2-Isolation for my USG110
- SSID "intern"

What I actually want is, that
- all devices connected to SSID "intern" have access to the LAN1 devices.
- all devices connected to SSID "guest" cannot access any other device.
- disallow devices from "guest" to connect Web GUI of NWA1123

I had older USG20W and 60W devices, where I could define for each SSID their own IP-Subnet. There it was simple to achieve my intention with routing and firewall rules.

but with this NWA1123 I have no clue, how to achieve this simple network topo, altough I asked my reseller if private/guest-wlan setup is supported.

cheerioh
SiSZyComm




All Replies

  • Zyxel_Freda
    Zyxel_Freda Posts: 397  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @SiSZyComm,
    Here's suggestion for your reference.
    1. SSID setting on NWA1123-AC PRO
     - set SSID "intern" to VLAN20
     - set 
    SSID "guest" to VLAN10, and enable intra-BSS and L2-isolation to let the connected wireless stations be not able to connect to each other. In L2-isolation, please add the USG port 7 mac address and all other devices you want to let the stations connect, like a printer.

    2. Set policy rules in USG110
     - from VLAN20 to LAN1 allow
     - from VLAN10 to WAN allow
     - from VLAN10 to Zywall deny
     - from VLAN10 to any deny