NWA110AX cannot connect to NCC

businessuer
businessuer Posts: 134  Ally Member
First Comment Friend Collector First Anniversary
edited May 2022 in Nebula
Firewall and switch are online in NCC.
They using 10.X.X.X ip address.
AP also can get ip address of 10.X.X.X.
However, they cannot go online in NCC.
They blinking orange/green 1 second interval.

I try connect laptop to switchport can go internet. 
So AP should be able to go internet.
Please advice.

Accepted Solution

  • Zyxel_Richard
    Zyxel_Richard Posts: 254  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Security
    edited May 2022 Answer ✓
    Regarding to the VLAN setting on the firewall, it's behavior is:

    1.  If there's no VLAN ID set on lan1, firewall will be able to receive and reply the packets which don't have any VLAN tag on it.
    2.  After you add VLAN ID=1 on lan1, firewall can only reply to the packets which is tagged with "1" (And by default, most network devices won't tag their packet with "1")

    In our local test, with the VLAN ID=1 set on lan1, none of the devices can get IP address in the default setting (due to the point 2 I've mentioned above).

    Hence, in our default settings, there's no VLAN ID set on this lan1 Interface, so that users don't need additional settings to get their devices access Internet and NCC online. (just connect their devices together with the Internet access)

    Back to the case, if your PC/Switch keeps NCC online and even can get IP address when you set VLAN ID=1 on firewall's lan1, there must be some settings on the switch or other network devices, so that the traffic towards the firewall is tagged with "1". So you can check if the related setting is also applied to the other devices which is located between AP and Firewall.

    If you want to further dig in this case, please let us know the name of your Nebula Organization and Site, and  enable the zyxel support function of your site, so that we can check the setting and related logs in your site .
     (Directory: Help > Support Request > Invite Zyxel Support as the Aadministrator > Save) 

    Best Regards,
    Richard

All Replies

  • businessuer
    businessuer Posts: 134  Ally Member
    First Comment Friend Collector First Anniversary
    Hi,
    I realized that if I put vlan 1 in firewall interface, device will not come online.
    If I put vlan id as blank, devices come online.
    Can help to explain this? 


  • Zyxel_Richard
    Zyxel_Richard Posts: 254  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Security
    edited May 2022 Answer ✓
    Regarding to the VLAN setting on the firewall, it's behavior is:

    1.  If there's no VLAN ID set on lan1, firewall will be able to receive and reply the packets which don't have any VLAN tag on it.
    2.  After you add VLAN ID=1 on lan1, firewall can only reply to the packets which is tagged with "1" (And by default, most network devices won't tag their packet with "1")

    In our local test, with the VLAN ID=1 set on lan1, none of the devices can get IP address in the default setting (due to the point 2 I've mentioned above).

    Hence, in our default settings, there's no VLAN ID set on this lan1 Interface, so that users don't need additional settings to get their devices access Internet and NCC online. (just connect their devices together with the Internet access)

    Back to the case, if your PC/Switch keeps NCC online and even can get IP address when you set VLAN ID=1 on firewall's lan1, there must be some settings on the switch or other network devices, so that the traffic towards the firewall is tagged with "1". So you can check if the related setting is also applied to the other devices which is located between AP and Firewall.

    If you want to further dig in this case, please let us know the name of your Nebula Organization and Site, and  enable the zyxel support function of your site, so that we can check the setting and related logs in your site .
     (Directory: Help > Support Request > Invite Zyxel Support as the Aadministrator > Save) 

    Best Regards,
    Richard
  • businessuer
    businessuer Posts: 134  Ally Member
    First Comment Friend Collector First Anniversary
    I understand but this "no vlan" should be indicated somewhere.
  • Zyxel_Richard
    Zyxel_Richard Posts: 254  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Security
    Hi Businessuer,

    Can you please give us more information about why you'd like to change the default setting and add VLAN ID=1 on lan1 interface?

    Because based in our design, by default there's no need to change the VLAN ID, and if user realize they have the requirement to modify the VLAN (especially set the VLAN"1" ), they should have already familiar with the technology and related setup process.

    Best Regards,
    Richard
  • businessuer
    businessuer Posts: 134  Ally Member
    First Comment Friend Collector First Anniversary
    Hi Richard,
    Normally people add it to "play safe".
    I mean that this feature should be made known to users in the guide or something.
    We is waste time troubleshooting.
  • Zyxel_Richard
    Zyxel_Richard Posts: 254  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Security
    Hi Sir,

    Thank you for letting us know your concern and scenario. We'll keep collecting users' opinion and see how to improve our products and make it more user-friendly.

    Best Regards,
    Richard

Nebula Tips & Tricks