Help setting up VLAN and multiple SSID with NWA1123-ACv2 and XGS1250-12

BobETSmith
BobETSmith Posts: 4
edited August 2022 in Switch
Hello,
I have a small network that I'd like to set segregate the traffic using SSIDs and VLANs.
Something like this:



I have created the VLANs on my firewall and switch, like so (treat VLAN 102 as 201, typo above):

Not sure where I can create the wifi AP virtual addresses (gateway for that particular subnet)?

What do I set the PVID to if the device is VLAN aware?

Thanks

Accepted Solution

  • BobETSmith
    BobETSmith Posts: 4
    Answer ✓
    Update
    The information regarding tagging the port orange has helped greatly. Making it orange basically trunks that particular VLAN.

    I've update the diagram:


    The VLAN ID is tagged by the FW which is trunked by port 09 on the switch.
    This is passed to port 02 with all 3 VLANs.

    I will need to tag port 01 (VLAN 101) green as Server1 doesn't talk VLANs.



    Thanks for your help Zyxel_Adam

All Replies

  • Zyxel_Adam
    Zyxel_Adam Posts: 332  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022
    BobETSmith,

    Welcome to Zyxel Community!

    Not sure where I can create the wifi AP virtual addresses (gateway for that particular subnet)?
    > May I confirm that if you would like to configure an IP address for each VLAN? If so, XGS1250-12 does not support it, it can only configure Management VLAN.

    What do I set the PVID to if the device is VLAN aware?
    > If a device is VLAN aware and you would like to use multiple VLAN tags to it, you will need to use Tag(Orange color) on wanted VLAN and keep port PVID as 1.

    For example, let's say port 2 is connected to the AP, so we set Tag on VLAN 101 and 201, and keep VLAN 1 as Untag and PVID 1. 
    You could use the same way to configure VLAN tag to OPNsense port.

    Hope it helps,
    Adam
  • BobETSmith
    BobETSmith Posts: 4
    Zyxel_Adam,
    That's useful to know about setting the "tag egress member" and keep the PVID as one.
    For non-VLAN aware devices, I set it to the VLAN ID and use Untag VLAN member?

    So I can only set one management IP on the XGS1250?
    I can still use the OPNsense IP as the upstream gateway address.
  • BobETSmith
    BobETSmith Posts: 4
    Answer ✓
    Update
    The information regarding tagging the port orange has helped greatly. Making it orange basically trunks that particular VLAN.

    I've update the diagram:


    The VLAN ID is tagged by the FW which is trunked by port 09 on the switch.
    This is passed to port 02 with all 3 VLANs.

    I will need to tag port 01 (VLAN 101) green as Server1 doesn't talk VLANs.



    Thanks for your help Zyxel_Adam
  • Zyxel_Adam
    Zyxel_Adam Posts: 332  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2022
    @BobETSmith,

    For non-VLAN aware devices, I set it to the VLAN ID and use Untag VLAN member?
    > Correct, but PVID need to be changed as well. 

    For example, as your Server1 IoT is a non-VLAN aware device, and it's on 192.168.101.x subnet, you could make VLAN 101 as Untag (Green) and PVID 101 on port 1. 

    [Optional] You could also set VLAN 1 as non-member on port 1 if you don't need to use it.
    Adam
  • Zyxel_Adam,
    That's useful to know about setting the "tag egress member" and keep the PVID as one.
    For non-VLAN aware devices, I set it to the VLAN ID and use Untag VLAN member?

    So I can only set one management IP on the XGS1250?
    I can still use the OPNsense IP as the upstream gateway address.
  • Zyxel_Adam
    Zyxel_Adam Posts: 332  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2022
    Hi @BobETSmith,

    Sorry, I did reply your message last week, but do not know why my message was eaten.

    For non-VLAN aware devices, I set it to the VLAN ID and use Untag VLAN member?
    > Yes, but you also need to configure PVID to 101 for your port 01 (to Server) as well.

    So I can only set one management IP on the XGS1250?
    > Yes, it only support to set only one management IP, so you could configure upstream gateway address on OPNsense.

    Hope it helps,
    Adam