NXC2500 - 2VLANs Configuration

Good evening to all,

first of all, all my apologizes for the informations I could forget to share, please do not hesitate to reply me if there are some more infos you need. And of course, thank you very much for your help!

I have a NXC2500 which is supposed to manage the wifi of my company. I have configured the controller, following some steps read on another user's question.
Here is my installation :



I would like to create 2 SSIDs with 2 different networks :
- 1st one (on the left on the image) is an internal network, with a DC/DNS/DHCP (192.168.100.x)
- 2nd one is an Internet Box completely separated from my internal network, also with a DNS & DHCP (192.168.2.x)
On my Aruba switch, VLAN1 is used by my 1st network, and a VLAN300 is configured for the WIFI network with this address : 172.16.1.3. On the port 5, VLAN1 is untagged and VLAN300 is tagged.
Does anybody can help me with the VLAN configuration on my ZYXEL ? Everything is ok with the basic SSID creation. I would like to use my SSID_A for my internal network, and my SSID_B for my Internet connection.
Thank you for any help you can bring, do not hesitate to ask for further information.
Have a great day all.

Best regards,

Karim

Accepted Solution

  • Zyxel_HsinBo
    Zyxel_HsinBo Posts: 220  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Since there are two VLAN1 DHCP server from different Network traffic passby the Aruba switch, to avoid unexpected traffic, please ensure the 2nd Network (On the right side) is configured with a unique VLAN tag.

    Settings configure on Controller:

    Create the VLAN interface of 2nd Network VLAN on the NXC2500, and pick Port 1 & Port 3 as the VLAN interface member.
    Add two new SSID profile that configure in AP group, one is with VLAN ID 300 for internal access, another is with the VLAN ID which you set up for 2nd Network to surf the Internet.

    Then ensure the VLAN tagging created for 2nd Network on the AP & NXC2500 connected-ports of the switch is correctly set up and configure firewall policy rule on your router for 1st Network (VLAN1 VLAN300 from Left side), deny the traffic to the Internet.
    Clients connect to different SSID will get corresponding VLAN interface IP address, and SSID1(VLAN 300) is used to access Intranet Network, only 2nd Network clients are able to surf the Internet.
    Thank you.

All Replies

  • Zyxel_HsinBo
    Zyxel_HsinBo Posts: 220  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Since there are two VLAN1 DHCP server from different Network traffic passby the Aruba switch, to avoid unexpected traffic, please ensure the 2nd Network (On the right side) is configured with a unique VLAN tag.

    Settings configure on Controller:

    Create the VLAN interface of 2nd Network VLAN on the NXC2500, and pick Port 1 & Port 3 as the VLAN interface member.
    Add two new SSID profile that configure in AP group, one is with VLAN ID 300 for internal access, another is with the VLAN ID which you set up for 2nd Network to surf the Internet.

    Then ensure the VLAN tagging created for 2nd Network on the AP & NXC2500 connected-ports of the switch is correctly set up and configure firewall policy rule on your router for 1st Network (VLAN1 VLAN300 from Left side), deny the traffic to the Internet.
    Clients connect to different SSID will get corresponding VLAN interface IP address, and SSID1(VLAN 300) is used to access Intranet Network, only 2nd Network clients are able to surf the Internet.
    Thank you.