USG40 Mac based VLAN

IWAT
IWAT Posts: 13  Freshman Member
First Comment
in Security

Hi,
Is it possible to create a mac based vlan just with an USG40?

I want to create MAC based VLAN in the Network to separate different users. For Example VLAN10 MAC based for UserGroup1, VLAN20 MAC based for UserGroup2 and VLAN100 not MAC based for every other user.
If a device connects to the network with a configured MAC in VLAN10 it should gets a IP in this range. If a MAC address is c onfigured in VLAN20 it should get an IP from this range too. If the MAC is not configured in any VLAN it should get a IP of VLAN100.
VLAN10 and VLAN20 could also be static non DHCP.

If this is possible, how can i configure it?

«1

All Replies

  • PeterUK
    PeterUK Posts: 3,503  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited February 2024

    You need a VLAN switch with the USG40

    When you set a VLAN on the USG40 it will be tagged I get your idea but USG40 currently does not do this plus it be untagged to every VLAN/LAN and is not secure

  • IWAT
    IWAT Posts: 13  Freshman Member
    First Comment

    Thanks Peter.

    Do you know if it is possible with a GS2200?

  • PeterUK
    PeterUK Posts: 3,503  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Yes the GS2200 models support VLAN setup with USG40

  • IWAT
    IWAT Posts: 13  Freshman Member
    First Comment

    Thank you for your answer.

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    Current platforms for our firewalls such as uOS, ZLD, and USG don't support MAC-based VLAN.
    You can achieve this scenario by GS2200. MAC-based VLAN is a basic feature for our switches.

  • IWAT
    IWAT Posts: 13  Freshman Member
    First Comment

    Hi James

    Do you have an manual or a config example for an Mac-based VLAN on GS2200?

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    edited March 2024

    @IWAT Please refer to GS2000 user guide page 355

    https://download.zyxel.com/GS2220-50HP/user_guide/GS2220-50HP_V4.80_Ed1.pdf

  • IWAT
    IWAT Posts: 13  Freshman Member
    First Comment

    Hi James
    Thanks for the Manuall, but i can't find "MAC Based VLAN" like it is described in it, see printscreens of my two Switches.
    Br Iwat

    GS2200.jpg
    XGS1930.jpg

  • PeterUK
    PeterUK Posts: 3,503  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 2024

    You can do VLAN without MAC Based VLAN.

    Setup a VLAN on USG40 connect a device to the switch you wish to go to that VLAN with PVID and untag on the given port then tag out the port to USG40

  • IWAT
    IWAT Posts: 13  Freshman Member
    First Comment

    Hi Peter
    But in this case it is still port based, every device which is connected to that switch is in the same VLAN?

    The use case of my question is that i want to seperate the devices(Parents, kids, technical, IoT, guests,…). But every mobile device(Mobilephones,Notebook) can connect on different Port in the house and there are also a few WIFI routers where they can connect.
    Therefore i thought i could do this with a MAC based VLAN, but might a VLAN is not a proper solution of this use case?

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)