USG40 Mac based VLAN

Options
IWAT
IWAT Posts: 11
First Comment
in Security

Hi,
Is it possible to create a mac based vlan just with an USG40?

I want to create MAC based VLAN in the Network to separate different users. For Example VLAN10 MAC based for UserGroup1, VLAN20 MAC based for UserGroup2 and VLAN100 not MAC based for every other user.
If a device connects to the network with a configured MAC in VLAN10 it should gets a IP in this range. If a MAC address is c onfigured in VLAN20 it should get an IP from this range too. If the MAC is not configured in any VLAN it should get a IP of VLAN100.
VLAN10 and VLAN20 could also be static non DHCP.

If this is possible, how can i configure it?

«1

All Replies

  • PeterUK
    PeterUK Posts: 2,810  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 6
    Options

    You need a VLAN switch with the USG40

    When you set a VLAN on the USG40 it will be tagged I get your idea but USG40 currently does not do this plus it be untagged to every VLAN/LAN and is not secure

  • IWAT
    IWAT Posts: 11
    First Comment
    Options

    Thanks Peter.

    Do you know if it is possible with a GS2200?

  • PeterUK
    PeterUK Posts: 2,810  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Yes the GS2200 models support VLAN setup with USG40

  • IWAT
    IWAT Posts: 11
    First Comment
    Options

    Thank you for your answer.

  • Zyxel_James
    Zyxel_James Posts: 624  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Current platforms for our firewalls such as uOS, ZLD, and USG don't support MAC-based VLAN.
    You can achieve this scenario by GS2200. MAC-based VLAN is a basic feature for our switches.

  • IWAT
    IWAT Posts: 11
    First Comment
    Options

    Hi James

    Do you have an manual or a config example for an Mac-based VLAN on GS2200?

  • Zyxel_James
    Zyxel_James Posts: 624  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 15
    Options

    @IWAT Please refer to GS2000 user guide page 355

    https://download.zyxel.com/GS2220-50HP/user_guide/GS2220-50HP_V4.80_Ed1.pdf

  • IWAT
    IWAT Posts: 11
    First Comment
    Options

    Hi James
    Thanks for the Manuall, but i can't find "MAC Based VLAN" like it is described in it, see printscreens of my two Switches.
    Br Iwat

    GS2200.jpg
    XGS1930.jpg

  • PeterUK
    PeterUK Posts: 2,810  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 25
    Options

    You can do VLAN without MAC Based VLAN.

    Setup a VLAN on USG40 connect a device to the switch you wish to go to that VLAN with PVID and untag on the given port then tag out the port to USG40

  • IWAT
    IWAT Posts: 11
    First Comment
    Options

    Hi Peter
    But in this case it is still port based, every device which is connected to that switch is in the same VLAN?

    The use case of my question is that i want to seperate the devices(Parents, kids, technical, IoT, guests,…). But every mobile device(Mobilephones,Notebook) can connect on different Port in the house and there are also a few WIFI routers where they can connect.
    Therefore i thought i could do this with a MAC based VLAN, but might a VLAN is not a proper solution of this use case?

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)