NWA210AX | Capative Portal not working with L2 Isolation
Hi,
I’m using Nebula managed NWA210AX together with XMG1950-10E Switches and an OPNsense Firewall.
I want to host an open WiFi-Hotspot with Nebula Authentication and L2 Isolation. My problem is, that the capative portal is not working anymore when L2 Isolation is activated.
MAC-Adresses of the Guestnetwork Interface and the Gateway are whitelisted in nebula.
If I deactivate the Authentication every works fine. If I activate it, clients cannot connect to Internet and Capative Portal doesn’t show up.
HTTPs is not allowed till authentication.
Accepted Solution
-
Hi @Kilian,
We have confirmed the issue is that L2 isolation doesn't allow client traffic when using the "Enhanced-open" security option.
The issue you're experiencing will be addressed in the upcoming firmware update. Please stay tuned for further announcements regarding enhancements and fixes.
Zyxel Melen0
Zyxel Employee
All Replies
-
Hi @Kilian,
I did a quick test in my lab and the capative portal shows up when enabling L2 Isolation. Could you enable Zyxel support and PM me your org/site name for me to check? Thanks in advance.
Zyxel Melen0 -
Hi @Kilian,
The captive portal shows up after the client can resolve DNS. Please check your OPNsense firewall's policy rule if it allows this VLAN traffic. I used the configuration below and my clients can automatically pop out the captive portal page. And if my OPNsense firewall doesn't allow VLAN 2 traffic, the captive portal won't show up after connecting this SSID.
Hope it helps.
Zyxel Melen0 -
Hi Melen,
I double checked my Opnsense configs and everything seems to be fine.
Until I activate both, L2 Isolation and authentication via captive portal, I can see traffic in the live logs between client, firewall interfaces and internet. If I activate both features there is no traffic anymore.
That means:
SSID BSKS-Hotspot with activated L2 Isolation and deactivated captive portal → works.
SSID BSKS-Hotspot with deactivated L2 Isolation and activated captive portal → works.
SSID BSKS-Hotspot with activated L2 Isolation and activated captive portal → doesn't work.
Thx and best regards,
Kilian
0 -
Hi @Kilian,
So "SSID BSKS-Hotspot with deactivated L2 Isolation and activated captive portal → works." means the captive portal shows up, right?
To investigate deeper, could you allow me to access your firewall to check your firewall's configuration first? I will send you my public IP in the private message. Thanks in advance.
Zyxel Melen0 -
Hi Melen,
right, that means, that the portal shows up. I can give you access to my firewall but only via teamviewer.
FYI: I do not use VLANs on my opnsense. VLANs only configured on my switches and these are connected to phisycal interfaces on the opnsense.
0 -
Hi @Kilian,
We have confirmed the issue is that L2 isolation doesn't allow client traffic when using the "Enhanced-open" security option.
The issue you're experiencing will be addressed in the upcoming firmware update. Please stay tuned for further announcements regarding enhancements and fixes.
Zyxel Melen0 -
Hi @Zyxel_Melen,
After your firmware update I can confirm, that everything is working now.
Thanks for the great support!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
