NWA210AX | Capative Portal not working with L2 Isolation
Hi,
I’m using Nebula managed NWA210AX together with XMG1950-10E Switches and an OPNsense Firewall.
I want to host an open WiFi-Hotspot with Nebula Authentication and L2 Isolation. My problem is, that the capative portal is not working anymore when L2 Isolation is activated.
MAC-Adresses of the Guestnetwork Interface and the Gateway are whitelisted in nebula.
If I deactivate the Authentication every works fine. If I activate it, clients cannot connect to Internet and Capative Portal doesn’t show up.
HTTPs is not allowed till authentication.
Accepted Solution
-
Hi @Kilian,
We have confirmed the issue is that L2 isolation doesn't allow client traffic when using the "Enhanced-open" security option.
The issue you're experiencing will be addressed in the upcoming firmware update. Please stay tuned for further announcements regarding enhancements and fixes.
Zyxel Melen
Don't miss this great chance to upgrade your Nebula org. for free!
0
Zyxel Employee
All Replies
-
Hi @Kilian,
I did a quick test in my lab and the capative portal shows up when enabling L2 Isolation. Could you enable Zyxel support and PM me your org/site name for me to check? Thanks in advance.
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0 -
Hi @Kilian,
The captive portal shows up after the client can resolve DNS. Please check your OPNsense firewall's policy rule if it allows this VLAN traffic. I used the configuration below and my clients can automatically pop out the captive portal page. And if my OPNsense firewall doesn't allow VLAN 2 traffic, the captive portal won't show up after connecting this SSID.
Hope it helps.
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0 -
Hi Melen,
I double checked my Opnsense configs and everything seems to be fine.
Until I activate both, L2 Isolation and authentication via captive portal, I can see traffic in the live logs between client, firewall interfaces and internet. If I activate both features there is no traffic anymore.
That means:
SSID BSKS-Hotspot with activated L2 Isolation and deactivated captive portal → works.
SSID BSKS-Hotspot with deactivated L2 Isolation and activated captive portal → works.
SSID BSKS-Hotspot with activated L2 Isolation and activated captive portal → doesn't work.
Thx and best regards,
Kilian
0 -
Hi @Kilian,
So "SSID BSKS-Hotspot with deactivated L2 Isolation and activated captive portal → works." means the captive portal shows up, right?
To investigate deeper, could you allow me to access your firewall to check your firewall's configuration first? I will send you my public IP in the private message. Thanks in advance.
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0 -
Hi Melen,
right, that means, that the portal shows up. I can give you access to my firewall but only via teamviewer.
FYI: I do not use VLANs on my opnsense. VLANs only configured on my switches and these are connected to phisycal interfaces on the opnsense.
0 -
Hi @Kilian,
We have confirmed the issue is that L2 isolation doesn't allow client traffic when using the "Enhanced-open" security option.
The issue you're experiencing will be addressed in the upcoming firmware update. Please stay tuned for further announcements regarding enhancements and fixes.
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0 -
Hi @Zyxel_Melen,
After your firmware update I can confirm, that everything is working now.
Thanks for the great support!
0
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 132 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.5K Security
- 186 USG FLEX H Series
- 261 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.2K Consumer Product
- 237 Service & License
- 375 News and Release
- 80 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 80 About Community
- 69 Security Highlight
