ZyWALL ATP200 how to start with Vlan?

Username_is_reserved · May 2022

Here is my Network in a very simplified way:

Image: https://us.v-cdn.net/6029482/uploads/editor/yn/06lv2yie6ako.jpg

The ATP (will) have 2 Wan Connection one slow DSL and one fast but unreliable Cable.

There are multiple Switch in the System 2 Zyxel and a Handfull Managed and Unmanaged one. I use an Netget for example for PoE to power the AP and some IP Phones.
I intend to have atlest 4 Vlans for: Guest, IP Phone, Business, Home stuff. Currently everything run on the old USG without a VLan.
So how to make it easy to Switch "just" the Lan cable from the old to the new Router?

Zyxel_Kevin · May 2022

Hi @Username_is_reserved,
Greeting forum , this is my suggestion. I
For exapmle : vlan 10 AP,vlan 20 IP phone,vlan 30 home stuff,vlan 40 Client

1) All UPLINK of Switch using 802.1Q, and allow tag all vlan.
I am not sure what's your AP level/topology.Maybe It should using 802.1Q on switch port which connect to AP and tagging vlan10,30 .

Image: https://us.v-cdn.net/6029482/uploads/editor/jb/z8yfagrp7oe5.png

2) Setting the vlan on individual switch ports (vlan10 for AP,Vlan20 for IP Phone, etc.)
-In order to look clean, you may also make switch port 1-6 vlan10,7-12 vlan20,etc . But you have to sort out the cable.

3) Setting Vlan address on ATP200 ,(Assuming LAN2 Connect to internal switch)
-These are VLANS Gateway , All traffic between vlan will pass through the firewall .

Image: https://us.v-cdn.net/6029482/uploads/editor/1g/ul5j3z983tl6.png

Kevin

Username_is_reserved · May 2022

Zyxel_Kevin said:

Hi @Username_is_reserved,
Greeting forum , this is my suggestion. I
For example : vlan 10 AP,vlan 20 IP phone,vlan 30 home stuff,vlan 40 Client

1) All UPLINK of Switch using 802.1Q, and allow tag all vlan.
I am not sure what's your AP level/topology.Maybe It should using 802.1Q on switch port which connect to AP and tagging vlan10,30 .

2) Setting the vlan on individual switch ports (vlan10 for AP,Vlan20 for IP Phone, etc.)
-In order to look clean, you may also make switch port 1-6 vlan10,7-12 vlan20,etc . But you have to sort out the cable.
3) Setting Vlan address on ATP200 ,(Assuming LAN2 Connect to internal switch)
-These are VLANS Gateway , All traffic between vlan will pass through the firewall .

Kevin

Thanks for replay. The are WAC APs.
How to prevent that I cant access anything any more when I set a Vlan?

I guess I must do a VLan Trunk when I setup the Switch?

When the Switch in the Vlan 10 and the Guest connect to the Wifi AP the should get in there own Vlan (sry I got confused by my own Diagram) lets say Wifi Guest are Vlan 50...

For the Guest I should activate: Layer 2 Isolation to I guess?

Is there a good "How To" for the "Web Authentication"?
Thanks

Zyxel_Kevin · May 2022

Hi @Username_is_reserved,
How to prevent that I cant access anything any more when I set a Vlan?

-Kindly using Mgmt Port to set up Switch to prevent loss connection.please notice you must need downtime to do the vlan change.

I guess I must do a VLan Trunk when I setup the Switch?

-Yes, All uplink between switch must have 802.1Q .

When the Switch in the Vlan 10 and the Guest connect to the Wifi AP the should get in there own Vlan (sry I got confused by my own Diagram) lets say Wifi Guest are Vlan 50...

-The switch port which connect AP must have 802.1Q as well.

For the Guest I should activate: Layer 2 Isolation to I guess?

-Yes, Layer 2 isolation in AP.

Is there a good "How To" for the "Web Authentication"?

-Please Kindly find our hand book (Page 571~576),

https://download.zyxel.com/ATP200/handbook/ATP200_ZLD5.20_Handbook.pdf
Kevin

Thanks

Username_is_reserved · June 17

Sorry everyone its still me. Now I want start to change. I see some Device like an IP Phone should support adding an Vlan ID. Should I add the Vlan ID there to?

The confusing part is why the Vlan is part of the Zone/ Port?!

Thanks