[USG20W-VPN] VPN error while assigning a profile to local AP

Options
Chris10
Chris10 Posts: 4 image  Freshman Member
First Comment Friend Collector First Anniversary
in Security

Hello,

I'm getting the below error when I'm assigning a profile to the local-ap with:

ap-group-member [ap_group_profile] member local-ap

wifi_error.PNG

Knowing that I have also the following configuration:

wlan-ssid-profile [ssid_profile]

>{…}

>outgoing-interface lan1

***

sslvpn policy Main_SSL_VPN

>{…}

>network-extension network LAN1_SUBNET

>network-extension network DMZ_SUBNET

If I remove "network-extension network LAN1_SUBNET", the error is not popping out anymore.

I don't see an immediate link between an AP profile and a VPN network extension that could explain such an error. Also, I had previously this configuration working on a USG40W.

Could you help me figure it out ?

Happy to give you more details if needed.

Thanks,

Chris

Best Answers

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,629 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @Chris10,

    Thanks for the information. Since USG20W-VPN doesn't support the AP controller function, you won't see the controller option, and cannot apply this configuration.Below table is from USG20W-VPN user's guide:

    image.png

    For manage your Zyxel APs, please consider upgrade the firewall models to which support AP controller functions, like USG FLEX 100 or above. Or, you can use Nebula control center for centrolized management.

    Zyxel Melen


  • Zyxel_Melen
    Zyxel_Melen Posts: 4,629 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @Chris10,

    Apologize for the delayed reply. Let me answer the second question first.

    Please enter the command show capwap ap all to find the default SSID profile. Then use the commands below to disable the default SSID. P.S. You might need to disable more than one slot.

    #Configure terminal

    (config)#Capwap ap local-ap

    (AP local-ap)#no <slot x> ssid-profile 1

    You can also edit the default SSID to have 2 different SSID that each using different outgoing interfaces.

    Please check the CLI reference guide USG20-VPN_V5.37.pdf Chapter 9 Wireless LAN profiles > SSID profile commands(page 89) for more details.

    By the way, you may also use web GUI to edit. The path is Wireless > Built-in AP > General >Add/Edit SSID.

    Hope it helps.

    Zyxel Melen


All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,629 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @Chris10,

    May I know how did you change the settings? By command line or by web GUI?

    Zyxel Melen


  • Chris10
    Chris10 Posts: 4 image  Freshman Member
    First Comment Friend Collector First Anniversary

    Hello @Zyxel_Melen ,

    By command line.

    The GUI changed, and I'm not able to set AP profiles/AP groups anymore through the GUI (I only have "Built-in AP" menu).

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,629 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @Chris10,

    Thanks for the information. Since USG20W-VPN doesn't support the AP controller function, you won't see the controller option, and cannot apply this configuration.Below table is from USG20W-VPN user's guide:

    image.png

    For manage your Zyxel APs, please consider upgrade the firewall models to which support AP controller functions, like USG FLEX 100 or above. Or, you can use Nebula control center for centrolized management.

    Zyxel Melen


  • Chris10
    Chris10 Posts: 4 image  Freshman Member
    First Comment Friend Collector First Anniversary

    Hi @Zyxel_Melen ,

    Thanks for the information.

    What would be an equivalent basic configuration with 2 SSID (and 2 different outgoing-interface for those) for this model ?

    Is it possible to completely disable built-in AP by command line ?

    • Somehting like this :

    ap-group-profile Disabled-WLAN

    slot1 ap-profile default

    slot1 output-power 0dBm

    ap-group-profile Enabled-WLAN

    slot1 ap-profile default

    slot1 output-power 30dBm

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,629 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @Chris10,

    Apologize for the delayed reply. Let me answer the second question first.

    Please enter the command show capwap ap all to find the default SSID profile. Then use the commands below to disable the default SSID. P.S. You might need to disable more than one slot.

    #Configure terminal

    (config)#Capwap ap local-ap

    (AP local-ap)#no <slot x> ssid-profile 1

    You can also edit the default SSID to have 2 different SSID that each using different outgoing interfaces.

    Please check the CLI reference guide USG20-VPN_V5.37.pdf Chapter 9 Wireless LAN profiles > SSID profile commands(page 89) for more details.

    By the way, you may also use web GUI to edit. The path is Wireless > Built-in AP > General >Add/Edit SSID.

    Hope it helps.

    Zyxel Melen


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)