Wireless Clients List in DHCP Table Using Mgmt Vlan Interface

jayd691
jayd691 Posts: 21  Freshman Member
Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula
in Security

I have a USG Flex 700, GS1920-24 HPv2, and a Mist AP-41 on my network. I have 5 Vlans with Mgmt Vlan being 1 and 10,20,40,50 as the others. Each Vlan has a corresponding SSID on the Access point.

My problem is when I connect any new wireless clients to the network, they always seem to connect under the Mgmt Interface on the firewall instead of the correct interface on the firewall corresponding to the Vlan on the switch and AP. I show 20-30 IP/MAC bindings on the interface for the mgmt instead of only 2 (switch/ap). I used to have it setup router-on-a-stick method but have enough ports that I set it up on individual ports instead for better throughput and control.

I do not have vlans setup on the firewall and have each port setup as a /24 for each of the 5 vlans. It all works ok, but it seems like it could be better if the non-mgmt clients would connect to the correct interface, it would be smoother.

What have a done wrong? Should I have used Vlans on the firewall and if so how?

Thank you,

Jay

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,627  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @jayd691 ,

    Please refer to the articles below for instructions on configuring VLANs on the USG Flex 700 and GS1920-24 HPv2.

    USG Flex 700:

    https://community.zyxel.com/en/discussion/19397/how-to-configure-a-vlan-interface-with-dhcp-server-in-on-premise-mode-firewall

    GS1920-24 HPv2:

    https://community.zyxel.com/en/discussion/19489/tutorial-of-switch-vlan-configuration-v4-80

    Judy

    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • jayd691
    jayd691 Posts: 21  Freshman Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula

    Thank you for the assistance Zyxel_Judy.

    I do know how to create the actual interface on the firewall and switch, but I am unsure of how to setup the firewall for the vlans.

    1. What do I use for the base port for the vlans?
      1. Do I create a network just for the firewall itself and then use that for the base port for all the vlans?
      2. Do I need to combine the multiple ports together LAG style and then use a separate network for each base port?

    These are my major issues with adding vlans on the firewall. Right now, I just use a /24 subnet as a port on the firewall which then I have connected to the corresponding vlans on the switch and the AP which is LAG to the switch router-on-a-stick style as there are only 2 ports on the AP.

  • PeterUK
    PeterUK Posts: 3,458  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited November 16

    I seem to not get how you have done this without VLANs so its down to your switch setup for the VLAN to then untag to a given port on Flex 700?

    So if port 24 was the AP and ports 1-5 to Flex 700 ports
    VLAN 1 ports 24 and 1 untag ports 24,1 PVID 1 ports 2-5 forbidden

    VLAN10 port 24 tag port 2 untag port 2 PVID 10 ports 1, 3-5 forbidden
    VLAN20 port 24 tag port 3 untag port 3 PVID 20 ports 1-2, 4-5 forbidden
    and so on?

  • jayd691
    jayd691 Posts: 21  Freshman Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula

    PeterUK,

    Yes, it is very close to that except I have the AP connecting via a trunk port to the switch allowing all 5 vlans. The ports to the Flex 700 from the switch are untagged for the respective vlans and all other ports on the vlan are allowed with the rest forbidden.

    I would like to set it up with vlans on the Flex 700, but I am trying to find out how to set up the ip addressing for the base ports.

    I would have VLAN 1,10,20,40,50 as vlans on the firewall, but am not sure what/if to use as ip addresses for the base ports on these 5 ports that will contain the vlans.

    Would I use say 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5 for the 5 base ports?

    Would I use no ip address on the base ports?

    If anyone could assist here in the proper setup, I would greatly appreciate it. I just purchased a Flex 500H and two Zyxel APs that I plan to use the Flex 500H as the controller for and will also need to configure that. I have been utilizing Zyxel Education and campus trying to figure this out, but I have not found what I am looking for to set this up correctly.

    I can set it up the same as the 700 is, but as I mentioned previously, I would like to get rid of the issue where new nodes are listed connecting to mgmt vlan interface instead of the correct vlan interface.

    Thank you.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)