Wireless clients do not get a DHCP address unless I set the SSID to vlan 1?

Options
jef
jef Posts: 87  Ally Member
First Comment Second Anniversary
edited June 17 in USG FLEX H Series
I have VLan id 12 setup for wifi across 2 PoE switches.
Everything seems to be working fine. BUT.

If I configure the "SSID" to vlan "12", which is where I think it should be.
Then my wifi clients "time out" waiting for an IP Address.

Yet, if I set the "SSID" to vlan 1, then wife clients get a dhcp address from the vlan 12 vlan?







Comments

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,317  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @jef ,

    Could you please provide a screenshot of:

    • The VLAN configuration for the switch ports connected to the USG FLEX 700H and the access point?
    • The access point’s Management VLAN configuration.

    Zyxel_Judy

  • jef
    jef Posts: 87  Ally Member
    First Comment Second Anniversary
    edited June 19

    The switches are configured for VLAN 802.1Q.
    VLAN 12, with PVID to 12 on Access ports. This is where AP are connected (ports 9-24)
    SFP Port(s) are "Tagged" and one is connected to 700H. (ports 26,28 are uplinks, 28 to 700H).

    The AP(s) themselves always pickup a correct vlan12 IP DHCP address when attached to the PoE.
    Yet any wireless client attaching to those AP's, will fail to get a DHCP if I have the SSID VLAN ID = 12.
    DHCP of a VLAN 12 address will connect if SSID VLAN ID = 1.

    I hope I am providing what you asked.

    v12-PoE.png AP-Ip.png AP--Info.png


    Sorry, I don't have diagram software with pretty pictures..

    SimpleFlow.png
  • jef
    jef Posts: 87  Ally Member
    First Comment Second Anniversary
  • jef
    jef Posts: 87  Ally Member
    First Comment Second Anniversary


    Using the CLI I pulled a wifi station. I'd like to know why the 700H is doing this?
    I put ←— comments on the problem 2 lines.

    Screenshot_2025-06-20_17-13-07.png
  • Zyxel_Judy
    Zyxel_Judy Posts: 2,317  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @jef ,

    According to our specifications, the AP’s default behavior is to use VLAN 1 as the management VLAN, with untagged traffic. We found that your AP's Force Overwrite VLAN Setting is disabled, so your AP's management VLAN follows our default behavior. Therefore, if the switch port connected to the AP is configured with PVID 12 and set to untagged, the AP will treat VLAN 12 as its native VLAN and is expected to obtain an IP address from that VLAN.


    Similarly, clients connecting to an SSID configured with VLAN ID 1 will have their traffic sent untagged by the AP. Since the switch port assigns untagged traffic to VLAN 12, these clients will also receive IP addresses from VLAN 12.

    Zyxel_Judy

  • jef
    jef Posts: 87  Ally Member
    First Comment Second Anniversary
    edited June 24

    I think I follow.. maybe.

    Are you saying that if I enable the feature: "Force Overwrite vLAN setting", and input "12".
    Then the AP would continue to pickup a vlan 12 address dhcp.
    AND ssid clients would also pickup DHCP addresses from the 12 vlan pool.

    I configured a vlan 12 on the zywall.
    Uplinked the zywall to a tagged port switch.
    Connected the AP to a vlan12 port (untagged) and the AP correctly connects with DHCP VLAN 12.
    Set the VLAN to 12 in the SSID.
    That the SSID wont work correctly because the SSID requires the configuration of the AP have the "Force Overwrite of VLAN" set to 12?

    If I set the SSID to VLAN 12.
    Set the AP Overwrite to VLAN 12.
    Leave the Switch Uplink to Tagged.
    All APs get plugged into an untagged VLAN 12.
    Then both the AP and the WiFi clients would correctly get DHCP from the zywall vlan 12 pool?

    I applied the above logic.
    "Force Overwrite VLAN setting" "Management VLAN ID: " in my case to 12.
    This and setting the SSID VLAN to 12.
    This seemingly allowed both the Station WIFI clients AND the AP to pickup DHCP from the correct VLAN.

    Screenshot_2025-06-23_23-44-35.png

    I still have a question
    Above is stated: "if the switch port connected to the AP is configured with PVID 12 and set to untagged…."
    Where is the Yellow "UPLINK" port PVID setting?
    Group AP Settings you can only control the "LAN" ports, I am not using those.

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,317  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @jef

    We're pleased to hear that after reconfiguration, your APs and wireless clients are now picking up DHCP from the correct VLAN.

    I still have a question

    Above is stated: "if the switch port connected to the AP is configured with PVID 12 and set to untagged…."

    Where is the Yellow "UPLINK" port PVID setting?

    Group AP Settings you can only control the "LAN" ports, I am not using those.

    Regarding your question about the "Yellow UPLINK port PVID setting," could you please clarify what you're asking or provide the screenshot? If you're looking for a way to configure Management VLAN for AP Group Settings, this function is not currently available but will be released in future official firmware.

    Zyxel_Judy

  • jef
    jef Posts: 87  Ally Member
    First Comment Second Anniversary

    I am good.
    I miss understood the below PVID comment, thinking there was an Uplink overwrite somewhere in AP Setting I was missing. It was the only place I recalled where "PVID" was a choice.

    pvid.png PVID-Lan.png

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)