Global Management VLAN / LAN
Freshman Member
Hello,
I have a USG 200H (1) + GS-1920HP (2) + WBE-630S (20).
In the USG 200's LAN configuration, I set a LAN (Lan_Management IP: 192.168.88.254/24 P4,P5) + Guest VLANs (172.xxx. VLAN 172) P4,P5 + LanDevice (10.10.x P6-P7-P8).
In the Nebula switch settings → I set 88 Management VLAN (Mgmt VLAN).
On port P25 of the switch, I set PVID 88. (And I can configure the switch. IP of Switch are 192.168.88.x)
Now I want all the IPs of the various APs to be on VLAN 88 (IP 192.168.88.x). Is this possible setting to all APs?
Accepted Solution
-
Hi @Alex_91,
Your current configuration for placing all APs in VLAN 88 is correct. Another method is to change the management interface on AP.
Additionally, in most network deployments, the topology and port assignments are pre-planned, so manually setting the PVID on the switch ports where APs are connected is the standard practice. As for your question about dynamically assigning PVID 88 to APs regardless of which port they are connected to: this is not typically required for access points, but if you would like this kind of automatic VLAN assignment, you can configure Vendor ID based VLAN under Site-wide > Configure > Switches > Switch settings in Nebula. This feature allows you to map a vendor’s MAC address OUI to a specific VLAN and priority. Please note that it requires a Nebula Plus/Pro Pack license.
For detailed instructions, please refer to the FAQ here:
Zyxel Tina
0
Master Member
All Replies
-
OK, I found a first solution:
I set PVID 88 where I connected the APs, but isn't there a way to dynamically assign PVID88 to the access points regardless of where they're connected?0 -
Hi @Alex_91,
Your current configuration for placing all APs in VLAN 88 is correct. Another method is to change the management interface on AP.
Additionally, in most network deployments, the topology and port assignments are pre-planned, so manually setting the PVID on the switch ports where APs are connected is the standard practice. As for your question about dynamically assigning PVID 88 to APs regardless of which port they are connected to: this is not typically required for access points, but if you would like this kind of automatic VLAN assignment, you can configure Vendor ID based VLAN under Site-wide > Configure > Switches > Switch settings in Nebula. This feature allows you to map a vendor’s MAC address OUI to a specific VLAN and priority. Please note that it requires a Nebula Plus/Pro Pack license.
For detailed instructions, please refer to the FAQ here:
Zyxel Tina
0 -
@Zyxel_Tina One more clarification.
I also tried setting the LAN IP directly on the respective Access Points.Site → Devices → Access point → AP1 … → LAN IP Change
However, I notice that if I set LAN IP of APs: Tag 88 -> the device correctly obtains the IP address of the management network (192.168.88.x)
However, if I have a SSID network with VLAN1, this network it doesn't work!PS: obviously on the same switch if I set a port in AccessMode VLAN1 the network works.
0 -
Hi @Alex_91,
In this case, we suggest reviewing your switch VLAN configuration, specifically:
- Check the switch port type - Ensure the port connected to your AP is configured as Trunk mode (not Access mode)
- Allowed VLANS - Configure the trunk port to allow all VLANs
For detailed instructions on how to set up VLAN configuration on Nebula Switch, please refer to this article.
Zyxel Tina
0 -
Hi @Zyxel_Tina ,
I tried setting the Access Points to untagged, assigning the PVID of the management VLAN to the switch port, and everything works correctly — both the connection to the AP (take correct IP) and the WiFi networks it provides.
However, if I set VLAN 88 as Tagged on the Access Points for management VLAN ID, the APs get the correct IP address, but when trying to connect to the WiFi network provided by the Access Point, the devices don’t receive any IP address.
0 -
Hi @Alex_91,
Thanks for the update. From your description, the issue seems related to the SSID VLAN mapping. Please check the following:
- What VLAN ID is configured for the AP’s SSID? If it is set to 28, the clients may not be able to obtain an IP address. This is because the switch will untag packets whose VLAN matches the port PVID.
- Alternatively, you may change the switch port’s PVID to an unused VLAN ID, for example, 2000. As a result, when packets pass through the switch to the AP, they will remain tagged, allowing clients to correctly receive IP addresses from the corresponding VLAN via the SSID.
If you have further questions, feel free to ask.
Zyxel Tina
0
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 196 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.3K Security
- 475 USG FLEX H Series
- 312 Security Ideas
- 1.6K Switch
- 82 Switch Ideas
- 1.3K Wireless
- 45 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 446 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
