Need Help Setting Up Multiple VLANs - GS1920
Freshman Member
Hi all,
I am requesting help from the community to setup multiple VLANs in my house. I have various APs each with multiple SSIDs tied to a specific VLAN ID.
As a test and when I enable the VLAN ID 99 on the Router, I am unable to get a DHCP when connecting to the SSID.
My goal is to segment the VLAN (9,11,12,99) based on the SSID. VLAN 1 is the default for hardwired devices.
Appreciate your help and time in advance - Thanks!
Setup:
FIOS → Fortigate 60F → Firewalla (Transparent Bridge) → GS1920 → Various AP, Switches, End Devices
|
|
|
| VLAN |
|
|
|
|
|---|---|---|---|---|---|---|---|---|
Endpoint | PORT | PVID | Trunk | 1 | 9 | 11 | 12 | 99 |
AP (Multiple SSIDs) | 1 | 1 | Y | Fixed, No tag | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged |
AP (Multiple SSIDs) | 2 | 1 | Y | Fixed, No tag | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged |
AP (Multiple SSIDs) | 3 | 1 | Y | Fixed, No tag | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged |
Ethernet Hub | 4 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
AP (Multiple SSIDs) | 5 | 1 | Y | Fixed, No tag | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged |
Unused | 6 | 1 |
| Fixed, No tag | Normal, No Tag | Normal, No Tag | Normal, No Tag | Normal, No Tag |
Ethernet Hub to Devices | 7 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Ethernet Hub to Devices | 8 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 9 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 10 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 11 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 12 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 13 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 14 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 15 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 16 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 17 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 18 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 19 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 20 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 21 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Device | 22 | 1 |
| Fixed, No tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag | Forbidden, No Tag |
Router (SSIDs configured with VLAN 9,11,12,99) | 23 | 1 | Y | Fixed, No tag | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged | Fixed, Tagged |
Unused | 24 | 1 |
| Fixed, No tag | Normal, No Tag | Normal, No Tag | Normal, No Tag | Normal, No Tag |
Ethernet Hub connected to AP(Multiple SSIDs) and Devices | 25 | 1 | Y | Fixed, No tag | Fixed, No tag | Fixed, No tag | Fixed, No tag | Fixed, No tag |
Unused | 26 | 1 |
| Fixed, No tag | Fixed, No tag | Fixed, No tag | Fixed, No tag | Fixed, No tag |
Unused | 27 | 1 |
| Fixed, No tag | Normal, No Tag | Normal, No Tag | Normal, No Tag | Normal, No Tag |
Unused | 28 | 1 |
| Fixed, No tag | Normal, No Tag | Normal, No Tag | Normal, No Tag | Normal, No Tag |
All Replies
-
What AP you have?
Firewalla would need to have the VLAN's setup for Transparent Bridge along with the VLAN's on Fortigate per subnet.
You should test without the Firewalla to rule out problems.
So really its just a case of make a VLAN set fixed port both from Fortigate and to AP both as tag.
I'm not sure about Firewalla Transparent Bridge support vs how Zyxel bridge is I do have one of them Firewalla but back when I tried it its Bridge support was not that good.
on Zyxel Bridge with a WAN side and LAN side you can't have like VLAN99 go through it from what I can tell so like you have to do like VLAN98 WAN side and VLAN99 LAN then Bridge them not sure if Firewalla is the same or it can VLAN through WAN to LAN side as VLAN99
0 -
Thanks for the feedback.
I have Fortinet APs along with Fortigate Router. They seem to work nice together :)
The Firewalla is in Transparent bridge mode and is a VLAN aware device. It is able to see traffic on VLAN1. I have only configured VLAN 99 interface on it (as a test) and it has NOT yet picked up any devices. I suspect there is a misconfiguration in my VLAN setup.
My goal is to have VLAN99 (along with 1,9,11,12) accessible from any APs on ports 1,2,3,5,25. As the unit sits between the router and the GS1920, it should be able to pickup any VLAN and devices on the network.
0 -
You seem to of lost me you say "I have Fortinet APs along with Fortigate Router. They seem to work nice together :)" then you have added Firewalla and a GS1920 switch but you seem to not be testing without Firewalla.
0 -
Hi @phugo,
Based on the configuration you shared, the VLAN settings on the GS1920 appear to be correct.
To assist you more accurately, could you please confirm whether the DHCP server for VLAN 99 is running on your FortiGate 60F?
If yes, recommend performing the following test:
- Temporarily bypass the Firewalla device.
- Reconnect to the SSID mapped to VLAN 99 and verify whether the client can successfully obtain a DHCP IP address.
- Please also ensure that the FortiGate 60F interface is passing VLAN 99 as tagged on the uplink toward the switch.
If the issue still persists even after removing Firewalla, it is necessary to further verify the FortiGate configuration as well.
Additionally, to help us double-check the GS1920 settings, could you please provide the Tech Support Info file from the switch?
Thank you for your cooperation! Kindly share the test results, and we’ll be happy to assist further.
Zyxel Tina
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 202 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.3K Security
- 515 USG FLEX H Series
- 328 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.9K Consumer Product
- 288 Service & License
- 459 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 85 About Community
- 97 Security Highlight
