Reconfiguring NXCS2500 and USG60 after USG60 reset

Hi all,

I'm pretty new to Zyxel products so I might miss some important information, hope you will excuse myself (and my english). 
Here is my question : one of our customer had the following setup, which was installed by another company.



The thing is that our customer stopped working with that company due to some conflicts and that company refused to give them their credentials. I've been asked to add some filtering rules on their USG60... but without credentials, and without backups I had no choice to reset it as advised by Zyxel support. So now I have plain access to the USG60 and manage to make the WAN port working properly. But I'm confused with the P1 Ethernet LAN port. On the initial setup it was very strange for me to see that this port seemed to have 2 IP adresses : one was 192.168.189.254 with I think a DHCP server delivering adresses in 192.168.189.xxx (I got this information by plugging my computer directly on the USG60 P1 port before resetting it). And in the mean time, this port seemed to work on 192.168.0.254 (because it was our default gateway and was pingable).

I managed to recreate the same DHCP server on the USG60 P1 as well as giving a virtual interface 192.168.0.254 which works when directly connected to the USG60 P1 port. But when I plug the cable from USG P1 to the Zyxel switch P8 port, the 192.168.0.254 adress is not reachable from my main etwork and I noticed that the access points do not work anymore (My initial SSIDs are not showing UP, only a "ZYXEL" SSID was visible).

So I had to find a temporary solution as follows in order to allow cable connected users to access internet :



In this temporary solution my access points are no more connected to my network.

So I need some help to find out how to reconfigure the whole thing knowing I have to create 2 SSID (one public and one private) and I need to store connections logs on the Zyxel NSA-LOG (no credentials...). The main idea is to give only internet access to users connected to the public SSID, whereas other users should be able to access private network ressources (printers, internet...).

I guess there might be some quick setup tools or ressources to reconfigure the whole thing but I don't know where and what to look for.

So, could you give me some help or point me to some usefull ressources ?
«1

All Replies

  • AlfonsoAlfonso Member Posts: 255  Master Member
    edited November 22, 2018 11:45PM
    Hi @NoCoZ

    Temporary solution: The access points are isolated because there is no a cable from Zyxel POE switch to Netgear switch. 

    Plug an ethernet cable to connect both switches.

    Regards

      
    NoCoZ
  • Zyxel_JoslynZyxel_Joslyn Zyxel Official Agent Posts: 178  mod
    Hi @NoCoZ,

    Answer the configuration first.
    1. How to create SSID profile? (Please fill in the information base on your environment.)
    a. Go to CONFIGURATION > Object > AP Profile > SSID > SSID List, and click Add to create SSID profile. (If you need a security profile, go to CONFIGURATION > Object > AP Profile > SSID > Security List. And create a security file for the SSID that you need.)

    b. Go to CONFIGURATION > Wireless > AP Management > AP Group, click Edit for default group.
    In Radio 1 and Radio 2, set the SSID profiles. Click OK to apply the configuration


    2. NAS log. 
    If what you need is collecting the logs on NXC, please go to CONFIGURATION > Log  & Report > Log settings > Remote Server 1. Click edit, and fill in the NAS information and choose the log category that you need.


    3. Private and Public internet access
    I think this should be configured on USG60 which is based on the IP address group. Please go to CONFIGURATION > Security Policy > Policy Control > Policy, and configure the rules as you need. Remember to enable it.


    Here is my question about your topology.
    1. And in the mean time, this port seemed to work on 192.168.0.254 (because it was our default gateway and was pingable
    ---How did you know 192.168.0.254 work fine? Did your ping this IP address when your PC connected to P1?
    2. Any vlan setting on Netgear switch and ZYXEL switch?
    3. All the IP addresses will be received from the Windows DHCP server or some will from USG60?
    Thanks.

    Joslyn
    NoCoZ
  • NoCoZNoCoZ Member Posts: 6
    edited November 26, 2018 3:08PM
    Zyxel_Joslyn , thank you for such a complete reply. 
    1 : yes I did ping from a PC connected to P1 and I was surprised so get 192.168.0.254 to respond whereas I was given an IP adresse from a different subnet (192.168.189.xxx).
    2 : no idea about vlans, I had absolutely no credentials given by the customer
    3 : I found the USG60 had its own dhcp server, I forgot to test if it was used for the wireless network or just for management purposes. 

    As long I have no credentials regarding the NXC2500 ans the NSA LOG, I guess I need to reset them ? I have never been working on the NXC2500 and on the NSA LOG. is there a specific configuration I should make on the NXC2500 ?

    Thank you so much !
  • Zyxel_JoslynZyxel_Joslyn Zyxel Official Agent Posts: 178  mod
    Hi @NoCoZ

    Could you let me know if you added the SSID profile successfully after my suggestion?
    Thanks.

    Joslyn
    NoCoZ
  • I should be able to access the USG60 this afternoon. As soon as I can make the changes I'll inform you.
  • NoCoZNoCoZ Member Posts: 6
    Hi @NoCoZ

    Could you let me know if you added the SSID profile successfully after my suggestion?
    Thanks.

    Joslyn
    Hello,

    Sorry for such a late answer.
    Here is what I manage to have on the screen when connected to the USG60 :
    As you can see I created 2 Wireless profiles ("interne" and "public"). But the thing is that I am still in my "temporary network setup" (so the APs and the NCS2500 are not connected to the USG 60, so the information is not given to the AP).

    Here is what I have in the wireless configuration tool :

    The APS are visible (probably because they were detected when connected using the initial topology).
    And here is what I can see in the controler tab :


    I am very lost in trying to understand the whole thing. I would like to go back the initial topology. I guess ther is something to do with vlan or IP adressing. My actual configuration is as follows. As I said before, I created a virtual interface on port 1 to get it working with the rest of the LAN, but I am not sure this was the real way things were configured previously....


    And finally. I made an IPscan on the 192.168.0.x subnet and my Zyxel NAS doesn't seem to be there ...

    Thanks for your help !
  • Zyxel_JoslynZyxel_Joslyn Zyxel Official Agent Posts: 178  mod
    Hi @NoCoZ

    I still cannot realize the real topology and scenario that the customer has.
    Please provide me the lastgood configuration of NXC2500 and USG60. I will try to understand the whole topology. Also, if you can provide the vlan configuration of Zyxel and Netgear switch, it will be better.
    Thanks for your help.

    Joslyn
    NoCoZ
  • NoCoZNoCoZ Member Posts: 6
    Hi @Zyxel_Joslyn,

    Unfortunately, I have not backup of the configuration. The topology should be the first one described in my first post.

  • Zyxel_JoslynZyxel_Joslyn Zyxel Official Agent Posts: 178  mod
    Hi,

    Actually, we cannot realize the customer's scenario if only having the customer's topology...there is no VLAN setting and no scenario that can be reference.
    Could you let us know if there is any usage on the Netgear switch? If it is only used to connect DHCP server and Zyxel NAS, we suggest to remove it, and we will help to plan another topology for it.
    Connect the NAS log to the Zyxel switch, and USG will be the DHCP server of the NXC, AP and NAS log server. 
    Thanks.

    Joslyn
  • NoCoZNoCoZ Member Posts: 6
    Hi, 
    I finally managed to make the whole thing working again. Just had to reset both zyxel switch and zyxel AP controller.

    I still can't manage to make the Zyxel NAS326 working (didn't manage to reset it, can't see it when doing a ping scan), So i'll configure logs backups later.

    Another point is I need to isolate my guest wifi from my network because when connected to my "pubic" SSID I still managed to connect to my server (but I thought this guest WiFi network would only give me access to Internet). Could you point me to some ressource i can read about isolating guest WiFi users ?

    Thank you very much for all the precious help you gave me !
Sign In to comment.