How to Set WiFi Multiple SSID for Office Environment (when NXC is DHCP Server)

Zyxel_PandaZyxel_Panda Zyxel Official Agent Posts: 37  mod
edited September 16, 2019 3:32PM in FAQ
  • When NXC is DHCP Server for VLAN10 and VLAN20

The example instructs how to configure VLANs and set different VLANs for different SSIDs in NXC when NXC is DHCP server for VLANs. The USG does not need to do any other settings when there are different VLANs add to the environment since NXC is a DHCP server for VLANs. In this example, we configure interfaces, set VLANs, create security and SSID profiles, and then configure AP profiles for managed APs.

https://us.v-cdn.net/6029482/uploads/102/ESU16CWZX9V4.png There was an error displaying this embed.

Figure. Set different VLANs for different SSIDs when NXC is DHCP server


Note:

All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG20v2 (Firmware Version: V4.15), NXC5500 (Firmware Version: 5.30), GS2210-8HP (Firmware Version: V4.30).

1.1 Configure Interface ge1 to Go to Internet

1     Connect ge1 (P1) to USG LAN port. In USG, LAN ports are DHCP server and all APs get IP from LAN.

2     In the NXC, go to CONFIGURATION > Network > Interface > VLAN to set USG’s LAN IP as the gateway. Double click vlan0 to edit IP Address Assignment section. Click OK.

https://us.v-cdn.net/6029482/uploads/419/5SM1LA4UXUW0.png There was an error displaying this embed.


1.2 Configure VLAN

1     Connect Switch to NXC ge2, and connect all APs to the switch.

2     In the NXC, go to CONFIGURATION > Network > Interface > VLAN, Click Add to create a new VLAN.

https://us.v-cdn.net/6029482/uploads/157/5DYPJTDASOGS.png There was an error displaying this embed.


3     In General Settings, check Enable.

In Interface Properties, key in Interface Name: vlan10; VID: 10

In Member Configuration, set ge2 to be a Member and Tx Tagging.

In IP Address Assignment, Use Fixed IP Address and key in IP Address, Subnet Mask, and Gateway.

In DHCP Setting, select DHCP server and key in IP Pool Start Address and Pool Size. First DNS server select to Customer Defined 8.8.8.8. The users on VLAN 10 get IP from this DHCP server. Click OK.

https://us.v-cdn.net/6029482/uploads/219/TYI2ZK71B35G.png There was an error displaying this embed.


4     Click Add to create VLAN20 in CONFIGURATION > Network > Interface > VLAN.

https://us.v-cdn.net/6029482/uploads/956/J5NLXGKT6PH5.png There was an error displaying this embed.


5     In General Settings, check Enable.

In Interface Properties, key in Interface Name: vlan20; VID: 20

In Member Configuration, set ge2 are Member and Tx Tagging.

In IP Address Assignment, Use Fixed IP Address and key in IP Address, Subnet Mask, and Gateway.

In DHCP Setting, select DHCP server and key in IP Pool Start Address and Pool Size. First DNS server select to Customer Defined 8.8.8.8. The users on VLAN 20 get IP from this DHCP server. Click OK.

https://us.v-cdn.net/6029482/uploads/255/F47EPVXMBS61.png There was an error displaying this embed.


1.3 Set Policy Route

1     Set Policy Route in CONFIGURATION > Network > Routing > Policy Route to create new routing rule. Click Show Advanced Settings.

In Configuration, check Enable.

In Criteria, select Incoming as Interface and Please select one member is vlan10.

In Next-Hop, select Type as Interface and Interface is vlan0

In Address Translation, select Source Network Address Translation to outgoing-interface to use the IP address of the outgoing interface as the source IP address of the packet that matches this route. Click OK.

https://us.v-cdn.net/6029482/uploads/672/H30KW0WHSWKJ.png There was an error displaying this embed.


2     Set Policy Route in CONFIGURATION > Network > Routing > Policy Route to create new routing rule. Click Show Advanced Settings.

In Configuration, check Enable.

In Criteria, select Incoming as Interface and Please select one member is vlan20.

In Next-Hop, select Type as Interface and Interface is vlan0

In Address Translation, select Source Network Address Translation to outgoing-interface to use the IP address of the outgoing interface as the source IP address of the packet that matches this route. Click OK.

https://us.v-cdn.net/6029482/uploads/812/R7NDFBHQGKOT.png There was an error displaying this embed.


1.4 Configure Security and SSID

1     Go to CONFIGURATION > Object > AP Profile > SSID > Security List, Click Add to create a new security profile for staff.

In General Settings, key in Staff as profile name, and set security mode to wpa2.

In Authentication Settings, select to PSK and key in Pre-shared Key. Click OK.

https://us.v-cdn.net/6029482/uploads/265/2DO28264T083.png There was an error displaying this embed.


2     Click Add to create a new security profile for guest.

In General Settings, key in guest as profile name, and set security mode to none. Click OK.

https://us.v-cdn.net/6029482/uploads/152/BM3KRYYHSSU5.png There was an error displaying this embed.


3     Go to CONFIGURATION > Object > AP Profile > SSID > SSID List and click Add to create a SSID for staff.

In Profile Name and SSID, key in Staff.

In Security Profile, select Staff.

In VLAN ID, key in 10. Click OK.

https://us.v-cdn.net/6029482/uploads/057/WVYU3U2DYDAV.png There was an error displaying this embed.


4     Click Add to create a SSID for guest in vlan20.

In Profile Name and SSID, key in guest.

In Security Profile, select guest.

In VLAN ID, key in 20. Click OK.

https://us.v-cdn.net/6029482/uploads/977/JBG8CU3JTK8L.png There was an error displaying this embed.


1.5 Configure AP Profile to Broadcast SSID

1     Go to CONFIGURATION > Wireless > AP Management > AP Group, click Edit for default group.

In Radio 1 and Radio 2, set the SSID profile, Staff and guest. Click OK to apply the configuration.

https://us.v-cdn.net/6029482/uploads/307/D5D7SRRWDC0F.png There was an error displaying this embed.


2.1 Test the Result

1     Use a laptop to select SSID Staff and key in the security setting for connection. After connection successful, laptop can get an IP in VLAN10.

https://us.v-cdn.net/6029482/uploads/623/H00P3G1ZLMW7.png There was an error displaying this embed.


2     Use a mobile phone to select SSID guest and connect to it. After connection is successful, mobile phone can get an IP in VLAN20.

https://us.v-cdn.net/6029482/uploads/554/0KQ8WJYVNJHT.png There was an error displaying this embed.


3     The connected stations are visible in NXC controller MONITOR > Station Info > Station List.

https://us.v-cdn.net/6029482/uploads/469/SC5ZHY1D9UZ7.png There was an error displaying this embed.


3.1 What Could Go Wrong?

1     When USG is a DHCP server, users may not get IP if USG and switch do not set VLAN10 and VLAN20.

2     When NXC is a DHCP server, user may not go to Internet if the policy route does not set to outgoing-interface.

3     For the broadcasting the radio, the example only sets radio1 for 2.4GHz. If 5GHz also needs to broadcast the same setting, you can set in radio2 with the same operation steps.

Sign In to comment.