Problems getting guest WiFi on VLAN Setup

Hey all, I'm new to Zyxel switches and need help with a VLAN setup.

I'm having issues getting guest Wifi working on a VLAN. Let me post my setup below. 

Two Unifi AC LR AP's

Guest WiFi tagged with VLAN 200

Zyxel GS1920-v2

3 ports on VLAN 200, trunked, tagged, fixed

Sophos XG 115

Traffic is allowed from AP's to interface setup with VLAN 200

VLAN interface is allowed out through WAN.

There is also a DHCP scope running on the VLAN interface on the firewall, port4.200

In this current setup, my laptop and phones can get a DHCP lease on the guest VLAN 200 network. But after getting the lease, they can't ping ANYTHING. I'm baffled, since the lease works, that at least shows the VLAN is somewhat working and tagging correctly. So I think the issue is with the firewall. Have I missed anything? I verified on firewall rules, that LAN AP's are allowed to access the VLAN zone, and that VLAN zone is allowed to go out through WAN zone. I also checked Wireshark. The client is constantly broadcasting trying to find the default gateway set in the DHCP lease. Also tried pinging from the firewall to WiFi client. Oddly enough, Wireshark picks up the ping from the firewall, but the client doesn't respond to it. Really not sure what else to do. I can't reboot the firewall/switch during working hours. I even disabled Windows firewall to rule that out, but it made no difference.

Here below I'll post the current VLAN setup.

Under Static VLAN Config

Under VLAN port config

Am I missing anything here? That's going off what I found on the forums and documentation.

All Replies

  • KimKim Member Posts: 4

    I think you don't have to configure PVID 200 on port 25,27,44 if you have already configured these ports to fixed and tagged. If the port is configured to fixed "untagged" then you have configure PVID 200

Sign In to comment.