nxc2500 - can't connect to vlan

phil2
phil2 Posts: 2
First Comment
edited August 2022 in WirelessLAN

Hi, I connected the nxc2500 to a router and followed the instructions of the nxc2500 handbook on page 37 (where nxc ist dhcp server for vlan10 and vlan20). Now it looks like this:

Router (10.0.0.1)

NXC2500 (ge1 - ip 10.0.0.15 - gateway 10.0.0.1) - Vlan0 (192.168.1.1) - Vlan10 (192.168.10.1 dhcp active) - Vlan20 (192.168.20.1 dhcp active)

Switch GS1920 - uplink to nxc ge2 (interface no changes made - vlan10 and 20 set with policy roules to vlan0 as described in the handbook).

AP NWA5123ACHD on port1 of the switch (vlan10 and vlan20 untagged)

The problem ist, when I try to connect a mobile phone for example to vlan20 (ssid vlan id to 20 is set) in the log I can see that a dhcp request is made and the right address (192.168.20.x) is offered but will then not be assigned to the phone.

I hope, that anyone can help me...

PHIL

Comments

  • RichardHan
    RichardHan Posts: 29  Freshman Member
    First Anniversary Friend Collector First Answer First Comment

    Your topology is different from handbook. Base on your statement, it should look like this:


    Since NXC can receive DHCP-Discover from wireless station, the VLAN traffic from AP to NXC is correct. So your issue is on the traffic from NXC to AP.

    The reason is, the DHCP-Offer to AP should be tagged, so that AP will be able to forward it to correct SSID. So you can check your switch setting to make sure the packet is tagged out when forwarded to AP.

    Another potential issue in your topology is the policy route settings on NXC. Where the outgoing interface should be ge1, not vlan0. I assume the wireless client should be able to access the Internet, so on NXC the traffic should be routed and send out from the interface in the same subnet with router, which is ge1.

  • phil2
    phil2 Posts: 2
    First Comment

    Thank you very much for your tipps! Now it ist possible to connect to the internet over vlan10 (and I get a right ip address from the 192.168.10.xx range) and vlan20 (also right ip address 192.168.20.xx).

    The only problem left is, that when I'm connected over vlan10 or vlan20 (both should be guest vlan) I still can reach the vlan0, for example nxc controller on ip 192.168.1.1.

    Is there a possibility to prevent this?

    Thank you again for your help.