Zyxel NXC2500 controller and Wifi guest

emiliano79
emiliano79 Posts: 12  Freshman Member
Friend Collector First Comment
edited August 2022 in WirelessLAN

Hi everyone,

I need some help in order to create a Wifi Guest network using our NXC2500 wifi controller and DMZ network.

The controller is connected on our network on the management VLAN100 LAN1 then the port 3-4 are connected to 2 different VLANs, 3 and 4.

Actually there is a XXX SSID used by the company employees. The network is on the VLAN4 (P3) and all APs are on that network.

What i wanted to do is create a WIFI Guest network on VLAN 3 (which is a DMZ) for guest but i am pretty lost on put the APs on that network as well. Can they be part of the XXX SSID and the Guest SSID in the same time as they are 2 different networks?

Thanks


«1

All Replies

  • RichardHan
    RichardHan Posts: 29  Freshman Member
    First Anniversary Friend Collector First Answer First Comment

    @emiliano79

    Just summarize the scenario:

    1. NXC is in VLAN100
    2. AP is in VLAN4
    3. Employee SSID is in VLAN4

    Now you want to establish a guest SSID on VLAN3?

    ----------

    And the answer is, Yes. AP can broadcast two SSIDs in different VLANs.

    You just need to make sure the VLAN settings are correct on the switch ports that traffic may pass through, allowing VLAN3 clients to access it's gateway and the Internet.

    it will be better if you can put your network topology here, so that we can check if there is any configuration could be missed.

  • emiliano79
    emiliano79 Posts: 12  Freshman Member
    Friend Collector First Comment

    Hi Richard,

    thanks for your answer.

    Yes, that's the scenario.

    I guess the networks are properly configured, what i am missing is the instructions how to assign the VLAN3 to the second SSID guest :-(

    Please see in the pics some more settings.


    Thanks

  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 360  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hi @emiliano79 ,

    The AP could broadcast two SSID in different VLANs at the same.

    Here is the configuration.(Just modify the setting as you need.)

    Go to CONFIGURATION>Object>AP Profile>SSID>SSID List, and add two profiles. You could also add the security profile here.

    Go to CONFIGURATION>Wireless>AP Management>AP Group, and edit the "default" profile.

    Add the "Guest" and "Office" SSID in the Radio 1 and Radio 2.

    However, we still need your detail topology to fulfill your requirement.

    Hope it helps.

    Joslyn

  • emiliano79
    emiliano79 Posts: 12  Freshman Member
    Friend Collector First Comment

    Hi Joslyn,

    yes! that was the missing settings.. Now i can see the SSID but DHCP is not working, i guess i need to do a route to our firewall, as the DHCP server is there.

    I will keep you posted.

    Thanks again!!

  • emiliano79
    emiliano79 Posts: 12  Freshman Member
    Friend Collector First Comment

    Hi,

    well firewall is enabled but all ports are opened.

    The clients are not getting the ip from the DHCP server which is managed by a pfsense firewall but i think that's not the main problem.

    The clients do not get an IP but they can't even contact the server. There is any rules is need to add in order to make it work?

    Thanks

  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 360  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hi @emiliano79

    I thought there should be a switch which is used to connect to APs. Could you help to confirm if you added a VLAN3 interface on the switch? Just like the VLAN4 interface for the employee SSID. The traffic also should tag out for the Guest SSID.

    Hope it helps.

    Joslyn

  • emiliano79
    emiliano79 Posts: 12  Freshman Member
    Friend Collector First Comment

    Hi Joslyn,

    yes the VLAN3 is around our network, now we are using another system for the guest WIFI but which will be removed as soon the Zyxel guest network will work.

    The WIFI now is visible and clients can connect but no IP address.

    So far the VLAN3 is tagged on the g4 controller port and the controller is reachable with the ip 172.30.0.1 in the VLAN3 network.

    DHCP is here disabled because our firewall is doing that.

    Any ideas? :)

    Thanks


    Emiliano

  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 360  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hi @emiliano79

    From your configuration, I guess the ge1 of the NXC is connected to your firewall. Is it correct? If yes, please add the ge1 into the VLAN3 and tag out. The DHCP client should ask for an IP address between ge1(firewall) and ge4(AP/station).

    If no, could you draw your topology for me like below? It will be better if you can describe it more detail.


    Joslyn

  • emiliano79
    emiliano79 Posts: 12  Freshman Member
    Friend Collector First Comment

    Hi @Zyxel_Joslyn

    Yes, the network is configured as you show it above.

    The lan 172.16.100.x is our Server VLAN, with no firewall restrictions to anywhere.

    The g1 is on that network. G3 is on the VLAN4 172.16.4.x which is the actual network where our employees are connected to (using RADIUS server on our DC). DHCP is on the firewall.

    I was checking both conf. for VLAN3-4 and actually they looks similar and ok..

    On the Guest network i have noticed when a client connect it take ages to ask for the password and ages to connect, but then, as i said, no IP address.

    The g4 is reachable inside the VLAN3 so i don't see why the clients can't get an IP..


    With, please add the ge1 into the VLAN3 and tag out, is that what you meant? (i don't think so :()

    Sorry but my knowledge of networks is pretty new so it may be a bit difficult deal with me :).

    Thanks


    Emiliano

  • emiliano79
    emiliano79 Posts: 12  Freshman Member
    Friend Collector First Comment

    and @Zyxel_Joslyn

    the ports g1-3-4 are all connected to our switch, where the networks 100-4-3 are tagged.

    Thanks