USG60W - Access to LAN from additional WAP

Neil_Bain
Neil_Bain Posts: 3
edited April 2021 in Security
I am new to the USG having converted from a Cisco ASA but have successfully set up the 60W with all working as expected with one exception.  

The USG60W is set up as my WAP (originally using EZMODE but subsequently converted to expert mode).  There are two additional WAPs (Cisco WAP121) in LAN1 using the same SSID.  No VLAN is used.

When devices connect via the USG60W, they can access the WAN and hosts on the LAN (as required).  When the same devices connect via either of the other WAPs, they are able to access the WAN but *not* the hosts on the LAN.  The WAPs were previously working without issue in tandem with the Cisco ASA.

Any ideas what I am missing or how best to debug.

With thanks

Accepted Solution

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Here it is the configuration example for your reference
    The router is connected to LAN2 of USG60W and the laptop is connected to LAN1.
    Topology:

    On the router, select the operation mode as “Access Point”.

    In this mode, wireless client which is connected to the SSID of the router gets the same IP subnet of LAN2 of USG60W after the router is connected to LAN2 of USG60W.

    Check if your AP has operation mode such as AP mode or bridge mode.


    Make sure the security policy rules are allowed.


    iPhone is connected to the router and gets IP 192.168.20.35.

    Ping the laptop 192.168.10.34 successfully.




  • Thanks PeterUK.  LAN1 to LAN1 security policy solved issue.  Answer marked as accepted. :-)

Security Highlight