wireless Access Points and VLANs
I starting to set up the following configuration but I encounter many issues and probably need some help.
I try to set up 3 isolated SSID on the wireless access point:
- one which can reach both internet and a NAS
- one which can reach only internet
- an USG310
- a switch GS1200-8HP
- a wireless controller NWA5123-AC-HD
from a physical point of view:
- the wireless controller is linked to the switch from it’s uplink port to the port 1 of the switch GS1200-8HP. This allow the wireless controller having the POE.
- this switch is connected from it’s port 5 to the port 3 of the USG.
- Nas is connected on the port 4 of the USG
- WAN is available from the port 2 of the USG.
From a VLAN point of view (Configuration > Network > Interface > VLAN)
3 VLANs have been defined on the USG with the following configuration:
- base port: ge3
- IP address: 192.168.(X/Y/Z).1
- sub-net: 255.255.255.0
- enable IGMP support (downstream)
- DHCP server
- first DNS server: Zywall
- second DNS server: 1st from the ISP
- third DNS server: 2nd from the ISP
- default router: vlan (X/Y/Z) IP
Interface ge3 on the USG (Configuration > Network > Interface > Ethernet > port 3) is:
interface name: ge3
ip address: 192.168.1.1/255.255.255.0
DHCP Server: 192.168.1.2
default route: ge3 IP
enable IP mac binding for all IP addresses I want on this sub-net with an IP (192.168.1.x)
on the wireless access point, SSID 2 and 3 have respectively VLAN Y and VLAN Z SSID.
SSID 1 have still for now VLAN id 1. (if I change apply the VLAN X on the SSID 1, I cannot reach anything)
the port configuration in the switch is the following one:
IEEE 802.1Q VLAN
VLAN ID 1: port 1, 5 and 8 untag egress member
VLAN ID X: port 1 and 5 Tag Egress Member
VLAN ID Y: port 1 and 5 Tag Egress Member
VLAN ID Z: port 1 and 5 Tag Egress Member
My problems are the following ones:
- When I connect my wireless devices to the SSID 1, I got the appropriate IP on the sub-net 192.168.1.0 sub-net and I’m able to reach the internet.
- When I connect a wireless device on the SSID 2 (VLAN Y), I got an IP address on this VLAN (192.168.Y.) but I’ve also a log trace in the USG which tel me that I got an IP on the 192.168.1 sub-net. I cannot reach the internet.
I have many errors in my USG log files which looks like;
- IP Mac binding:
DROP packet vlanY/Z-0.0.0.0:mac_address_of_the_wireless_AP
- IP Mac binding: DROP packet ge3-0.0.0.0:mac_address_of_the_wireless_AP
Wireless access point and GS1200-8HP got an IP with in subnet 192.168.1
I’m brand new in VLAN, just wants to understand what I’m doing wrong. Would you mind help me?