Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 2565 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with VLAN guest WiFi (Unifi)

AdminofClouds

 Hello all,

 

I'm having issues getting guest Wifi working on a VLAN.  Let me post my setup below.  

 

 

Two Unifi AC LR AP's

Guest WiFi tagged with VLAN 200

 

Zyxel GS1920-v2

3 ports on VLAN 200, trunked, tagged, fixed

 

Sophos XG 115

Traffic is allowed from AP's to interface setup with VLAN 200

VLAN interface is allowed out through WAN.

 

In this current setup, my laptop and phones can get a DHCP lease on the guest VLAN 200 network.  But after getting the lease, they can't ping ANYTHING.

I'm baffled, since the lease works, that at least shows the VLAN is somewhat working and tagging correctly.  So I think the issue is with the firewall.  Have

I missed anything?

 



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to rfcat_vk

    Nothing allowing out?  The firewall VLAN interface, port4.200 is in the VLAN I setup.  Which is also in the rules I showed you.  Unless I'm misunderstanding something.

    There shouldn't be anything else to allow, since the Wifi device and firewall would be in the same zone because of the VLAN interface.  The frames are being tagged as they exit the switch ports and reach the firewall.

    The LAN to VLAN rule allows the AP's to talk to the firewall.

Children
  • 0 in reply to AdminofClouds

    Hi,

    you will need to provide a masq as part of your allow out rule.

    ian

    You seem to be doing this the hard way. Why do you want the wifi on a VLAN when you are connecting the VLAN to the LAN with a general firewall rule, what about local wifi users?

  • 0 in reply to rfcat_vk

    Okay I see where I missed that now.  I'll be sure to add the masq to the rule.  The purpose of the VLAN and to separate the guest WiFi traffic from the normal corporate traffic.

    There's some sensitive traffic that the guests shouldn't have access to.  Thus why I was allowing only the AP's to communicate with VLAN zone.  Thanks for your help so far.