I have Port 1 as zone LAN 192.168.200.250/24. AP15C on 192.168.200.240 provides mainSSID to this subnet using "Bridge to AP LAN" and also provides guestSSID on 10.0.x.x subnet.
This all works fine.
Then Port 4 provides zone kidLAN on 192.168.220.250/24. DHCP issues 220.100-220.149 (see below) User matching, captive portal and quotas to manage child access.
This all works fine.
Now I want to use the AP15c to provide a kidSSID for WiFi into the Port 4 kidLAN subnet above, the same function as "Bridge to AP LAN" on the Port 1 mainLAN subnet.
Port 4 subnet is in kidLAN zone
I made a new Wireless Network (kidSSID) with traffic set to Separate Network. Zone for this Wireless Network is kidWiFiZone
1) to get IPs for kidSSID I have made a DHCP to issue 192.168.220.150 - .199. This works, IP issued and client DNS server addresses are loaded OK
2) When I connect to kidSSID I cannot get DNS to resolve, correct DNS server, but times out. DNS from other ports/zones is OK.
3) Firewall Rules - in order
3.1 Allow External DNS: DNS from LAN, GuestWiFi, kidLAN, kidWiFiZone all allowed to WAN with NAT
3.2 Pair of rules to allow all traffic between kidWiFiZone <-> kidLAN zone. No NAT because both zones in same IP subnet range
3.3 Allow kidLAN, kidWiFiSSID to WAN if known user
3.4 Drop kidLAN, kidWiFiSSID to WAN
3.4 and 3.5 pass known users or activate Captive Portal. Works correctly for wired kidLAN on Port 4.
I dont see anything in the logs to show why DNS fails. It looks like no firewall rules are triggered by any traffic from the kidSSID.
Am I going about this the wrong way? My goal is to use the AP15C to add an SSID to the kidLAN zone, working the same way that the SSID works on the main LAN zone (ie "Bridge to Access Point LAN).
Thanks for any hints
A
This thread was automatically locked due to age.
