Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Multiple SSIDs and VLAN with USG 100, GS2200 and Ubiquiti AP

Posted on 2013-11-15
2
Medium Priority
?
5,924 Views
Last Modified: 2014-01-23
Hi,

I just installed 3 Ubiquiti Unifi AP.  I've setup 3 SSIDs.  I want them to be on their own VLAN and separate networks so they can't "see" each other.  I've set the Ubiquiti routers to different VLAN IDs for each SSID (ie. wifi1 =vlan2, wifi2 = vlan3 and wifi3 = vlan4).  I have a Zyxel GS2200 24 port switch and a Zyxel Zywall USG 100 router.

What's the best way to do this with my equipment?  I have currently setup 3 configurations under VLAN in Interface (name:  vlan2, vlan3 and vlan4--static IPs for each AP).  I've configured the GS2200 with VLAN2 on ports 14, 15 and 16 (where the three APs are connected).  

I am now able to ping the three AP but when I connect to them, I don't get an IP address from DHCP and I'm not certain if the networks are truly separate.  

Please let me know if you need further info.

Thanks for any help!
0
Comment
Question by:Matt Kendall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39652538
What device is serving the dhcp addresses?
Have you create a dhcp scope for each vlan?
Have you set up dhcp relay for whichever devices is routing your vlans?
0
 
LVL 1

Accepted Solution

by:
H323 earned 2000 total points
ID: 39652719
In your switch set up vlan 2, 3 and 4 and set all ports as members of all vlans.
Only 1 patch cord between your switch and lan1 on the router.
In USG router go to configuration > network > interface > vlan tab > add
Interface type = internal
Interface name = vlan2
Zone = none
base port = lan1
vlan id = 2
select used fixed IP address
set IP of this interface i.e. 192.168.51.1
subnet: 255.255.255.0
on same page go down to DCHP and select DHCP server, then set your starting lease address and pool size
Make sure to change DHCP lease time to 1 or 2 days (don't let it infinite)
hit OK.
Repeat above process to add VLAN 3 and 4.

go to configuration > network > zone
Add a new zone called VLAN2 and add VLAN2 to that zone.
Repeat for VLAN 3 and 4.

Go to firewall and block interlan traffic as desired.   For example From: VLAN2 To: LAN1 would block all traffic from Wi-Fi VLAN2 headed for the corporate LAN1.

Go to routes and add a route for each vlan so that VLAN2, 3 4 can get to the internet.  I don't think those subnets will be able to browse by default.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This program is used to assist in finding and resolving common problems with wireless connections.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question