Overview
This guide is design for setup of a guest and private network on Zyxel access points using VLANs to isolate/segregate wireless users on the guest network for internet access only. A VLAN will prohibit users on the guest network from communicating with devices connected to the private network.
Supported Devices
NWA5XXX Series | WAC65XX Series |
---|---|
NWA5121-N | WAC6502D-E |
NWA5121-NI | WAC6502D-S |
NWA5123-NI | WAC6503D-S |
NWA5160N | WAC6553D-E |
NWA5301-NJ | |
NWA5550-N | |
NWA5560-N |
Running firmware version 4.20 and newer
Wi-Fi Security Object
Wi-Fi security is used to protect data being transmitted between the wireless client(s) and wireless base station by encrypting the packets before they are sent over the air. This will ensure that wireless communications are secure from middleman sniffing out wireless packets.
On the WebGUI go to the Configuration → Object → AP Profile menu and click on the SSID tab. Underneath the SSID tab menu there are options for SSID List, Security List and MAC Filter List, click on the "Security List" option to begin creating a wireless encryption object. Click the Add button to insert a new security profile to the list.
- Profile Name – Provide a name for the profile.
- Security Mode – Select the security mode you wish to use from the drop down, options are: None, WEP, WPA2 or WAP2-Mix. (For this example WPA2 is selected)
- Scroll down to the "Authentication Settings" option and select PSK (if not selected by default).
- Type in a password on the "Pre-Shared Key" field (password can be between 8 and 63 characters long using WPA2).
- For WPA2 encryption the "Cypher Type" should be set to AES only.
- Click the OK button to apply/save the settings.
Wi-Fi SSID Object
The SSID object refers to the name the wireless signal will carry (this is the name the wireless clients can see).
On the WebGUI go to the Configuration → Object → AP Profile menu and click on the SSID tab. Underneath the SSID tab menu there are options for SSID List, Security List and MAC Filter List, click on the "SSID List" option to begin creating a name object for the wireless broadcast. Click the Add button to insert a new SSID profile to the list.
- Profile Name – Provide a name for the profile.
- SSID – Create a name for the wireless signal.
- Security Profile – Click the drop down and select the security object created in the Security List menu.
- VLAN ID – Specify the virtual local area network (VLAN) ID the guest wireless will use. (ex: 100)
- Check the option to "Enable Intra-BSS Traffic blocking" to isolate/segregate wireless clients on the network. (optional)
- Click the OK button to apply/save the settings.
Wi-Fi AP Management
To apply the Guest network profile just created to the access point's wireless radio(s), please go to menu Configuration → Wireless → AP Management. Depending on the access point model it may have 2 radios built-in, a 2.4GHz and 5GHz radio. Under the "Radio 1 Setting" please check the following:
- Radio 1 Active – This option must be checked for the device to broadcast a signal using this radio.
- Radio 1 OP Mode – The operation mode must be set to "AP Mode" for this setup.
- Scroll down to the "MBSSID Settings" where there are 8 SSID broadcast slots available. By default only the first slow should be enabled using the default profile. Edit the second slot to use the guest wireless network profile. (ex: Guest)
- Repeat the process for "Radio 2 Setting" (if AP is dual-band)
- Click the Apply button to save the settings.
VLAN Setup
To enable VLAN support on the AP go to menu, Configuration → Network and click the VLAN tab. Under the "VLAN Configuration" feature click the Add button to insert a VLAN ID entry to the access point.
- Check the box to "Enable" the VLAN ID entry.
- Name – Provide a name for the VLAN. (ex: Guest, vlan100, etc.)
- VID – Specify the VLAN ID. (ex: 100 based on scenario)
- Set the uplink port, "lan1", as a member of the VLAN.
- Set the uplink port, "lan1", to tag traffic. (optional: if tagging is enabled on VLAN switch)
- Click OK to save the VLAN entry.
- Repeat the process for any additional VLANs.
- Click the Apply button to save the configuration.
Troubleshooting
- Wireless devices cannot see/detect the Wi-Fi broadcast signal:
- If the access point you purchased has external antennas, make sure they are attached and secure.
- Make sure distance is not an issue, move in closer to the AP (if far away) to see if the wireless device can see/detect the signal when closer.
- Make sure wireless capability on the client host (smartphone, tablet, computer, etc.) is enabled.
- If you used special characters or spaces for the SSID name you programmed on the access point, delete them and try again (if the wireless client does not support special characters on the wireless network name it will not be able to detect the signal).
- Turn wireless radio OFF and ON.
- Reboot the device.
- Check the AP Profile to make sure the "Hidden SSID" checkbox is unchecked.
Configuration → Object → AP Profile → SSID on the "SSID List" tab edit the broadcast profile.
- Contact Zyxel Tech Support for further assistance @ 800-255-4101 option 5 (for Tech Support) followed by option 2 (for Enterprise Wireless). Support is available Monday-Friday from 8:00-17:00 Pacific Time. You can also reach us via email by submitting a support request form here.
- Cannot associate wireless client connection to Wi-Fi signal:
- If there are any special characters to the wireless password, please remove them. Client may not support these characters which is preventing the connection. The password can be edited from Configuration → Object → AP Profile → SSID on the "Security List" tab edit the password profile.
- Disable wireless security on the access point and see if client can connect to the unsecure network.
- Verify that your client supports the encryption method configured on the access point. (WEP, WPA, WPA2, etc.)
- If MAC filtering is enabled on the access point, make sure the client(s) attempting to establish a connection are on the list. (if list is based on allowed addresses)
- Set channel width to use 20MHz width only, older/legacy wireless clients do not support networks with higher channel widths. The channel width can be managed from the Configuration → Object → AP Profile menu. The Radio tab host both 2.4Ghz (default) and 5GHz (default2) spectrum channel setups.
- Change wireless channel to rule out wireless interference impeding the connection from establishing. The wireless broadcast channel can be managed from the Configuration → Object → AP Profile menu. The Radio tab host both 2.4Ghz (default) and 5GHz (default2) spectrum channel setups. From this menu the 802.11 mode (802.11b/g, 802.11b/g/n, etc.) and channel width (20MHz or 20/40MHz) can also be tweaked.
- Contact Zyxel Tech Support for further assistance @ 800-255-4101 option 5 (for Tech Support) followed by option 2 (for Enterprise Wireless). Support is available Monday-Friday from 8:00-17:00 Pacific Time. You can also reach us via email by submitting a support request form here.
Comments
0 comments
Please sign in to leave a comment.