LANGUAGE SUMMARY How to separate the guest network from the private network using Nebula devices?
ARTICLE ID 016557 TYPE Application / Configuration Example
LEVEL Public FIRMWARE n/a
VIEWS 3843 VOTES 8
TECHNOLOGY MODEL NAP102,NAP203,NAP303 (view more model name)

QUESTION


ANSWER


SCENARIO DESCRIPTION:

Guest Network

By default, Nebula devices will process all devices into a single Local Area Network (LAN). However, in most network deployments, it is necessary to create a publicly accessible network (Guest VLAN) that is isolated from your private network. This article instructs admininstrator on how to create a Guest VLAN and isolate this network from the rest of the internal network using all three Nebula product lines.

 


SETUP/STEP BY STEP PROCEDURE:

Topology:

 

 

Setting a Private VLAN Interface on the NSG:

1. Add and Save a VLAN10 Interface

   NCC > GATEWAY > Configure > Interfaces addressing > Interface [+Add]

   

 

Setting a Guest VLAN Interface on the NSG:

1. Add and Save a VLAN20 Interface

   NCC > GATEWAY > Configure > Interfaces addressing > Interface [+Add]

   

 

Prevent Routing from Guest Network to Private Network on the NSG:

1. Add and Save Outbound Rules

   NCC > GATEWAY > Configure > Firewall > Outbound rules [+Add]

   

 

Configuring NSW Switchports

1. Select and Edit Ports to Servers or Private Resources.

   NCC > SWITCH > Configure > Switch ports

   

2. Configure and Update Ports to Servers or Private Resources.

   NCC > SWITCH > Configure > Switch ports [Edit]

   

3. Select and Edit Port to NAP.

   NCC > SWITCH > Configure > Switch ports

   

4. Configure and Update Port to NAP.

   NCC > SWITCH > Configure > Switch ports [Edit]

   

5. Select and Edit Port to NSG.

   NCC > SWITCH > Configure > Switch ports

   

6. Configure and Update Port to NSG.

   NCC > SWITCH > Configure > Switch ports [Edit]

   

 

Configuring NAP SSID

1. Edit and Save Private and Guest SSID.

   NCC > AP > Configure > SSID

   


VERIFICATION:

- Connect a wireless device to Wireless Network "Private". The wireless device should receive an IP address from the 192.168.10.X subnet.

- Connect another wireless device to Wireless Network "Guest". The wireless device should receive an IP address from the 192.168.20.X subnet.

- Wireless devices in the private or guest network can access the Internet.

- Wireless device in the guest network cannot reach or successfully ping any of the private servers.

 


PROBLEM DESCRIPTION:


SOLUTION:


CONDITION/REPRODUCE PROCEDURE:

Did you find this article helpful? Yes No

Need technical support:http://www.zyxel.com/form/Support_Feedback.shtml