Forcing certain WLAN traffic out certain ZD ports?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Using a ZD1100, I would like to tunnel guest traffic back to the ZD and force it out one of the ports that will be connected only to the Internet modem. The other port will be connected to the network switches, but the customer wants to make sure that the guest WLAN traffic is tunneled and then only able to go out the specific physical port on the ZD that goes directly to the modem. Is this possible? If so, how?
Photo of Jeremy West

Jeremy West

  • 7 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 48 Reply Likes
I had a customer a while back that wanted to do this too, in fact they did it and thought they solved whatever they wanted to solve but they didn't. Plu that's a really bad way to go about this. Use switches that support 802.1Q, tag traffic on WLANs and avoid using tunneling on 1100 if you can, and here you can.

I don't just because a customer tells you to do something that doesn't mean you need to do it. Tell them they're wrong on this. There are far better and easier ways to solve this.
Photo of Jeremy West

Jeremy West

  • 7 Posts
  • 0 Reply Likes
While I agree with you, and that is our typical deployment methodology, the customer still wants to do it this way.
Can anyone give any instruction on how to force guest traffic out of a specific physical port on the ZD1100?
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 48 Reply Likes
Photo of Jeremy West

Jeremy West

  • 7 Posts
  • 0 Reply Likes
Not helpful. If you have instructions for how to do this, please share them. While it isn't ideal, I still need to do this.
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 48 Reply Likes
Sory, the double face palm wasn't directed at you but rather at the customer. We have a few of those here too.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2182 Posts
  • 300 Reply Likes
The ZoneDirector manages Access Points, it is NOT a router. Both Eth ports on
the ZD are one logical interface. There are two, so you can connect a PC for
direct access if needed, or to connect to two switches for redundancy, allowing
the switches to use STP to block one port.

It is not possible to direct some traffic out one ZD Eth port, and other traffic out the
other.
Photo of Dominic Simpson

Dominic Simpson

  • 10 Posts
  • 0 Reply Likes
That second etherport is so useful for ZD management when out of switch ports. Only slightly bettered if it could be provided with a plastic etherport blanking cap, then it's out of sight of those that don't know.

Michael clearly points out this is not possible; the Two ports are bridged.
Tell the customer they best leave it to you as they don't seem to have a handle on security and traffic management.
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 51 Reply Likes


-via Twitter...