Guest SSID on seperate VLAN

  • 1
  • Question
  • Updated 3 years ago
  • (Edited)
I have a ZD 1100 with 5 zf7982 APs. 

Currently setting up guest access. I have configured the WLAN SSID, and have tagged it correctly. Clients connecting to the guest SSID can reach the DHCP server and are able to receive IP addresses, however, they're unable to "sign in" to the guest network (in this case, they are not prompted to accept the Terms and Conditions). 

Setup is as such:

ZD: 10.10.1.150
APs: 10.10.1.151-155
Guest Network: 10.10.8.0-10.10.9.255

The APs and ZD are untagged on the 10.10.1.X VLAN and are tagged on the 10.10.8.0/23 VLAN. If I leave the guest SSID untagged (VLAN 1) then the guests can 'Sign in', but once I tag it they can't. I've tried adding some rules to allow access to 10.10.1.150 to the guest access settings but still no luck.

Any ideas would be greatly appreciated.
Photo of Josh Michielsen

Josh Michielsen

  • 5 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Munish Dhiman

Munish Dhiman, Employee

  • 100 Posts
  • 14 Reply Likes
Josh,

What is the configuration of switch port ,where ZD and AP is connected . could you paste it ?
(Edited)
Photo of Josh Michielsen

Josh Michielsen

  • 5 Posts
  • 0 Reply Likes
Port is untagged on 10.10.1.0/24 vlan and tagged on 10.10.6.0/23 (staff wifi) and 10.10.8.0/23 (guest wifi). 
Photo of Rahul Koul

Rahul Koul, Employee

  • 76 Posts
  • 13 Reply Likes
Hi Josh,

I have a few questions:

Are you using any client isolation? If yes please disable and see if it helps.

Are you using a Hostname for ZD?

After the clients get DHCP Ip then enter the ZD Ip in the browser and see if you get the login screen.

Also, what are the tagged and Untagged VLAN Ids? It is easier to remember than the subnets.

What is the Access VLAN Id which can be found on ZD UI, Configure :: System :: Device IP Settings :: Access VLAN ?

Regards,
Rahul 
Photo of Josh Michielsen

Josh Michielsen

  • 5 Posts
  • 0 Reply Likes
Hi Rahul, 

I have disabled client isolation, unfortunately it does not help.

I am not using a hostname for the ZD. I'm not actually sure where that option is?

When a client connects to the guest WLAN it can browse to the ZD IP, where it receives a T&C page (normally this should pop up on it's own?). When you accept the T&Cs though it redirects to a blank page. Within the ZD monitoring I can see the client has been authorized, but there is no internet access.

The ZD and all APs are Untagged on 101 and tagged on 104 and 105.
Access VLAN under Configure :: System is 1
Staff WLAN is tagged 104
Guest WLAN is tagged 105

Thanks for your assistance.
(Edited)
Photo of Rahul Koul

Rahul Koul, Employee

  • 76 Posts
  • 13 Reply Likes
Hello Josh,

What is the version of firmware running on your ZD? Also, is this a specific OS issue or all OS are affected?

Also, just enable Tunnel mode and see if that makes any difference? You can enable this feature from Configure :: WLANs :: WLANs :: Edit :: Advanced options :: Tunnel Mode


Regards,
Rahul
Photo of Josh Michielsen

Josh Michielsen

  • 5 Posts
  • 0 Reply Likes
Hi Rahul, 

Firmware version: 9.8.2.0 build 15
As far as I can tell all OS's are affected. So far I have tested Android, Mac OSX and iOS. When I have the opportunity I will also test with a Windows based operating system, although I don't feel the result will be any different.

I will enable Tunnel mode tomorrow morning (Australian Western Time) and let you know if I have any luck with it.

Regards,
Josh
Photo of Josh Michielsen

Josh Michielsen

  • 5 Posts
  • 0 Reply Likes
Hi Rahul,

I have enabled Tunnel mode on the guest WLAN and it doesn't seem to have made any difference. Again the client connects to the WLAN and is not prompted to accept the T&C's of the guest access. If I browse to 10.10.1.150 (controller IP) I get the T&C page and I am able to accept them. It will then redirect to a blank page, but still not allow internet access.

The client shows as Authorized in the ZD web interface.

Kind Regards,
Josh
Photo of Rahul Koul

Rahul Koul, Employee

  • 76 Posts
  • 13 Reply Likes
Hello Josh,

There are two issues here- one the T&C page will not load on its own and second you do not have internet access even if you manually go through the T&C page. The ZD might just need an upgrade but I will suggest to have TAC confirm that and take the call. Please open a case with them.

Regards,
Rahul