Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MTS
Participant

How to assign WIFI ssid to a Vlan interface of SMB Gateway 1570

Hi all,

 

 

I am using the default network switch1 and have Vlan 10 and 20 tagged on this switch.

 

I find that I can assign an SSID to the switch1 [Native vlan1], but seems no choice for vlan 10 for 20 interfaces.

 

Might I know if there is any solution for this case?

 

Thanks.

 

 

CrazyProduct.png

 

 

0 Kudos
9 Replies
PhoneBoy
Admin
Admin

You can’t assign the WLAN to a VLAN directly.
You create a bridge and assign both the VLAN and WLAN to it.

0 Kudos
MTS
Participant

Um..Yes, I find that we can use the "bridge" to assign both Vlan and WLAN now.

 

But that seems not to work as expected.

 

In my design, we have Port 1 - 4 as switch1 and a Native VLAN 1 WIFI SSID in the same bridge.

Then I try to create a Vlan 10 and tagged it to switch1, the switch1.10 is here now.

 

I try to bind the Vlan 10 SSID to switch1.10, and it works.

But the Wired users accessing Vlan 10 just can not access Checkpoint 1570 's Vlan 10 Ip address.

 

I do confirm the uplink port connecting to switch1 is already trunk and with suitable Vlan tagged and untagged.

 

And finally, I use a stupid way to temporary resolve the issue:

I assign VLAN 10 SSID to CheckPoint's Lan 6 with the same new bridge and move the original VLAN 10 Ip address to this new bridge also.

Connect the CheckPoint's Lan 6 port to the switch port that just accessed VLAN 10.

 

And this works like Vlan 10 working well now ... OH ShXt.

 

I wonder if the VLAN tag will not work for the switch that is also bridged to another interface already.

 

Please advise.

0 Kudos
PhoneBoy
Admin
Admin

If you assign a numbered VLAN to a specific port, it is expected that whatever is connected to that port will communicate using VLAN tags.
Your LAN ports are untagged and will fail to communicate with the VLAN tagged port unless the client is configured to send the correct VLAN tag (which it probably isn't).
In any case, the only way to allow untagged ports to communicate to/through tagged ports (and vice versa) is through a bridge.

0 Kudos
MTS
Participant

No, The wired users connected to the switch port what access vlan 10 already.

 

And it still fail to communicate with CheckPoint Vlan 10 when there is a bridge interface to bind the Checkpoint Vlan 10 interface with another interface.

0 Kudos
garrod
Contributor

Hi, Like to know something here, is it mean that, correct?

Not working scenario

1. Port 1 - 4 

2. Switch configured

3. Bridge Configured

4. VLAN 1 configured

5. Not Working

 

Working scenario

1. Port LAN6

2. Switch configured

3. Bridge unconfigured

4. VLAN 10 configured

5. Working fine

0 Kudos
MTS
Participant

Let's make it simple.

 

My wired user can not access the Checkpoint Vlan 10 interface or the VLan WIFI as below.

cp_bridge_interface_vlan_tagging_issue.png

 

0 Kudos
PhoneBoy
Admin
Admin

While I appreciate the network diagram, I believe screenshots of exactly what you've configured would help.
While I don't have the exact configuration, I have done something similar in the past and the following should work:

Screen Shot 2022-10-12 at 11.37.41 AM.png

In my case, the "VLAN Tagged" port is the DMZ port (i.e. what would be connected to the Aruba in your case).
The DMZ port is not assigned to any switch or bridge.
In your case, according to your diagram, that means LAN1 should be unassigned, but LAN1.10 should be assigned to the bridge.

0 Kudos
MTS
Participant

Thanks.

But we must keep the DMZ and the SSID VLAN 1 in the same bridge also.

Will this work for both bridges in your lab also?

0 Kudos
PhoneBoy
Admin
Admin

Our regular (non SMB) gateways actually prevent you from using VLAN 1 since it has special meaning.
I recommend using a different VLAN number here. 

But yes, you should be able to bridge the DMZ and a Wireless SSID together using a bridge.

0 Kudos