Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Network segragation and nativebridge

I have an Unifi AP on one of our TZ670 interfaces. I would like to segregate it into an office wifi with LAN access and a guest wifi. I changed the interface to unassigned and added a nativebridge to X0 LAN. I then added a VLAN for Guest wifi as well. I plugged the AP directly into the interface to take the switch out of the equation.

I can log into both SSIDs when it's enabled but it connects with IPs in the 169 range. DHCP doesn't appear to work for either.

I do disable it when not actively testing. That's why it's disabled in the picture.

Thanks in advance for any help.

Category: Mid Range Firewalls


  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    VLAN 200 should be easy - this looks like a straightforward config, so if VLAN 200 isn't working then you probably haven't tagged it in Unifi. Or maybe you didn't create a DHCP scope for VLAN 200.

    What is the AP's management VLAN?

  • Options
    smeyer56smeyer56 Newbie ✭

    I think I tagged it and created a scope correctly. This is new to me so I'm not 100% confident.

    We are managing using the Unifi software on default. We are plugged directly into X4. Are there rules need to create besides setting up the scope?

  • Options
    prestonpreston Enthusiast ✭✭
    edited June 3

    @smeyer56 , Arkright is correct about the tagging, but it looks like you are wanting VLAN 100 to be the same network as your LAN for the corporate Wifi is this correct? if so you need to use port shielding not Native Bridge,

    if it was me I would remove VLAN 100 from the AP and SW and then set the corporate to use the Untagged VLAN 1 on the AP ,

    add VLAN 200 on the X0 interface for the Guest Wifi (set up the DHCP) instead of X4 , then Portshield X4 to X0, then just plug the AP in to X4 it will then act as another port in VLAN 1 the X0 subnet )and should pass through the VLAN tag for VLAN 200

    Ideally you would use native bridge for the opposite scenario where you want to strip the tag off i.e you have an interface like X0:V100 but you only want to use this on X4 so you can plug devices in to X4 and they would be on the same subnet as X0:V100 but without tagging so it basically turns it in to an untagged VLAN for that interface only and devices don't need to know about the tagging information.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    If you're not sure what you're doing, then the AP management needs to be untagged. This will not work if X4 [ie, untagged VLAN] is unassigned.

    I concur with Preston, it would be simpler to use PortShield.

  • Options
    smeyer56smeyer56 Newbie ✭

    Thanks both of you. I will look into portshield more.

Sign In or Register to comment.