Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SG1000 direct to Ubiquiti Unifi VLAN guest network

    Installation and Upgrades
    4
    9
    566
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      technopop last edited by

      Hello,

      I'm setting up an SG1000 and connecting directly (no switch) to a Unifi AC lite.

      The main LAN is untagged and I've setup a guest network on the unifi on a VLAN.  VLAN ID is 50 on both the SG1000's LAN port and the Unifi's guest SSID.

      However, i can't get a DHCP assignment on a lapotp nor can I ping the SG1000 if I manually assign an address to my laptop.

      What am I missing?

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Show us what you have actually done. The switch config both VLANs and Ports, the assigned VLAN pfSense interface, the DHCP server. Everything.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T
          technopop last edited by

          @Derelict:

          Show us what you have actually done. The switch config both VLANs and Ports, the assigned VLAN pfSense interface, the DHCP server. Everything.

          Right.

          In the SG1000

          INTERFACES -> ASSIGNMENTS -> VLANs tab

          Add
          Parent interface cpsw1 - LAN
          VLAN Tag - 50
          Priority - 0
          Description - GuestNET

          SAVE

          INTERFACES -> INTERFACE ASSIGNMENTS tab

          Add VLAN 50 on CPSW1 - LAN (GuestNET)
          Renamed OPT1 interface to GUESTNETWORK

          SAVE

          INTERFACES - GUESTNETWORK

          Enable Interface - yes
          IP4 config - static IPv4
          IP4 address assigned - 192.168.50.1/24

          SAVE

          SERVICES -> DHCP SERVER -> GUESTNETWORK tab

          Enable DHCP server for GUESTNETWORK - check
          Assigned range: 192.168.50.100 - 150

          SAVE

          FIREWALL -> RULES

          Added a PASS ANY ANY rule for GuestNET

          Plug patch cable between SG100 and Ubiquiti AC Lite flying saucer.

          –-------

          Opened up the Unifi controller.

          SETTINGS -> WIRELESS NETWORKS

          Create New Wireless Network
          Name/SSID - guest-net
          Enable - yes
          WPA security stuff set...

          Expand ADVANCED OPTIONS
          VLAN - Use VLAN - check.
          (2-4009) - space -  50

          SAVE

          Check the individual AP, go to CONFIG -> WLANS

          I see my GUEST-NET
          Enabled on this AP - yes
          Use VLAN with VLAN ID 50 - yes

          On the laptop, I can connect to the untagged STAFF SSID, have full internet access.  GUEST-NET however has no internet connection.

          I tried to manually assign 192.168.50.11 to my laptop and couldn't ping 192.168.50.1 nor do anything.

          1 Reply Last reply Reply Quote 0
          • T
            technopop last edited by

            I added a Cisco SLM2008 between pfsense and the ubiquiti.

            On all ports, Acceptable Frame type set to all.

            I guess I messed up somewhere.

            I'll drag the laptop down to the network closet and see if i can wire in to VLAN 50.

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              "I guess I messed up somewhere."

              Which is why when asked to show - you should actually show via screenshot.. Not some text.. Which ends up in couple of different ways

              Either they try and copy paste the info from the gui which ends up very difficult to read. Or they type out stuff like what you did - which just means that is the the OP thinks they did, not what they actually might of done, etc..

              Pfsense doesn't give 2 shits if you connect the AP or a switch or A PC or whatever - all it cares about is the packet tagged or untagged.  If its untagged the lan interface will see it, if tagged and the ID matches one of its vlan interfaces connected to the that physical interface then the vlan will see it.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 22.05 | Lab VMs CE 2.6, 2.7

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                It looks like you have done everything you need to do to put VLAN 50 out the LAN port tagged.

                In the Interfaces > Switches, VLANs tab you should see VLAN 50 listed and tagged on 0 and 2 (0t,2t).

                You should get DHCP regardless of firewall rules (unless you are specifically blocking DHCP).

                To ping you would need to be sure you are passing ICMP into GUESTNET (not just TCP/UDP).

                You didn't already enable a captive portal or anything like that, right?

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • T
                  technopop last edited by

                  I walked away for a break and worked on other things.  I came back and set the unifi up on an existing and working setup of pfsense on an APU, cisco sg200 that has a VLAN 1003 (hard coded ID apparently in the Apple units) working with Apple Airport Express boxes using for the guest network.

                  However, creating an SSID on the Unifi on VLAN 1003 didn't work.  No DHCP assignment when I connect to the Unifi's SSID on VLAN 1003 while it works with the Apple airport express on guest with VLAN 1003.

                  I assume the problem is with the config in the Unifi device now.

                  Screen shots….. I'm not quite sure where to begin with that.

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    Yeah it sounds like there is something not clicking with the Unifi config.

                    Yes, Apple airport guest networks are hard-coded (dictated) to be tagged 1003.

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • B
                      BBCModelB last edited by BBCModelB

                      NAT issue?

                      As well was firewall rule(s), you'll need NAT for your VLAN 50

                      Incidentally, running a DHCP server on the Unifi box for VLAN 50 doesn't work very well - make sure you're running DHCP server for the VLAN on the pfSense box

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post