SG1000 direct to Ubiquiti Unifi VLAN guest network

technopop

Hello,

I'm setting up an SG1000 and connecting directly (no switch) to a Unifi AC lite.

The main LAN is untagged and I've setup a guest network on the unifi on a VLAN.  VLAN ID is 50 on both the SG1000's LAN port and the Unifi's guest SSID.

However, i can't get a DHCP assignment on a lapotp nor can I ping the SG1000 if I manually assign an address to my laptop.

What am I missing?

Derelict

Show us what you have actually done. The switch config both VLANs and Ports, the assigned VLAN pfSense interface, the DHCP server. Everything.

technopop

@Derelict:

Show us what you have actually done. The switch config both VLANs and Ports, the assigned VLAN pfSense interface, the DHCP server. Everything.

Right.

In the SG1000

INTERFACES -> ASSIGNMENTS -> VLANs tab

Add
Parent interface cpsw1 - LAN
VLAN Tag - 50
Priority - 0
Description - GuestNET

SAVE

INTERFACES -> INTERFACE ASSIGNMENTS tab

Add VLAN 50 on CPSW1 - LAN (GuestNET)
Renamed OPT1 interface to GUESTNETWORK

SAVE

INTERFACES - GUESTNETWORK

Enable Interface - yes
IP4 config - static IPv4
IP4 address assigned - 192.168.50.1/24

SAVE

SERVICES -> DHCP SERVER -> GUESTNETWORK tab

Enable DHCP server for GUESTNETWORK - check
Assigned range: 192.168.50.100 - 150

SAVE

FIREWALL -> RULES

Added a PASS ANY ANY rule for GuestNET

Plug patch cable between SG100 and Ubiquiti AC Lite flying saucer.

–-------

Opened up the Unifi controller.

SETTINGS -> WIRELESS NETWORKS

Create New Wireless Network
Name/SSID - guest-net
Enable - yes
WPA security stuff set...

Expand ADVANCED OPTIONS
VLAN - Use VLAN - check.
(2-4009) - space -  50

SAVE

Check the individual AP, go to CONFIG -> WLANS

I see my GUEST-NET
Enabled on this AP - yes
Use VLAN with VLAN ID 50 - yes

On the laptop, I can connect to the untagged STAFF SSID, have full internet access.  GUEST-NET however has no internet connection.

I tried to manually assign 192.168.50.11 to my laptop and couldn't ping 192.168.50.1 nor do anything.

technopop

I added a Cisco SLM2008 between pfsense and the ubiquiti.

On all ports, Acceptable Frame type set to all.

I guess I messed up somewhere.

I'll drag the laptop down to the network closet and see if i can wire in to VLAN 50.

johnpoz

"I guess I messed up somewhere."

Which is why when asked to show - you should actually show via screenshot.. Not some text.. Which ends up in couple of different ways

Either they try and copy paste the info from the gui which ends up very difficult to read. Or they type out stuff like what you did - which just means that is the the OP thinks they did, not what they actually might of done, etc..

Pfsense doesn't give 2 shits if you connect the AP or a switch or A PC or whatever - all it cares about is the packet tagged or untagged.  If its untagged the lan interface will see it, if tagged and the ID matches one of its vlan interfaces connected to the that physical interface then the vlan will see it.

Derelict

It looks like you have done everything you need to do to put VLAN 50 out the LAN port tagged.

In the Interfaces > Switches, VLANs tab you should see VLAN 50 listed and tagged on 0 and 2 (0t,2t).

You should get DHCP regardless of firewall rules (unless you are specifically blocking DHCP).

To ping you would need to be sure you are passing ICMP into GUESTNET (not just TCP/UDP).

You didn't already enable a captive portal or anything like that, right?

technopop

I walked away for a break and worked on other things.  I came back and set the unifi up on an existing and working setup of pfsense on an APU, cisco sg200 that has a VLAN 1003 (hard coded ID apparently in the Apple units) working with Apple Airport Express boxes using for the guest network.

However, creating an SSID on the Unifi on VLAN 1003 didn't work.  No DHCP assignment when I connect to the Unifi's SSID on VLAN 1003 while it works with the Apple airport express on guest with VLAN 1003.

I assume the problem is with the config in the Unifi device now.

Screen shots….. I'm not quite sure where to begin with that.

Derelict

Yeah it sounds like there is something not clicking with the Unifi config.

Yes, Apple airport guest networks are hard-coded (dictated) to be tagged 1003.

BBCModelB

NAT issue?

As well was firewall rule(s), you'll need NAT for your VLAN 50

Incidentally, running a DHCP server on the Unifi box for VLAN 50 doesn't work very well - make sure you're running DHCP server for the VLAN on the pfSense box