4. SG1000 direct to Ubiquiti Unifi VLAN guest network

SG1000 direct to Ubiquiti Unifi VLAN guest network

  • T

    Hello,

    I'm setting up an SG1000 and connecting directly (no switch) to a Unifi AC lite.

    The main LAN is untagged and I've setup a guest network on the unifi on a VLAN.  VLAN ID is 50 on both the SG1000's LAN port and the Unifi's guest SSID.

    However, i can't get a DHCP assignment on a lapotp nor can I ping the SG1000 if I manually assign an address to my laptop.

    What am I missing?

    0
  • LAYER 8 Netgate

    Show us what you have actually done. The switch config both VLANs and Ports, the assigned VLAN pfSense interface, the DHCP server. Everything.

    0
  • T

    @Derelict:

    Show us what you have actually done. The switch config both VLANs and Ports, the assigned VLAN pfSense interface, the DHCP server. Everything.

    Right.

    In the SG1000

    INTERFACES -> ASSIGNMENTS -> VLANs tab

    Add
    Parent interface cpsw1 - LAN
    VLAN Tag - 50
    Priority - 0
    Description - GuestNET

    SAVE

    INTERFACES -> INTERFACE ASSIGNMENTS tab

    Add VLAN 50 on CPSW1 - LAN (GuestNET)
    Renamed OPT1 interface to GUESTNETWORK

    SAVE

    INTERFACES - GUESTNETWORK

    Enable Interface - yes
    IP4 config - static IPv4
    IP4 address assigned - 192.168.50.1/24

    SAVE

    SERVICES -> DHCP SERVER -> GUESTNETWORK tab

    Enable DHCP server for GUESTNETWORK - check
    Assigned range: 192.168.50.100 - 150

    SAVE

    FIREWALL -> RULES

    Added a PASS ANY ANY rule for GuestNET

    Plug patch cable between SG100 and Ubiquiti AC Lite flying saucer.

    –-------

    Opened up the Unifi controller.

    SETTINGS -> WIRELESS NETWORKS

    Create New Wireless Network
    Name/SSID - guest-net
    Enable - yes
    WPA security stuff set...

    Expand ADVANCED OPTIONS
    VLAN - Use VLAN - check.
    (2-4009) - space -  50

    SAVE

    Check the individual AP, go to CONFIG -> WLANS

    I see my GUEST-NET
    Enabled on this AP - yes
    Use VLAN with VLAN ID 50 - yes

    On the laptop, I can connect to the untagged STAFF SSID, have full internet access.  GUEST-NET however has no internet connection.

    I tried to manually assign 192.168.50.11 to my laptop and couldn't ping 192.168.50.1 nor do anything.

    0
  • T

    I added a Cisco SLM2008 between pfsense and the ubiquiti.

    On all ports, Acceptable Frame type set to all.

    I guess I messed up somewhere.

    I'll drag the laptop down to the network closet and see if i can wire in to VLAN 50.

    0
  • LAYER 8 Global Moderator

    "I guess I messed up somewhere."

    Which is why when asked to show - you should actually show via screenshot.. Not some text.. Which ends up in couple of different ways

    Either they try and copy paste the info from the gui which ends up very difficult to read. Or they type out stuff like what you did - which just means that is the the OP thinks they did, not what they actually might of done, etc..

    Pfsense doesn't give 2 shits if you connect the AP or a switch or A PC or whatever - all it cares about is the packet tagged or untagged.  If its untagged the lan interface will see it, if tagged and the ID matches one of its vlan interfaces connected to the that physical interface then the vlan will see it.

    0
  • LAYER 8 Netgate

    It looks like you have done everything you need to do to put VLAN 50 out the LAN port tagged.

    In the Interfaces > Switches, VLANs tab you should see VLAN 50 listed and tagged on 0 and 2 (0t,2t).

    You should get DHCP regardless of firewall rules (unless you are specifically blocking DHCP).

    To ping you would need to be sure you are passing ICMP into GUESTNET (not just TCP/UDP).

    You didn't already enable a captive portal or anything like that, right?

    0
  • T

    I walked away for a break and worked on other things.  I came back and set the unifi up on an existing and working setup of pfsense on an APU, cisco sg200 that has a VLAN 1003 (hard coded ID apparently in the Apple units) working with Apple Airport Express boxes using for the guest network.

    However, creating an SSID on the Unifi on VLAN 1003 didn't work.  No DHCP assignment when I connect to the Unifi's SSID on VLAN 1003 while it works with the Apple airport express on guest with VLAN 1003.

    I assume the problem is with the config in the Unifi device now.

    Screen shots….. I'm not quite sure where to begin with that.

    0
  • LAYER 8 Netgate

    Yeah it sounds like there is something not clicking with the Unifi config.

    Yes, Apple airport guest networks are hard-coded (dictated) to be tagged 1003.

    0
  • B

    NAT issue?

    As well was firewall rule(s), you'll need NAT for your VLAN 50

    Incidentally, running a DHCP server on the Unifi box for VLAN 50 doesn't work very well - make sure you're running DHCP server for the VLAN on the pfSense box

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy