VLAN's for Wifi AP's

[dawks]

I am configuring some Cisco switches with VLAN's. One of the ports is going to be used to connect a Wifi Access point. I am using Ubiquities Unifi AP's. The AP's let me specify which VLAN to use for which SSID. Right now I have successfully configured the switch to carry the proper VLAN for our WIFI network, and I have also successfully configured the AP and its SSID to connect to the proper VLAN. Technically its all working, except, my Wifi controller server is on a separate VLAN from the wifi VLAN, and as its currently configured, I cant monitor or modify the AP's config.

How would I configure the port so that the AP will connect to the standard corp network (VLAN 30), and just pass wifi traffic to the wireless VLAN (VLAN 35)?

I tried configuring the port with both VLAN 30 and 35, but again, the AP doesnt communicate with the management server, but wifi is working properly on the Wifi VLAN (35).
The AP will actually work fine without talking to its controller, but I'd like to be able to monitor it.

Thanks!

 

[kevnich2]

Configure the port interface the AP connects to so that VLAN 30 is your default vlan for all untagged traffic and VLAN 35 is a tagged vlan.

The AP communicates with the controller over layer 3 via whatever IP/DNS name you configured it to connect to.

 

[dawks]

Sounds about right, just need to figure out how to do that now

Thanks

 

[Zargon]

make it a trunk port

set the native vlan to 30

unless it also wants management tagged?

its been like....4 years since I set up UniFi's

 

[Mushkins]

I've got a similar setup and ran into the same problem when our switches dropped their config during a power outage, took me all afternoon to work it out.

Not sure what kind of cisco switches you're working with, but here's how mine is set up.

For the APs:
Use the smartports wizard to set each port a Unifi AP is plugged into to the "Access Point" profile. Make sure the Default VLAN is set to your data VLAN, not the wireless VLAN.

For the Controller:
Make sure the port your controller is connected to is tagged for *both* VLANs. This is the part I forgot and spent hours pulling my hair out over.

Once that's done, you should be good to go. Setting the VLAN settings for the APs manually gave me a bunch of trouble where only one device could be connected to each AP at a time and anything else would have DHCP trouble, whatever the Access Point smartports setting changed cleared that right up.

 

[kevnich2]

For the Controller:
Make sure the port your controller is connected to is tagged for *both* VLANs. This is the part I forgot and spent hours pulling my hair out over.

Once that's done, you should be good to go. Setting the VLAN settings for the APs manually gave me a bunch of trouble where only one device could be connected to each AP at a time and anything else would have DHCP trouble, whatever the Access Point smartports setting changed cleared that right up.

The controller does NOT need to communicate with all the different VLAN's. The Unifi's communicate with the controller over layer 3, not layer 2. The controller IP address simply needs to be reachable but from whatever native vlan the unifi's are set to (in your case, vlan 30). Set your native vlan on the unifi port's to your management vlan of 30. Then set wireless vlan to be tagged, that's it. This really isn't as complicated as your making it out to be. To test this, put a computer on your vlan 30 and make sure you can access your unifi controller.

 

[Mushkins]

The controller does NOT need to communicate with all the different VLAN's. The Unifi's communicate with the controller over layer 3, not layer 2. The controller IP address simply needs to be reachable but from whatever native vlan the unifi's are set to (in your case, vlan 30). Set your native vlan on the unifi port's to your management vlan of 30. Then set wireless vlan to be tagged, that's it. This really isn't as complicated as your making it out to be. To test this, put a computer on your vlan 30 and make sure you can access your unifi controller.

That's all well and good on paper, but my controller software flat out could not communicate with or provision the APs until I allowed both my internal data and my guest wireless VLANs on the switch port my server is on. Literally the only thing I changed, toggle that VLAN on and it all works, toggle it off and none of my APs phone home. DHCP is also a consideration, whatever is handling DHCP for your guest network also needs to be able to communicate on the proper VLANs.

Regardless, i'm not sure why you're being so hostile about a switch config, we're only trying to help the guy.

 

[kevnich2]

That's all well and good on paper, but my controller software flat out could not communicate with or provision the APs until I allowed both my internal data and my guest wireless VLANs on the switch port my server is on. Literally the only thing I changed, toggle that VLAN on and it all works, toggle it off and none of my APs phone home. DHCP is also a consideration, whatever is handling DHCP for your guest network also needs to be able to communicate on the proper VLANs.

Regardless, i'm not sure why you're being so hostile about a switch config, we're only trying to help the guy.

Well seeing as how I have about 30 unifi AP's spread out over 40 locations and all using about 3 SSID's across 3 vlan's, this isn't on my paper my friend. But you go ahead and think whatever you want.

I'm not being hostile but I don't think the correct info was being relayed. I've done about 10 unifi installations for different clients and they all work the same way for me. The guest vlan is on it's own private subnet and only has access to internet. There's no communication between guest vlan and controller on any of them. The controller is actually cloud based in a separate data center for half of these as well.

This is all assuming we're talking about Ubiquiti unifi AP's as well.

 

[Zargon]

kevnich is correct.



and I didn't think he was being hostile

 

[Mushkins]

this isn't on my paper my friend. But you go ahead and think whatever you want.

Sounds pretty confrontational to me, but whatever, I'm not going to sit here and argue. If I untag that port on my switches for the guest VLAN, my Unifi APs stop phoning home. It's a provable, tangible scenario. Maybe me and kevnich2 are using different switches in a different configuration, all I was doing was providing the OP as much information about my configuration and the troubles we had addressing the very issues he posted about in order to help. Ultimately the OP, if he even still cares, is going to have to work out his own config for his own network depending on the architecture anyway.

Sorry for trying to help.