Re: Unifi - Cisco Integration

FrigateBird · ‎09-18-2022

Hi everyone,

So I made a post earlier about the cisco equipment I was given, which contains a 2811 with a WLC and some 1142LAPs and I got that set up pretty well (thank you marce100 for the help).

Now I wanted to see if I can integrate this with a Unifi network (I'll be switching to Peplink shortly but for now unifi).

Current equipment:

Unifi USG (Will change to Peplink balance 380, donor device as well)
Unifi USW Flex
Cisco 2811
Cisco NME-AIR-WLC6 Integrated in 2811
Cisco 3560e-24pd-s

So far I've at least gotten to test a setup with the 3560 and the USG where I was able to get a feel of merging the ecosystems. It was fairly straightforward and I was able to ping out to the internet and set up multiple VLANs with access ports that successfully got DHCP.

So onto my little project-

My parents have a business that's nearby and I wanted to upgrade the (nonexistent) infrastructure of the business. I currently set up a canopy wireless bridge, and a few security cameras that were connected with an unmanaged switch. I was thinking of upgrading it to add wifi APs, creating multiple vlans etc for better topology and well I was gifted some Cisco equipment so I said why not now?

So to keep a story short.

How can I use the USG as the main gateway and DHCP server for the SSIDs that will be broadcasted via the WLC? I was hoping to utilize more of the L3 capabilities of the switch as well as the bandwidth so I can have the camera RTSP streams be sent back and not congest the 2811.

I was wondering if this is possible and what am I missing which is why it isn't working.

Vlans- WLC (90), APS (91), Cams (92). Guest (100), Admin (101)

Connect the bridge (trunk) to the 3560 and use a trunk (prob 2 to give better BW) to connect the 2811 to the 3560. The APs and cameras will both be on access ports.

I was thinking it would be as simple as this as technically I don't need the 2811, just the WLC. However, I don't know what I am missing. Is there something that I need to implement on the 3560?

Previously I had it set up with a full cisco ecosystem and everything worked fine (offline, however). I was just assuming all I had to do was remove the DHCP pools (However, big thing I was wondering is do I keep the AP VLAN DHCP pool on the 2811 keep option 43 and 60?), add the default gateway (which for home is 192.168.2.0/24, I'm changing it, I promise!) and that would be it. But I know cisco isn't that easy and I was hoping to just be pointed (or even guided) in the right direction as I learn this ecosystem.

Any help is appreciated, thanks!

Georg Pauwen · ‎09-19-2022

Hello,

post a schematic drawing of the desired topology, showing how the devices are supposed to be connected.

FrigateBird · ‎09-19-2022

Hi,

Please let me know if this is suitable. I used a WLC-44K9 because I didn't find a stencil for what I have just to show what interface IP I currently use.

I see I forgot to add it but the WLC management IP is 10.10.90.100, WLC AP Mgr is 10.10.90.101

Thanks!

SB Network Drawing.png

FrigateBird · ‎09-20-2022

Update:

So I've gotten to the point where the only issue I have is the WLC communicating with the Unifi USG. I can't seem to get around assigning an ip address to the interface in order to access the WLC and therefore create the logical connection (I don't know if I explained that correctly). I've gotten mostly everything else working but that is where I'm currently stuck at. I'll keep chipping away until someone replies or until I figure something out, whichever may come first.

Hopefully this helps someone in the future!

FrigateBird · ‎09-24-2022

Anyone with any helpful insight?

I'm attempting interface bridging but I haven't had any luck as yet unfortunately.

Georg Pauwen · ‎09-24-2022

Hello,

looks like you are making good progress ! What is the IP address of the Unify with which the WLC needs tocommunicate ? What is the default gateway of the WLC ? And when you do a 'traceroute' from the WLC to the Unify, where does the traceroute stop ?

FrigateBird · ‎09-24-2022

Hello, thanks for the reply!

The id address of Unifi USG is 192.168.2.1. I currently have the default gateway of the WLC as 10.10.90.1, which is what I wanted the subnet of the separate network equipment to be on.

I wasn't able to do a traceroute on the WLC, not an available command (from where I read because it's a L2 device it doesn't have tracert).

However, I tried something a bit different. When I assigned the Integrated service module interface an ip address 10.10.90.3 255.255.255.0. I'm no longer able to ping 10.10.90.1 from the 2811 and tracert just does this:

#traceroute 10.10.90.1
Type escape sequence to abort.
Tracing the route to 10.10.90.1
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

If it helps, my FE ports on the 2811 are connected to trunk ports so they have an address on the default Unifi VLAN. Should I alter this to make vlan 90 the default?

FrigateBird · ‎09-24-2022

TINY update.

I've realized that I'm able to ping any ip address on the 2811 no matter the subnet (duh! it's a logical connection)

BUT I can't ping anything past it, not the 3560 or any of the gateways of the default or other vlans. I know I'm close but I just don't know what it is yet ahhh!

Right now, my ip int br on the 2811 shows:

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.10.90.23 YES DHCP up up
FastEthernet0/1 192.168.2.137 YES DHCP up up
FastEthernet0/1.90 unassigned YES unset up up
FastEthernet0/1.91 unassigned YES unset up up
FastEthernet0/1.100 unassigned YES unset up up
In1/0 10.10.90.3 YES manual up up
In1/0.90 unassigned YES unset up up
In1/0.91 unassigned YES unset up up
In1/0.100 unassigned YES unset up up
In1/0.101 unassigned YES unset up up

I assigned f0/0 to an access port just to see if that would help but I'm pretty sure it's not going to make a difference.

Okay! Back to it I guess

Georg Pauwen · ‎09-25-2022

Hello,

which device/interface has IP address 10.10.90.1 (the default gateway) ? I guess it would help if you add the IP addresses you have assigned to the connections in your drawing...

FrigateBird · ‎09-25-2022

Hi, my apologies it was my first attempt at making a diagram. Is this better? SB Network Drawing2.png

FrigateBird · ‎09-28-2022

Update: I think I'm giving up, unfortunately. I've tried so many different things but I have not been able to achieve this goal.

Closest I've gotten is that I can ping to the WLC and the Unifi gateway on the RTR interface but I cannot ping the unifi gateway (but I can ping the assigned DHCP addresses of the RTR) on the WLC interface and I cannot ping the WLC from any device on the LAN (but I can ping the RTR). This seems like the 3 feet from gold story but I just can't seem to get a breakthrough

I will probably give this another 24 hours but I don't see this changing much unless someone has figured out what I did wrong. I may just purchase a non-embedded WLC instead. Who knows? Not sure at the moment but I'm rethinking my setup. Sigh, I was being hopeful too but gotta know when to quit I guess!

Unifi - Cisco Integration

Secure Firewall – Tips – SecureX integration with Secure Firewall

Cisco Secure Firewall (FTD) - How To

Intégration de Cisco Unified CM avec Imagicle UC Suite

Cisco UC Integration™ for Microsoft Lync 8.5

Doc - Amenazas con Cisco XDR: Estrategias Avanzadas de Threat Hunting