Private V-LANs on Catalyst Switch for Ubiquiti Unifi WLAN APs?

MoPhat · ‎03-08-2019

Hi

I need a Layer 2 Isolation for the guest vlan on some catalyst ws-c2960x switches (are connencted via trunk ports) for the customers Ubiquiti unifi APs.

Here are my config for the public wlan vlan, i need that the vlan 102 can only see the Gateway (ist on vlan 102 too) but no other devices on the same subnet. Vlan 30 and 101 are normal subnets without restrictions.

vlan 102
 name WLAN Public
!

interface GigabitEthernet1/0/15
 description AP UniFi
 switchport trunk allowed vlan 30,101,102
 switchport trunk native vlan 30
 switchport mode trunk
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 auto qos trust
 spanning-tree guard root
!

Can anyone gibe me a example for my config how to do that?

Thank you in advance.

paul driver · ‎03-08-2019

Hello

Just to config you wish vlan 102 users to be isolated from 30 & 101 correct?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MoPhat · ‎03-08-2019

No, the VLANs are seperated on the Firewall , my Goal is that the user in the public wlan (vlan102) can not see the other users devices (layer 2 Isolation) he should only able to Access the Gateway/Firewall. Guest Control is on the Controller and Access Points (Ubiquiti) active, now i Need this activated on the switch too.

I Need the same like the protected port only for a vlan.