Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
961
Views
1
Helpful
3
Replies

VLAN Trunking with Ubiquiti APs?

Go to solution
robertramsey
Level 1
Level 1

‎10-09-2024 10:21 AM

Hello,

I’m having an issue where wireless clients can’t access the wireless guest VLAN (25), SSID “Olivine”.  Clients are able to connect to the wireless guest network but are unable to pull an IP from the DHCP server on that network.  I have Ubiquiti U6-LR APs connected to Cisco 2960G switches.  I'm using an ASA 5506 for interVLAN routing.  I’m using the Cisco SPAN feature to monitor VLAN 25 with Wireshark.  I’m also using Wireshark on a client, attempting to connect to the guest wireless.  On the wireless client, I can see DHCP requests but no replies.  On the SPAN, I don’t see any traffic at all on VLAN 25.

Ubiquiti equipment requires that trunks be configured with a native VLAN that has access to the Unifi controller in order to provide status and receive updates.

Note that wireless clients can connect to the inside VLAN (100/native), SSID "Ramsey", pull an IP, and utilize the network normally.

Below, I've attempted to provide all the relevant information:

Unifi Controller Version

robertramsey_0-1728493594101.png

Ubiquiti AP Firmware Status

robertramsey_1-1728493594101.png

Unifi VLAN Configuration

robertramsey_2-1728493594102.png

Unifi WiFi Configuration

robertramsey_3-1728493594102.png

Inside Cisco 2960G Switch Interface Configuration

robertramsey_4-1728493594103.png

Inside Cisco 2960G Switch Interface Status

robertramsey_5-1728493594104.png

Outside Cisco 2960G Switch Interface

robertramsey_6-1728493594104.png

Outside Cisco 2960G Switch Interface Status

robertramsey_7-1728493594105.png

Cisco ASA 5506 Interface Configuration (ASDM)

robertramsey_8-1728493594106.png

Cisco ASA 5506 Interface Configuration (CLI)

robertramsey_9-1728493594106.png

Cisco ASA 5506 DHCP Server Configuration

robertramsey_10-1728493594107.png

Network Diagram

robertramsey_13-1728494092722.png

Unifi Hyper-V VM Configuration

robertramsey_11-1728493594109.png

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
robertramsey
Level 1
Level 1

‎10-09-2024 11:18 AM

After a lot of trouble-shooting, I found my issue.  I recently replaced the 2960G and copied in the old config.  Copying in the config doesn't create the VLANs in the vlan.dat though.  I had to manually create the vlan.dat entries

conf t
vlan 25
name Guest
vlan 50
name DMZ
vlan 100
name Inside
end

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
elom.kutsienyo
Level 1
Level 1

‎10-09-2024 11:05 AM

Hello Robert,

I suggest you add VLAN 999 to the allowed VLAN list on the two switches. 

The second thing is that because the unifi software is running as a VM and yet is suppose to do VLAN tagging, there are a few things you need to do at the hypervisor level. The first step is to Enable Virtual LAN Identification (the VLAN you input will be tagged on the physical cable).

 

Kindly check this article and ensure your hypervisor is properly configured to allow the nested VM to tag.

 

https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/configure-virtual-local-area-networks-for-hyper-v

 

 

0 Helpful

Go to solution
robertramsey
Level 1
Level 1

‎10-09-2024 11:18 AM

After a lot of trouble-shooting, I found my issue.  I recently replaced the 2960G and copied in the old config.  Copying in the config doesn't create the VLANs in the vlan.dat though.  I had to manually create the vlan.dat entries

conf t
vlan 25
name Guest
vlan 50
name DMZ
vlan 100
name Inside
end

 

0 Helpful

Go to solution
elom.kutsienyo
Level 1
Level 1
In response to robertramsey

‎10-09-2024 11:50 AM

Awesome. It is great you were able to fix it. 

Customers Also Viewed These Support Documents