Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 26 replies
  • Answers 2 answers
  • Subscribers 35 subscribers
  • Views 125100 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Create VLAN for WiFi Access Points

ChristopherButler

Hi everyone, 

I'm trying to create a VLAN for some Ubiquiti UniFi access points and I just can't seem to get it working correctly. 

In my interface for the access points I assigned them a VLAN ID of 2, as shown here: http://screencast.com/t/s8VuPEud7

In my Cisco SG-500 switch I created a VLAN as shown here: http://screencast.com/t/wcAMNUwJ 

I set all the ports to Trunk and accept all frames as shown here: http://screencast.com/t/TO0EcTH6iY 

Since the AP that is plugged into the port of the switch will be passing frames with the default VLAN of 1, and also a VLAN of 2. I left the port untagged for the VLAN 1 as shown here http://screencast.com/t/fjVBw9gcal and then the VLAN ID 2 is tagged on the port the AP is connected to as well as the port to the machine running Sophos XG is connected to, as shown here: http://screencast.com/t/MdJhozsoI 

Here you can see those ports and the VLAN memberships: http://screencast.com/t/b9P8sWJ1m 

In Sophos I then created a new Zone for the guests as shown here: http://screencast.com/t/IRTPRWYrsG 

I then created a new VLAN interface and assigned it an ID of 2, then assigned it to the zone I created in the previous step, as shown here: http://screencast.com/t/tA77JnCRdFDt

Finally, I created a DHCP service and selected the VLAN interface that I created from the previous step, as shown here: http://screencast.com/t/IA5yZnYtwP 

I thought that's all I needed, but it doesn't appear to be working. My devices are unable to obtain an IP address when the connect to the AP. I'm sure I've missed a step or did something incorrectly. Any assistance would be greatly appreciated. 

Thanks,
Christopher



This thread was automatically locked due to age.
  • 0
    Christopher,

    you only need tagged/trunk on port connectig to AP and to XG firewall. Also try to configure static ip on your laptop and connect to Guest SSID and see if you can ping the XG interface.
    Also make sure ping is allowed on XG under System > Administration > Device access.

    Let us know.

    Luk
  • 0 in reply to lferrara
    Hi Luk,

    I tried configuring a static IP on my laptop and connected to the guest network. I couldn't ping the XG interface. I made sure ping is allowed and it is. Any other ideas? I'm sure there is a step I must have missed...
  • 0 in reply to ChristopherButler

    I am using a different series of switches and APs (I use TP-Link) but I am having the exact same issue. Did you ever figure out the solution?

  • 0 in reply to MarkJede

    I have not. Another member offered assistance but I have not had the time available right now to invest in figuring this out. 

  • 0 in reply to ChristopherButler

    I have the exact setup with the same switch and WiFi AP and have the exact same problem. I recently moved from pfSense, where this was working. When I moved to Sophos XG, I didn't change any of the switch or AP configurations, so I suspect Sophos does not like how our switch tags traffic, however odd that is.  If I go back to pfSense or Untangle, it works fine. If you made any further progress, I'd appreciate any freedback.

  • 0

    Hi guys

    I'm interested in hearing if any of you got this working, as i have planned to do exactly the same thing at work.
    Ubiquiti AP, with SSIDs on different VLANS for corporate/guest access seperation. (Going through HP Procurve switches though).

    Anything to look out for?

    I am hoping to be able to tag frames with VLAN ID from the UBT AP's, and be able to identify them and apply proper rules on the XG firewall based on VLAN ID.

    Hope you have some good advice...


    - Martin

  • 0 in reply to MartinDamgaard

    I haven't had time in the last while to play with it after the latest firmware update, but earlier when did play around with it, this is my experience:

    Port DHCP = 10.100.x.x

    XG Gateway = 10.100.0.1

    VLAN10 = 10.10.x.x (XG DHCP)

    VLAN20 = 10.20.x.x (XG DHCP)

    Issue encountered was when I checked my switches they all registered the VLAN tags being properly applied, but the XG would not assign an IP in the proper range (or at all).

    I tried a simple setup of AP-->Unmanaged Switch --> XG
    No Luck, still no IP assigned.

    I changed my AP to not assign a VLAN tag then everything flowed through fine with a 10.100.x.x ip assigned. As soon as I add a VLAN tag, then no ip gets assigned and therefore no connection to internet or other network resources.

    Somehow the XG was just not playing nice with VLAN tagging. I tried Sophos Tech support but as I am not using Sophos APs they kept saying it must be the switch (unmanaged) or my APs.

    I am hoping to give it another go when I have some time again.

  • 0 in reply to JeffreyArsenault

    Similar boat here. I'm a pfSense convert (or attempting to at least until I hit this) having issue with the VLAN setup functioning properly. Difference here is using Tomato Shibby firmware on an Asus RT-N66u in AP only mode.

    Currently I have my Asus connected between the rest of the network and the XG, and it is also handling WiFi with 2 different split networks for LAN/Guest access. My XG/pfSense are both running virtualized. Yes, Trunk passthrough is enabled and configured properly on ESXi. Currently this is configured and working perfectly fine with pfSense, but when I switch the connections over to the XG VM, connectivity suddenly fails miserably. Nothing is working once switched, DHCP, DNS, Internet, ICMP. I can't ping the XG interface, only other devices on my current LAN network (behind XG) if I set my IP manually. 

    Setup DHCP

    Setup DNS

    Configured VLAN 10/12 on Port 2 (LAN)

    Setup Static IPs, enabled Interface IP as Gateway

  • 0 in reply to ShawnMix

    I have the exact same problem and behavior using Sophos XG, a Unifi AP and a Netgear managed switch.

    Has anyone been able to get this configuration to work?

  • 0 in reply to Alex Poklewski

    I still haven't solved this, though I have changed hardware slightly from a TP-Link switch to a Netgear switch. I'm also going to be removing the Asus completely from the equation as I've picked up 2 Unifi UAP-AC's. I'm planning to setup and prepare this for my new house which we're moving to in the next month. Hopefully I'll get to actually start playing around and testing this out. I was out at BlackHat this year and met some of the senior guys who told me there were some issues they've seen/experienced with the VLAN functionalities in XG. Supposedly a new beta was going to solve some of those issues. So maybe look for the current beta to test out instead?