Emerging Member
Posts: 44
Registered: ‎08-31-2015
Kudos: 3
Solutions: 1
Accepted Solution

EdgeSwitch 24 Port / VLAN / WLAN Problem

Hello everybody,

 

I need help with my configuration because its the first time I have to do this. I am using:

 

1x ZyWALL USG 110

1x Ubiquiti EdeSwitch 24 Port

5x UniFI AP

Controller Software 4.6.6

 

I have created 2 VLANS at the switch. VLAN1 = Office 1-22 and VLAN2 = WLAN DMZ.

If I connect some pc at port 2 till 22 I got an IP adress from my 192.168.7.0/24 range. If I connect it to port 24 I got an IP from 10.1.1.0/24 range. After this I connected to the wifi controller and changed the public wlan to vlan id 2.

But if I connect to this Wlan I don`t get any IP. So there must be something wrong but I don`t know what. Could someone help me?

 

Sorry about this stupid questions Man Happy

Bildschirmfoto 2015-08-31 um 09.12.42.png
Bildschirmfoto 2015-08-31 um 09.12.54.png
Bildschirmfoto 2015-08-31 um 09.13.10.png
Bildschirmfoto 2015-08-31 um 09.14.55.png

Accepted Solutions
Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Ok, the first thing to do/check is whether the ZyWALL can tag packets on the WLAN uplink, if it can this will be a lot easier. 

 

If it can, configure port 23 to only allow VLAN2, tag everything, and only admit tagged packets.

Port 24 is set to allow only VLAN2 but UNTAGGED.

Ports 13-17 set so VLAN1 (native VLAN, PVID) is untagged and VLAN2 is tagged.

 

If the ZyWALL can't tag packets, set port 23 as VLAN2 only, UNTAGGED same as port 24.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!

View solution in original post

Emerging Member
Posts: 44
Registered: ‎08-31-2015
Kudos: 3
Solutions: 1

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

[ Edited ]

Hope I did it right. I am so sorry about my questions. At the momentan I can`t tag from the zywall

Bildschirmfoto 2015-08-31 um 10.12.08.png

Bildschirmfoto 2015-08-31 um 10.12.15.png

Bildschirmfoto 2015-08-31 um 10.12.42.png

View solution in original post


All Replies
Ubiquiti Employee
Posts: 434
Registered: ‎12-14-2010
Kudos: 398
Solutions: 82

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Can you show the VLAN configuration of port 13-17 where UAPs are connected?

They should have VLAN1 included, untagged, PVID and VLAN2 included tagged.

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

You need to tag VLAN2 packets, that is how the UAPs use VLANs when you assign a VLAN to a specific SSID. Management is untagged, but if a VLAN is specified it has to be tagged.

 

So the port to each UAP has to have the native (management) VLAN untagged as well as any other required VLANs tagged.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 44
Registered: ‎08-31-2015
Kudos: 3
Solutions: 1

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Thanks for your quick reply. So I changed port 23 (uplink from dmz) to:

 

Bildschirmfoto 2015-08-31 um 09.30.37.png

and here are the configuration from port 13 till 17

 

Bildschirmfoto 2015-08-31 um 09.32.07.png

Bildschirmfoto 2015-08-31 um 09.32.32.png

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Ok, It's a little confusing how you have this laid out.

 

Can you please just detail what is connected to which port? Especially the UAPs, which switch ports they use.

 

Also, when you say WLAN DMZ, what exactly do you mean? Is the WLAN getting it's Internet from a different WAN connection through this DMZ?

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 44
Registered: ‎08-31-2015
Kudos: 3
Solutions: 1

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Port 1 uplink from Zywall 192.168.7.0/24

Port 2 - 12 connected pcs/printer from the office

Port 13 - 17 unifi ap

Port 23 uplink from Zywall 10.1.1.0/24

Port 24 configured to check if I will get an ip from the 10.1.1.0/24 network.

 

Every AP and my Unifi controller is connected to the 192.168.7.0/24 network. They need the office wlan but they need a public wlan. Thats the reasen why I have created a dmz at my zywall to use the 10.1.1.0 network for all the people. My problem is I don`t know how to configure the switch to say public wlan is using vlan 2 and every client will get an IP from the dhcp range 10.1.1.0/24

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Ok, the first thing to do/check is whether the ZyWALL can tag packets on the WLAN uplink, if it can this will be a lot easier. 

 

If it can, configure port 23 to only allow VLAN2, tag everything, and only admit tagged packets.

Port 24 is set to allow only VLAN2 but UNTAGGED.

Ports 13-17 set so VLAN1 (native VLAN, PVID) is untagged and VLAN2 is tagged.

 

If the ZyWALL can't tag packets, set port 23 as VLAN2 only, UNTAGGED same as port 24.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 44
Registered: ‎08-31-2015
Kudos: 3
Solutions: 1

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

[ Edited ]

Hope I did it right. I am so sorry about my questions. At the momentan I can`t tag from the zywall

Bildschirmfoto 2015-08-31 um 10.12.08.png

Bildschirmfoto 2015-08-31 um 10.12.15.png

Bildschirmfoto 2015-08-31 um 10.12.42.png

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Looks ok, does it work?

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 44
Registered: ‎08-31-2015
Kudos: 3
Solutions: 1

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Yes it works Man Happy I got an IP from the 10.1.1.0 network Man Very Happy but I can`t connect to the wlan login oage because the wlan manager pc has an 192.168.7.x ip adress..

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Ok, so what you need to do is add a firewall rule on the ZyWALL to allow hosts from the 10.x.x.x subnet to access only the Unifi Controller's IP address in the 192.168.7.0/24 subnet.

 

I'm afraid that this is outside my scope, as I've never used the ZyWALL device before, but I think your VLAN issue is sorted. Thumbsup

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Alternatively, you can disable the having to log in to a web page for the guest WLAN if that is not required, you can still set up a password for authentication to connect. Of course, if you need the additional login, then the firewall rule is what you'll have to do.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 44
Registered: ‎08-31-2015
Kudos: 3
Solutions: 1

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

You are my HERO OF THE YEAR. Thank you soooooo much. It works after I have created the policy.

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: EdgeSwitch 24 Port / VLAN / WLAN Problem

Awesome!

 

Feel free to mark helpful posts with kudos and to Accept an answer as a solution to help others find useful posts on the forums.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!