08-16-2015 07:24 AM
I am new to unifi and the whole vlan-party and am struggeling with some problems:
I have an USG, a 24, and 48 port unifi-switch and some UAP's
I tried to configure a server to get an ip-adres form one specific Vlan by setting two adjacent ports in aggregation and set the network/vlan to the right vlan, but when the server went online an untagged ip-adres was given. Did I miss some configuration somewhere?
We have two divisions, one needs access to the servers and the other doesn't but they both need to access the same printers. Is there a way to inhibit the second division accessing the first's subnet and vice versa but both still be able to access the printers?
Is there also a possibility to isolate wired users on a vlan without having them tagged as guest and going through the guest-portal?
Also I am still a little worried I made the wrong choice not going for the edge-series, are there reasons I might want to switch?
Many thanks in advance, all input is appreciated!
08-18-2015 05:54 AM
Check your VLAN config for the Native VLAN. The native VLAN is the VLAN on each port that is untagged. The other VLANs are allowed but include an 802.1q tag so the device on the other side knows which VLAN they go in. I'm guessing you didn't set the right VLAN as native on your port channel.
As for seperating your traffic, normally you do this with Access Control Lists (ACLs), but I'm not aware of a way to do this on the Unifi Switch. If you can on the EdgeSwitch, that may be a reason to switch. You would want to put the printers in their own VLAN and each companies users in their own VLAN. Then use ACLs to block the packets if the destination IP is in the other companies subnet.