Reply
New Member
Posts: 3
Registered: ‎03-02-2018

Manage multiple APs in different subets in different vlans with one cloud key

I have a network with multiple vlans and subnets.  Is there a way to manage all the APs in different vlans on different subnets with a single cloud key?  None of the switches, routers, firewall are from Ubiquiti.

 

Member
Posts: 211
Registered: ‎07-03-2015
Kudos: 22
Solutions: 4

Re: Manage multiple APs in different subets in different vlans with one cloud key

Certainly you can define this per SSiD - so whether you had different sites or one site with different SSiDs you can specify the VLAN they are on.

 

We have only done this once but it works just fine - in our case we have a single AP in a building that is part of a volunteer organisation - their SSiD is set on vlan 4, and as long as you tag the ports on the switches okay for the traffic (we use HPE switches so no issues with the UBNT APs and other switches) you should be fine.

Highlighted
Established Member
Posts: 1,616
Registered: ‎03-31-2017
Kudos: 541
Solutions: 179

Re: Manage multiple APs in different subets in different vlans with one cloud key

[ Edited ]

@aau wrote:

I have a network with multiple vlans and subnets.  Is there a way to manage all the APs in different vlans on different subnets with a single cloud key?  None of the switches, routers, firewall are from Ubiquiti.

 


If you are wanting to dedicate APs to service specific VLANs only then you will need to use Layer3 adoption if you are not using a managment VLAN.

 

 

https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Device-Adoption-Methods-for-Remote-UniFi-Con...

New Member
Posts: 3
Registered: ‎03-02-2018

Re: Manage multiple APs in different subets in different vlans with one cloud key

I should have been more specific.  I have different routed subnets in different physical switchs and vlan subnets in same switches.  Below is the example.

 

Firewall ports:

Port 1, 2, 3 - WAN connection from different ISPs for load balance and fail over.

Port 4 - subnet 1, connecting to a switch stack

Port 5 - subnet 2, connecting to another switch stack

Port 6 - subent 3 in vlan 1 + subnet 4 in vlan 2, connecting to another switch stack

Port 7 - subnet 5 in vlan 3 + subnet 6 in vlan 4, connecting to another switch stack

 

So if I have an AP in each one of the subnets, I want to have a single cloud key to manage all the APs across all the subnets.

 

Or, can I save myself a couple APs and have like a UAP-AC-Pro to service both vlan1 and vlan 2 in Port 6 and vlan3 and vlan4 in Port 7?

 

 

 

Established Member
Posts: 830
Registered: ‎07-25-2015
Kudos: 123
Solutions: 38

Re: Manage multiple APs in different subets in different vlans with one cloud key

Just as @TCOA said,  f you use an "Management vlan = Untagged network", you can connect the AP's in this VLAN.. You can send the other Tagged VLAN's as seperate SSID's to the users.

 

Cheers,

 

Mike

If the feedback solved your problem or question. Please mark it as solved. If it is worth some Kudo’s don’t forget to give some :-)
New Member
Posts: 3
Registered: ‎03-02-2018

Re: Manage multiple APs in different subets in different vlans with one cloud key

Since all the subnets are firewall'd from each other in one form or another, that means I will have to setup L3 routing between the APs and controller and/or create firewall rules to allow the APs to see/connect to the CK ip address?
Established Member
Posts: 830
Registered: ‎07-25-2015
Kudos: 123
Solutions: 38

Re: Manage multiple APs in different subets in different vlans with one cloud key

Yess, you have.

 

Why not settng-up an " hosted controller" in stead of the CK?

 

Cheers,

 

Mike

If the feedback solved your problem or question. Please mark it as solved. If it is worth some Kudo’s don’t forget to give some :-)
Member
Posts: 275
Registered: ‎08-07-2016
Kudos: 133
Solutions: 21

Re: Manage multiple APs in different subets in different vlans with one cloud key

If you put subnet 1 & 2 into VLANs, you could plug all firewall ports into the same managed switch and then re-mix the VLANs via tagged / untagged ports to send to various APs.

The only reason you might require each firewall port go into an isolated switch is if you are afraid of traffic "mingling" inside a switch. But if you were that paranoid, you would have a separate management VLAN instead of exposing management interfaces to your end users.
Reply