Category: Cisco

Add a New SSID on a Separate VLAN to Your Unifi Network and Cisco Switch

Overview

My home lab network is of the mix and match variety. It’s whatever I can acquire free or cheap. Sometimes…not so cheap… Recently I purchased a Unifi Dream Machine Pro just to see what all the hype was about. I also couldn’t stand the noise that emanated from my Cisco ASA 5515-X. I had intentions of purchasing a Unifi switch to go along with it, but didn’t want to spend the money at this point in time. I can tell you that the UDM-P is significantly quieter and was worth the cost in that respect. With that being said, I needed to come up with a way to broadcast my SSIDs on different VLANs. I have several VLANs and SSIDS that I use for various different things. This tutorial will cover how to add an SSID on a different VLAN to your Unifi/Cisco setup. If I had gone full Ubiquiti, this would have been significantly easier than the below tutorial you’re about to read through. 

Below is what the topology of my lab network looks like. My cable modem feeds my Unifi Dream Machine Pro, which then connects to the Cisco Catalyst 2960s. My Unifi UAP-AC-Pros connect to my Cisco Catalyst 2960s.

Ubiquiti Unifi Dream Machine Pro – (Paid Link)https://amzn.to/36OIYhA

Ubiquiti Uniti AP-AC Pro – (Paid Link)https://amzn.to/3q05hbQ

Let’s take a look at how to add an SSID to your Ubiquiti Access Points utilizing a Cisco Switch and a Unifi Dream Machine Pro.  

Cisco Side

SSH into your switch with PuTTY.  

Download PuTTY Here:

https://www.putty.org/ 

Open PuTTY, type in the IP of your switch. Leave the port as the default of 22. Click Open 

Putty Open

Enter your credentials: Putty Credentials

Type “Enable” or “En” and hit enter, type in your password and hit enter again

Now that we’re in, we’ll want to enter config mode to create the actual VLAN. Remember when working with most CLIs, the tab key is your friend. 

Type Conf t and hit enter, this will put you into config mode.

Type vlan and then a number. Let’s use vlan 99. Hit enter. This creates the VLAN on the switch. 

Type exit and hit enter. Now we need to enter the interface configuration.

Type interface vlan 99, this is where we’ll give the VLAN an IP address, set it’s description and ip helper address. I always try to put a description on whatever I am working on, this will make it easier for you or the next technician who works on the system. 

Let’s add the description. Type Description and give the VLAN a description 

We need to give the VLAN an IP Address. I will typically give the VLAN a lower number IP (.1) and my Firewall a higher number IP (.254). Really, it doesn’t much matter but I like to keep some consistency on the systems I work on. In my lab, the VLAN number is the 3rd octet. Obviously you can only go so high with this IP scheme, but it works in this case.  

Type the command: ip address 192.168.99.1 255.255.255.0 and hit enter

We need to tell the VLAN where to send client to get an IP Address. I am using my Ubiquiti Unifi Dream Machine Pro to handle DHCP. So, still in VLAN99’s interface config mode, type: 

Ip helper-address 192.168.25.254 (You can use the IP of your DHCP server) 

Then type exit to go back to config mode. Make sure you save your config by typing: do wr 

This will save the config. 

While we’re here, lets configure one of the switch ports on our Cisco switch for a Ubiquiti AP. Pick a switch port that you’ll use for your Ubiquiti Access Point.  For this tutorial, I’ve selected switch port 16.

Type interface gigabitEthernet 1/0/16 and hit enter. This will put you into the interface config mode for port 16 on your Cisco switch.

Again, let’s give the port a description.  

Type Description and then whatever you want to label the port as. For this, I’ll label it as Test WAP Port

Description Test WAP Port

This port will need to be configured as a trunk port as it will support multiple VLANs and SSIDs that are tied to those VLANs. 

Switchport mode trunk 

We will then set the native VLAN for the trunk. In this case, VLAN 25 is my management VLAN. If you are using VLAN 1 or the default VLAN, you do not need to set this. 

Switchport trunk native vlan 25

We’re going to set the allowed VLANs on this trunk. 

Switchport trunk allowed vlan 25,27,45,55,99  (the vlans that you’ll allow access to this port)

This will set a description for your Ubiquiti Access Point, it will set the native or management VLAN for this port to 25 or whatever your management VLAN is. It’ll set the port to trunk mode and select what VLANs are allowed to pass.  

You will also need to add your new VLAN to the trunk port from your UDMP to your Cisco Switch. So find the interface you are using as the uplink and add the VLAN. In this case our uplink port is 1/0/10 

From config mode, enter Interface gigabitEthernet 1/0/10 

Type switchport trunk allowed vlan and then enter your allowed VLANs. Hit enter.

Your uplink interface should look like this when you are done: 

This is pretty much it on the Cisco side, let’s jump over to our UniFi Controller. At the time of this writing, I am using a Unifi Dream Machine running the 6.0.43 controller. 

Ubiquiti Side 

Log in to your controller (or dream machine) and go to settings

Then go to networks and click “Add a New Network” 

This is where you will add the subnet of the VLAN you just created on your Cisco Switch. 

Give your network a name, I like to put the VLAN# and it’s purpose. 

Click “Advanced” and enter the VLAN ID.  

If you want to configure the DHCP pool, you’ll need to turn off the option: Auto Scale Network 

Enter your DHCP Pool settings and DNS server settings – Make sure you point the Gateway IP to your UDMP. 

Leave the rest as default 

Click “Apply Changes” at the bottom

Jump up one to “WiFi”  

Click “Add New WiFi Network”

Give the WiFi Network an SSID/Name, I will typically call out what it is. This is a test network, so I called it Test_VLAN99_SSID.

Set a secure password and select the network/VLAN you just created from the drop down menu.  

Click “Apply Changes”  

Find a wireless device and see if you can now connect to the network you just created.  

You can verify you are getting the correct IP for your new VLAN by opening a command prompt and typing: ipconfig /all 

You can see we are getting the IP address 192.168.99.102.  

This is how you add an SSID on a separate VLAN utilizing Ubiquiti Access Points with a Cisco Switch and a Unifi Dream Machine Pro.

 

Affiliated Links:

I participate in the Amazon Affiliate program, affiliate links let me earn fees by linking to Amazon.com and other affiliate links. Links will be marked as (Paid Link)

Permanent link to this article: https://achubbard.com/2021/02/06/add-a-new-ssid-on-a-separate-vlan-to-your-unifi-network-and-cisco-switch/

How To Enable IP Routing On a Cisco Catalyst 2960s | SDM Template

Learn how to change the SDM Template to lanbase-routing and enable ip routing on a Cisco Catalyst 2960s switch.

Check Out My Other Videos:
Networking Playlist – https://www.youtube.com/playlist?list=PL2lsgXYaK5wEn5zEGxOFHAcF1irL4UZYS

Windows Server Playlist – https://www.youtube.com/playlist?list=PL2lsgXYaK5wGbpyq25G9LIjjIH-rXwa5M

Check Out My Personal Blog Site:
https://achubbard.com

Video Equipment:
Logitech Brio – https://amzn.to/32JN0Dx
Lavalier Mic – https://amzn.to/31vPgOi
Video Capture Software – https://amzn.to/31yq0qQ

Permanent link to this article: https://achubbard.com/2020/06/03/how-to-enable-ip-routing-on-a-cisco-catalyst-2960s-sdm-template/

Learn How To Upgrade Firmware (IOS) on a Cisco 2960s Switch

Learn how to upgrade the firmware (ios) on Cisco 2960s Switch using PuTTY, TFTPd and a console cable.

Console Cable – StarTech ICUSB2321F

Switch – Cisco 2960s

TFTPd64 – http://tftpd32.jounin.net/tftpd32_download.html

PuTTY – https://www.chiark.greenend.org.uk/~sgtatham/putty/

Permanent link to this article: https://achubbard.com/2020/03/25/learn-how-to-upgrade-firmware-ios-on-a-cisco-2960s-switch/

Create VLANs on a Cisco 2960G

Add VLANs and Assign Ports on Cisco 2960G Switch

This post will be focusing on the Cisco 2960G Switch I acquired in my post titled “Homelab Rebuild – Part 1 – Intro“.  Here I will be working on configuring the switch. This includes adding a VLAN for my WAN connection, adding ports to the VLANs and setting up a management interface.

Creating VLANs on a Cisco 2960G switch is a pretty straight forward task. You will need a Cisco WS-C2960G-8TC-L Switch and a USB to Serial ConverterPutty, or your favorite serial/SSH client, will also be needed. This tutorial assumes you already know how to connect to your switch using Putty.

Looking to configure similar settings on a Dell switch? Take a look at my blog post titled, Add a VLAN on a Dell PowerConnect 5524p Switch for help.

 

Follow along with the video tutorial!

Create the VLANs

First off, we need to enter configuration mode on the Cisco 2960G Switch. To accomplish this, type: “conf t” and hit the enter key.

Cisco 2960G VLANs conf t

Create VLAN5 – this our WAN VLAN. Type the command “vlan 5” and hit enter. Give your VLAN a name. In my case, VLAN5 is used for my WAN connection, so I gave it the name of “WAN” – you do not have to type name twice. I goofed on the first attempt. I wanted WAN in all caps. Then type “exi” or “exit” and hit enter.

Cisco 2960G VLANs database config

Create VLAN25 – this is our management/production VLAN. Type “vlan 25” and hit enter. Again, give your VLAN a name. Type “name Production” and hit enter. Exit VLAN 25.

Cisco 2960G VLANs 25 Creation

 

Change the host name

Also, while we are in config mode, lets take a moment to setup the switch’s host name. You do this by entering the command “hostname SW-ACH-WAN” and hitting enter. You will now see the switch’s host name change.

Cisco 2960G VLANs - Hostname Change

 

Assigning ports

After creating our VLANs, we need to assign switch ports to them. Otherwise, they are just VLANs. You can issue the command “show vlan” and the switch will show you all of the VLANs present on the Cisco 2960G and which switch ports are assigned to which VLAN.

Cisco 2960G VLANs - assign ports

In the screenshot above, you can see all eight ports are assigned to VLAN 1. You can also see we’ve created VLAN 5 with the name of “WAN” and VLAN 25 with the name of “Production”.

To assign ports to these VLANs, you must again enter config mode by typing “conf t” and hitting the enter key. Then, you need to enter each interface. Enter an interface by typing “interface gigabitEthernet 0/#” – Where the # is, is the port number. So, “interface gigabitEthernet 0/1” and hit enter.

Next, type “switchport access vlan 5” – this allows the switch port to access vlan 5. Then add your description by typing: description “Modem Uplink” and hitting enter. Finally, exit the interface you are working on and proceed to the next.

Cisco 2960G VLANs - switch interfaces

The table below gives a good break down of each port that I am using, what VLAN it is on and the purpose.

Switch Ports

SwitchportVLANDescriptionPurpose
15Modem UplinkThis port is where I will plug my Spectrum modem into, thus being my modem uplink on VLAN 5
25Uplink to ACH-FW01I will plug the physical NIC on HOST01 that is assigned to my firewall, ACH-FW01 into this port so that it can access the WAN connection.
35Uplink to ACH-FW02I will plug the physical NIC on HOST02 that is assigned to my firewall, ACH-FW02 into this port so that it can access the WAN connection.
725Management NetworkThis will connect the switch to my Dell switch stack so that I can manage the WAN switch from my production network, VLAN25.

 

Management VLAN

Since we are using VLAN 25 to access our management network, we need to assign it an IP Address. We do this by entering the VLAN as an interface. So, enter the command “interface vlan 25” and hit enter. You will now be in the interface config mode. Next, type the command “ip address 192.168.25.4 255.255.255.0” and hit enter. Be sure to use your IP addressing scheme for your management network. The 255.255.255.0 is a /24 subnet mask.

Cisco 2960G VLANs - assign ip

 

Saving the configuration

Now that we have configured our switch, it is time to save your running config. If you do not save the running configuration, all of the changes will be lost when you reboot the switch. To save the config, type “copy run start” and hit enter.

Cisco 2960G VLANs - save running config

Summary

Some good reference reading can be found right from the manufacturer, in this case it is Cisco. You can check out this article regarding VLAN configuration on the Cisco 2960G switch.

Please feel free to check out some of my latest blog posts or my about me page to learn more!

Permanent link to this article: https://achubbard.com/2018/03/05/create-vlans-cisco-2960g/