Tag: Unifi

Feb 06

Add a New SSID on a Separate VLAN to Your Unifi Network and Cisco Switch

Overview

My home lab network is of the mix and match variety. It’s whatever I can acquire free or cheap. Sometimes…not so cheap… Recently I purchased a Unifi Dream Machine Pro just to see what all the hype was about. I also couldn’t stand the noise that emanated from my Cisco ASA 5515-X. I had intentions of purchasing a Unifi switch to go along with it, but didn’t want to spend the money at this point in time. I can tell you that the UDM-P is significantly quieter and was worth the cost in that respect. With that being said, I needed to come up with a way to broadcast my SSIDs on different VLANs. I have several VLANs and SSIDS that I use for various different things. This tutorial will cover how to add an SSID on a different VLAN to your Unifi/Cisco setup. If I had gone full Ubiquiti, this would have been significantly easier than the below tutorial you’re about to read through. 

Below is what the topology of my lab network looks like. My cable modem feeds my Unifi Dream Machine Pro, which then connects to the Cisco Catalyst 2960s. My Unifi UAP-AC-Pros connect to my Cisco Catalyst 2960s.

Ubiquiti Unifi Dream Machine Pro – (Paid Link)https://amzn.to/36OIYhA

Ubiquiti Uniti AP-AC Pro – (Paid Link)https://amzn.to/3q05hbQ

Let’s take a look at how to add an SSID to your Ubiquiti Access Points utilizing a Cisco Switch and a Unifi Dream Machine Pro.  

Cisco Side

SSH into your switch with PuTTY.  

Download PuTTY Here:

https://www.putty.org/ 

Open PuTTY, type in the IP of your switch. Leave the port as the default of 22. Click Open 

Putty Open

Enter your credentials: Putty Credentials

Type “Enable” or “En” and hit enter, type in your password and hit enter again

Now that we’re in, we’ll want to enter config mode to create the actual VLAN. Remember when working with most CLIs, the tab key is your friend. 

Type Conf t and hit enter, this will put you into config mode.

Type vlan and then a number. Let’s use vlan 99. Hit enter. This creates the VLAN on the switch. 

Type exit and hit enter. Now we need to enter the interface configuration.

Type interface vlan 99, this is where we’ll give the VLAN an IP address, set it’s description and ip helper address. I always try to put a description on whatever I am working on, this will make it easier for you or the next technician who works on the system. 

Let’s add the description. Type Description and give the VLAN a description 

We need to give the VLAN an IP Address. I will typically give the VLAN a lower number IP (.1) and my Firewall a higher number IP (.254). Really, it doesn’t much matter but I like to keep some consistency on the systems I work on. In my lab, the VLAN number is the 3rd octet. Obviously you can only go so high with this IP scheme, but it works in this case.  

Type the command: ip address 192.168.99.1 255.255.255.0 and hit enter

We need to tell the VLAN where to send client to get an IP Address. I am using my Ubiquiti Unifi Dream Machine Pro to handle DHCP. So, still in VLAN99’s interface config mode, type: 

Ip helper-address 192.168.25.254 (You can use the IP of your DHCP server) 

Then type exit to go back to config mode. Make sure you save your config by typing: do wr 

This will save the config. 

While we’re here, lets configure one of the switch ports on our Cisco switch for a Ubiquiti AP. Pick a switch port that you’ll use for your Ubiquiti Access Point.  For this tutorial, I’ve selected switch port 16.

Type interface gigabitEthernet 1/0/16 and hit enter. This will put you into the interface config mode for port 16 on your Cisco switch.

Again, let’s give the port a description.  

Type Description and then whatever you want to label the port as. For this, I’ll label it as Test WAP Port

Description Test WAP Port

This port will need to be configured as a trunk port as it will support multiple VLANs and SSIDs that are tied to those VLANs. 

Switchport mode trunk 

We will then set the native VLAN for the trunk. In this case, VLAN 25 is my management VLAN. If you are using VLAN 1 or the default VLAN, you do not need to set this. 

Switchport trunk native vlan 25

We’re going to set the allowed VLANs on this trunk. 

Switchport trunk allowed vlan 25,27,45,55,99  (the vlans that you’ll allow access to this port)

This will set a description for your Ubiquiti Access Point, it will set the native or management VLAN for this port to 25 or whatever your management VLAN is. It’ll set the port to trunk mode and select what VLANs are allowed to pass.  

You will also need to add your new VLAN to the trunk port from your UDMP to your Cisco Switch. So find the interface you are using as the uplink and add the VLAN. In this case our uplink port is 1/0/10 

From config mode, enter Interface gigabitEthernet 1/0/10 

Type switchport trunk allowed vlan and then enter your allowed VLANs. Hit enter.

Your uplink interface should look like this when you are done: 

This is pretty much it on the Cisco side, let’s jump over to our UniFi Controller. At the time of this writing, I am using a Unifi Dream Machine running the 6.0.43 controller. 

Ubiquiti Side 

Log in to your controller (or dream machine) and go to settings

Then go to networks and click “Add a New Network” 

This is where you will add the subnet of the VLAN you just created on your Cisco Switch. 

Give your network a name, I like to put the VLAN# and it’s purpose. 

Click “Advanced” and enter the VLAN ID.  

If you want to configure the DHCP pool, you’ll need to turn off the option: Auto Scale Network 

Enter your DHCP Pool settings and DNS server settings – Make sure you point the Gateway IP to your UDMP. 

Leave the rest as default 

Click “Apply Changes” at the bottom

Jump up one to “WiFi”  

Click “Add New WiFi Network”

Give the WiFi Network an SSID/Name, I will typically call out what it is. This is a test network, so I called it Test_VLAN99_SSID.

Set a secure password and select the network/VLAN you just created from the drop down menu.  

Click “Apply Changes”  

Find a wireless device and see if you can now connect to the network you just created.  

You can verify you are getting the correct IP for your new VLAN by opening a command prompt and typing: ipconfig /all 

You can see we are getting the IP address 192.168.99.102.  

This is how you add an SSID on a separate VLAN utilizing Ubiquiti Access Points with a Cisco Switch and a Unifi Dream Machine Pro.

 

Affiliated Links:

I participate in the Amazon Affiliate program, affiliate links let me earn fees by linking to Amazon.com and other affiliate links. Links will be marked as (Paid Link)

Permanent link to this article: https://achubbard.com/2021/02/06/add-a-new-ssid-on-a-separate-vlan-to-your-unifi-network-and-cisco-switch/

Feb 03

Ubiquiti Unifi Dream Machine Pro | Unboxing and Configuration

 

Unboxing my new Ubiquiti Unifi Dream Machine Pro and running through basic configurations for my home lab network.

Video Equipment:

Logitech Brio – https://amzn.to/32JN0Dx

Lavalier Mic – https://amzn.to/31vPgOi

Video Capture Software – https://amzn.to/31yq0qQ

Permanent link to this article: https://achubbard.com/2021/02/03/ubiquiti-unifi-dream-machine-pro-unboxing-and-configuration/

Jun 03

Installing Ubiquiti UniFi Controller on Ubuntu 18.04 Virtual Machine

In this video we learn how to install the Ubiquiti UniFi controller on to an Ubuntu 18.04 VMWare Virtual Machine and run through the base configuration.

Check Out My Other Videos:
Networking Playlist – https://www.youtube.com/playlist?list=PL2lsgXYaK5wEn5zEGxOFHAcF1irL4UZYS

Windows Server Playlist – https://www.youtube.com/playlist?list=PL2lsgXYaK5wGbpyq25G9LIjjIH-rXwa5M

Check Out My Personal Blog Site:
https://achubbard.com

Video Equipment:
Logitech Brio – https://amzn.to/32JN0Dx
Lavalier Mic – https://amzn.to/31vPgOi
Video Capture Software – https://amzn.to/31yq0qQ

Permanent link to this article: https://achubbard.com/2020/06/03/installing-ubiquiti-unifi-controller-on-ubuntu-18-04-virtual-machine/

Jan 30

Unifi and NanoStation VLAN Configuration

Unifi and NanoStation VLAN Configuration

Background

This is a tutorial on how to configure a VLAN on a Ubiquiti Unifi Controller and switch. We will also go over how to use the second ethernet port on a Ubiquti NanoStation on a different VLAN for use with a Ubiquiti Security Camera.

I have a rather long driveway, our upper half of the driveway is where my office and house are located. The lower half houses an area for our growing animal population and parking. I have multiple VLANs, 1 of which is for my security cameras. I wanted the 2nd port on the Ubiquiti NanoStation placed on the lower portion of the driveway to be able to utilize my camera VLAN.

This tutorial will assume that all of the hardware is in place and you are ready to make the secondary ethernet port on the NanoStation work on another VLAN.

In my case, I have a Unifi Controller that will need to be configured with my security VLAN, VLAN35, prior to configuring my NanoStations.

Unfi Configuration

Enter the Unifi controller and navigate to Settings >Networks. 

Click on the “Create New Network” button. Select “VLAN Only” from the “Purpose” section. Give your VLAN a name and a number. I chose 35.

You can then configure any other settings for your new VLAN that you may need. In my case, I only needed the basics. No DHCP on my security VLAN. You can then click on the “Save” button.

Once saved, in the Unifi controller, navigate to “Devices”

Select your switch and it will open the device’s configurations on the right hand side of the page. Select your port from the list and click “Edit”

On my “Core” (I use quotations because it is not really a core switch, but it is my main switch) I picked port 2 to use for my NanoStation uplink.

You want to make sure the “Switch Port Profile” is set to “All” – The reason is that this port is going to act as a trunk port and provide all of the VLANs to your first NanoStation. You want this if you wish to pass all of your VLANs over the bridge. Click “Apply”

NanoStation Station 1 Configuration

Next, login to the web interface of your NanoStation that will be acting as the “Station” – Navigate to the “Wireless” tab. Here you want to configure your wireless bridge settings (IE: your SSID, WPA2 Key, Channel Width etc) – I will leave that up to you to determine what works for your application. Since this NanoStation is acting as the “Station” you want to make sure the “Wireless Mode” is set to “Station”

Below is what I chose for my settings:

Once the wireless portion of your first station is configured, go to the “Network” tab. Here you can configure your station with a static IP etc. For the purposes of this tutorial, we will assume you have already given your station a static IP address, gateway, mask, DNS and so forth. You will want to make sure that the “Network Mode” is set to “Bridge” and that the “Configuration Mode” is set to “Simple”

NanoStation Station 2 Configuration

After completing the setup of your first NanoStation, login to the web interface of the second NanoStation. First go to the “Wireless” tab on your second NanoStation. This time you will want “Wireless Mode” to be set as “Access Point” – You will then match the rest of the settings to the settings you configured on the “Wireless” tab on your first NanoStation.

Once you have selected your settings, navigate to the “Network” tab on your second NanoStation. This is where things get to be a little be more complex. Since the wireless bridge itself is passing all of the VLANs across it, we need to tell the NanoStation what VLAN to use for the 2nd onboard ethernet port. This is the port we will be daisy chaining our camera off of.

VLAN and Bridge Configuration

On station number 2, your “Network Mode” will also be set to “Bridge”, you will have the option to set a static IP, mask, gateway and so forth. The real difference here is that the “Configuration Mode” MUST be set to “Advanced” this will open up a slew of different options for you.

When “Advanced” is selected, you will now see a bunch of options at the bottom of the page. For this example, the LAN0 port is feeding a switch, the LAN1 port is what the camera will be daisy chained off of and WLAN0 is the wireless bridge between the two NanoStations.

Under the VLAN Network section, we first must add VLAN35 to each interface. This will allow the NanoStation to pass VLAN 35 over the wireless bridge and the 2 ethernet ports.

After adding the VLAN to the interfaces, come on down to the “Bridge Network” section. If memory serves me correctly, you must break the existing bridge to configure a new bridge.

BRIDGE0 is allowing LAN0 and WLAN0 to communicate thus passing management traffic to the switch connected to that ethernet port.

BRIDGE1 is allowing LAN1 and WLAN0.35 to communicate thus allowing camera traffic to pass from LAN1 to the wireless bridge, and back to the NVR.

After configuring the bridges, you must go up to the “Management Network Settings” section. Select “Management Interface”, in my case, it is “BRIDGE0” or my “management” VLAN.

The final step before you can plug the camera in, is to enable POE Passthrough. This allows the NanoStation to power the camera via POE on the secondary LAN port. On your second NanoStation, navigate to the “Advanced” tab. Scroll down until you find “Advanced Ethernet Settings”. Check the checkbox labeled “POE Passthrough enabled”. Click the change button and you should now be able to power up your camera on a separate VLAN.

 

Hope this helps someone, I spent a lot of time trying to get this to work on my property.

Permanent link to this article: https://achubbard.com/2018/01/30/ubiquiti-unifi-vlan-configuration-and-nanostation-ethernet-port-vlan-configuration/