Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

FWG and Unifi Setup Wireless VLAN issues (What am I doing wrong)?

Follow
Avatar
Macgyver

Hi. I have a Firewall Gold, some Ubiquiti Switches (all the same poe model) and 4 Unifi wireless APs. Due to the geography of my site, I am forced to do network segmentation by VLan rather than different physical ports on the FWG: I have ONT > FWG > Unifi switch 8, which is then linked to another Unifi switch 8 in the roof space, which powers two WAPs, and is also linked to another Unifi switch 8 in another building which has two WAPs connected to it.

I am attempting to set up 4 wireless VLans; private, guest, family and work. The setup is exactly the same for all VLans in Unifi, except naturally for the VLan ID. Two of the wireless VLans work without issue, two do not.

I have set the port profiles on my Ubiquiti switches to "All" to pass through the vlan ids, and the networks are all setup as VLans in Firewalla. With the plan then to use Rules to block things as appropriate. Eg I want my printer on the private network to be accessible from all vlans, but isolate guest and iot networks, that sort of thing.

The setup of all the VLans in Firewalla is exactly the same, save for the VLan ID. When I connect to guest and private, they work without issue. When I connect to either work or family they do not. They have no internet access and do not get a valid IP address from the dhcp pool.

I'm sure I'm missing something obvious but as above, all four VLans are configured the same in Unifi and Firewalla but I can't get two of them to work.

Any help is much appreciated.

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Radagast82

    my two cents, as long as I made a similar configuration at home, using ONT-->FWG+-->ubiquiti swith enterprise POE 8-->Zyxel AP.

    I got 3 VLANs on top of the primary network. What I did is:

    1) FWG: setting VLANs on FWG, taking care of selecting the right eth port (in my case, they are all in the same eth port)

    2) Switch: setting VLAN (one of the three) for cable devices in ubiquiti switch. In my case, VLAN ID is 103 setted for one of the 8 available port of the switch (every device is connected via another unmanaged switch), AND setted the port I choose to connect the switch to FWG as trunk (meaning, everthing passes by). The same (trunk) is setted also for the port on which the AP is connected

    3) AP: created 3 SSID, two of them with VLAN IDs (101 and 102 in my case), last one is the wireless "version" of my primary lan, so no VLAN ID is setted up.

    every device is getting the expected IP from the class setted in FWG for each vlan (and primary lan), plus rules work perfectly (i.e. guest network is not able to ping any of the primary lan device).

    Note: switch and access point are on the primary LAN.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post