This is exactly what I needed! I have been in a "nearly there" state for awhile now, but never managed to figure out why my VLAN1 set up was so broken. Now I know, thanks!
Thank you very much for this! I had gotten stuck on this for a long time and was getting frustrated. For me, everything was set up except for the trusted LAN as a VLAN (switch0.x) and specific VLAN tags for each port of the VLAN-aware switch. I had assumed that switch0 would just be aware of and open to VLANs, but apparently that's only the case when VLAN-aware is NOT enabled... or something. It was a hassle, but once I got that trusted VLAN created, and the IP range assigned to it, and then set switch0.x as a LAN interface in the Firewall menu, and switch0.x added to DNS forwarding, it all clicked. Thank you!
Hi Ben, Thank for this video! It helped me a lot. But why did you choose for "Accept" in the default action in the "Guest to LAN" ruleset? Doesn't this need to be "drop"? And than make the acceptations for allowing things within the ruleset?
Because there is no longer anything on Switch 0. Everything is now on a VLAN so the listening interfaces are now Switch 0.x where x is the VLAN number.
I like your idea of taking one interface out of the switch as a safety net. But I could not connect this way until adding it as a listen address with `set service gui listen-address 10.0.0.1`
Hi Ben, Great video ! I have set up VLANs via Cisco Switch with Edge router and all works fine when connecting via an ASUS router which acts only as AP on its own VLAN. I am able to discover printers in another VLAN. However... when I connect a UNIFI AP and connect via its SSID on whichever VLAN is associated with its SSID, I no longer am able to print or find a printer. ... Any suggestions or tips ?
under the LAN SSID on the Unifi controller I would have expected you to set that Wireless network to VLAN 1, no? So the only thing that will be on VLAN 1 is physical interfaces hardwired in eth1-3?
Hey! fantastic video! after following this however Im running into the problem where the devices are not getting ip addresses on the guest network... any ideas! Im using a newer version of unify version 8.xx if that helps
Interesting enough me edgemax doesn't work as per your vids .. As soon as I shuffle the switch0 interface as per your description and I create he .01 vlan my inbound doesn't work no more ... I can ping from edgemax outbound and it works fine (after adding .01 to DNS) however everything behind the ping is bad .. 2 out of 2 ... Any advice would be appreciated .. It's either a NAT problem or a firewall .. however I don't understand why ...
@@The87por924 hi , that's not what I said in my previous comments . I'm connected to edge through a 172. Static and phisical Eth2 port and exclude that from switch0 ... However as soon as I create a vif on any Eth (3 or 4 ) and make the switch0 vlan aware everything goes bonkers ... I'm able to ping 8.8.8.8 twice and then I getno reply ... Some packets lost and then again a couple of replies and then again no reply ... Exactly following the video ! Even if I don't create the vlan1 as he does as soon as I enable vlan aware switch 0 there is a confusion starting ... No.matter on which port I'm connected to the switch 0 .. What is interesting is that if I log into edge and start pinging from local interface out on wan everything works normally however everything behind switch0 is lagged and not responding acocrondlgy .
Great Video! If I run the DHCP server from Windows Server 2016 the setup from the sub-interfaces would still be the same correct and I would have to configure a trunk port on the switch?
Hi Ben, I have a situation and need your help. I have a USG, 5 UAP-AC-PRO, and a EdgeSwitchS-16 (150W) the plan is to deploy them with two SSIDs or HOME_NET and GUEST_NET. I have up the HOME_NET SSID up and running but don't know hot configure a second VLAN on the EdgeSwitch to get the GUEST_NET up, can you help?
I already have my controller and AP set up, I tried following the video but every time I set the Pvid and vid I lose connection to internet no matter if I set up the the eth3 172.16.0.1. Does anyone know what is going wrong?
Ben, first of all I love your videos, but I still have some questions, I added a EdgeRouter to my network and created two VLan networks, one for my OnHub wireless router and other for my VoIP phone, before I added the EdgeRouter I was able to see my security cameras, but now I can't and they are on the OnHub router, How do I manage to be able to see them on my mobile app?
I know this is not apart of this video. But do you happen to know if you can use the Edgerouter as your main DHCP server in your small business? If so how do you configure it to register client dns?
Hi, I don't see a problem with using the EdgeRouter as the main DHCP server, as opposed to lets say a Windows server. If you want the ER to also provide DNS services, you'll need to configure DNSMASQ. I also have a video about this, th-cam.com/video/f_jG6_G4dXM/w-d-xo.html here. Hope that helps :)
Always Great Help... i follow always your expert info about networking. you always have a great ilustration witth your diagrams... can you tell me which program or icons you use for these excelent presentation??
THANKS This worked well once I figured out why I kept losing connection to the Web Interface. I forgot that I had forced WebGUI to only listen on one IP address.
I spent my entire day trying to make this work, same setup.. I need the web portal for guests working, is there a workaround to allow the 10.x to connect to the controller on 193.x?
can someone help with this...i would like to have the same topology accept that instead of using the Unifi AP, i would like to use a Ubiquity LiteAP ac www.ubnt.com/airmax/liteap-ac/ where CPE (like a Nanostation ac loco) will connect to it. i would like to keep the CPE on the admin (192.168.0.#) so i can manage it but when the client connects to the CPE via his PC or his own Router/AP etc, where he will get the GUEST (10.0.0.#) address on his unit. basically i want to manage also the CPE(Station) on (192.168.0.#). i am sure it has something to do with the vlan settings on the AP and/or on the CPE side. Later i wish to add the unms and radius and billing system to the network, maybe remove eth1 from the vlan and give it its own native IP... anyones assistance with this deviation from the vid will be greatly appreciated noormuhammed(at)gmail(dt)com
Update. I have resolved the above by creating a WLAN0.10 and also by creating a 2nd bridge on the CPE unit where the GUEST IP is bridge0 to the LAN0 (WLAN0.10LAN0) ... and ... ADMIN IP is bridge2 to WLAN0 alone set as the MANAGEMENT IP. I now get a GUEST IP for the CLIENT PC connecting via lan cable to the CPE(Nanostation ac loco) (10.0.0.#) from the VLAN0.10 on the Router. I have set the CPE IP to be Static 192.168.0.# and this all worked out brilliantly until i did the ping test. at this stage i had NOT CONFIGURED THE FIREWALL YET(before firewall) when i did the PING test to the other IP Ranges and it does not want to ping past the Router ....i can ping within the clients 10.0.0.# to see each other but i cannot ping the management from the client. this is before the firewall. .....also vice versa/opposite.....I can ping within the admins 192.168.0.# to see each other but i cannot ping the CPE from the admin. 10.0.0.# cant ping past router to see admin 192.168.0.# and 192.168.0.# cant ping past router to see 10.0.0.# This behavior is exactly the same after i setup the firewall settings. no change. i followed the video like 5 times and setup and reset 5 times but still nothing. btw i didnot setup the unifi cotroller but instead i skiped from 11:00 - 19:20 . I just setup the edgerouter firewall straight after the GUEST DHCP Plz help with this. why cant i see across ranges even after firewall settings completed 100% 5 times and same result. what am i doing wrong or what did i miss????
Hi Ben, Thanks for this tutorial. However, can you explain what is the different from this link "th-cam.com/video/TWAM9aZBtN8/w-d-xo.html"? Both make VIF but on different interfaces. I tried to create 2 VLANs, one for house network (172.16.x.x), other for lab testing (10.30.x.x). I also have a switch that can configure with VLANs
thank you!!! i had bounce around for a long time trying to get this 'just right'...6 years on and your vid is still relevant
This is exactly what I needed! I have been in a "nearly there" state for awhile now, but never managed to figure out why my VLAN1 set up was so broken. Now I know, thanks!
Thank you very much for this! I had gotten stuck on this for a long time and was getting frustrated. For me, everything was set up except for the trusted LAN as a VLAN (switch0.x) and specific VLAN tags for each port of the VLAN-aware switch. I had assumed that switch0 would just be aware of and open to VLANs, but apparently that's only the case when VLAN-aware is NOT enabled... or something. It was a hassle, but once I got that trusted VLAN created, and the IP range assigned to it, and then set switch0.x as a LAN interface in the Firewall menu, and switch0.x added to DNS forwarding, it all clicked. Thank you!
Excellent tutorial. Used it to set up an Edge Router with TP-LINK AP Guest and LAN networks.
Thank you so much you help me so much when other videos didn't help me and got me lock out all the time thanks for putting the time in to make this
Great video! Although I had figured out most of this through other tutorials, this video made me actually understand why it works.
Hi Ben, Thank for this video! It helped me a lot. But why did you choose for "Accept" in the default action in the "Guest to LAN" ruleset? Doesn't this need to be "drop"? And than make the acceptations for allowing things within the ruleset?
Wow! That's brilliant, thanks. What you demonstarted will probably take me a day to implement. This Ubiquity stuff is new to me.
great video. a next video may be, edgerouter (router on a stick (trunk, vlan, etc)+ A separate server with the ntopng installed, monitoring the vlan
Well done, Ben Pin. Can I have two or more VLan TAGs on the same Switch? In your example, it's an UNTAG and another TAG.
Oh my god. Thanks you for work that you have done. Great explonation. I'm 3d artist but after your videos I will become network architector :D
Not sure why you had to remove the 'Switch 0' as listening interface in the DNS tab in Services (9:56). Can you explain?
Because there is no longer anything on Switch 0. Everything is now on a VLAN so the listening interfaces are now Switch 0.x where x is the VLAN number.
I like your idea of taking one interface out of the switch as a safety net. But I could not connect this way until adding it as a listen address with `set service gui listen-address 10.0.0.1`
thanks. just starting with an EDGEROUTER POE, your video is a great help
Very good! Thank you very much!! I've also added ICMP to the GUEST_TO_LOCAL rule.
A big thank you, this video really helped me to setup the network I wanted to have at home.
Great video, thanks for the help.
I’ve done the same config until connect via vlan1 to ERX, but I don’t get in address from dhcp. Any idea?
Hi Ben,
Great video ! I have set up VLANs via Cisco Switch with Edge router and all works fine when connecting via an ASUS router which acts only as AP on its own VLAN. I am able to discover printers in another VLAN. However... when I connect a UNIFI AP and connect via its SSID on whichever VLAN is associated with its SSID, I no longer am able to print or find a printer. ...
Any suggestions or tips ?
under the LAN SSID on the Unifi controller I would have expected you to set that Wireless network to VLAN 1, no? So the only thing that will be on VLAN 1 is physical interfaces hardwired in eth1-3?
Hey! fantastic video! after following this however Im running into the problem where the devices are not getting ip addresses on the guest network... any ideas! Im using a newer version of unify version 8.xx if that helps
Interesting enough me edgemax doesn't work as per your vids ..
As soon as I shuffle the switch0 interface as per your description and I create he .01 vlan my inbound doesn't work no more ...
I can ping from edgemax outbound and it works fine (after adding .01 to DNS) however everything behind the ping is bad .. 2 out of 2 ...
Any advice would be appreciated ..
It's either a NAT problem or a firewall .. however I don't understand why ...
@@The87por924 hi , that's not what I said in my previous comments . I'm connected to edge through a 172. Static and phisical Eth2 port and exclude that from switch0 ... However as soon as I create a vif on any Eth (3 or 4 ) and make the switch0 vlan aware everything goes bonkers ... I'm able to ping 8.8.8.8 twice and then I getno reply ... Some packets lost and then again a couple of replies and then again no reply ...
Exactly following the video !
Even if I don't create the vlan1 as he does as soon as I enable vlan aware switch 0 there is a confusion starting ...
No.matter on which port I'm connected to the switch 0 ..
What is interesting is that if I log into edge and start pinging from local interface out on wan everything works normally however everything behind switch0 is lagged and not responding acocrondlgy .
Did you figure it out?
Moved to USG pro since .. and other unifi gear ...
Great Video! If I run the DHCP server from Windows Server 2016 the setup from the sub-interfaces would still be the same correct and I would have to configure a trunk port on the switch?
Is there a way to archive this with the Edgerouter POE 5?
Hi Ben, I have a situation and need your help. I have a USG, 5 UAP-AC-PRO, and a EdgeSwitchS-16 (150W) the plan is to deploy them with two SSIDs or HOME_NET and GUEST_NET.
I have up the HOME_NET SSID up and running but don't know hot configure a second VLAN on the EdgeSwitch to get the GUEST_NET up, can you help?
I already have my controller and AP set up, I tried following the video but every time I set the Pvid and vid I lose connection to internet no matter if I set up the the eth3 172.16.0.1. Does anyone know what is going wrong?
Ben, first of all I love your videos, but I still have some questions, I added a EdgeRouter to my network and created two VLan networks, one for my OnHub wireless router and other for my VoIP phone, before I added the EdgeRouter I was able to see my security cameras, but now I can't and they are on the OnHub router, How do I manage to be able to see them on my mobile app?
Hi. Very nice video. Is it possible to manage also edgerouterX with unifi controller?
nope. The Edge line (router, switches) have their on management web interface. USG, unify switches, unifi AC all use the unifi controller
I know this is not apart of this video. But do you happen to know if you can use the Edgerouter as your main DHCP server in your small business? If so how do you configure it to register client dns?
Hi, I don't see a problem with using the EdgeRouter as the main DHCP server, as opposed to lets say a Windows server. If you want the ER to also provide DNS services, you'll need to configure DNSMASQ. I also have a video about this, th-cam.com/video/f_jG6_G4dXM/w-d-xo.html here. Hope that helps :)
Hoi Ben hoe krijg jij die netwerkinfo op je buroblad?
Always Great Help... i follow always your expert info about networking.
you always have a great ilustration witth your diagrams... can you tell me which program or icons you use for these excelent presentation??
THANKS This worked well once I figured out why I kept losing connection to the Web Interface. I forgot that I had forced WebGUI to only listen on one IP address.
Could you explain a little more. Every time I set up the vlan pvid and vid and save I lose connection. Is that the same problem?
Even when I set up the 172 IP address
I spent my entire day trying to make this work, same setup.. I need the web portal for guests working, is there a workaround to allow the 10.x to connect to the controller on 193.x?
I have the same. 192 works and 10.0 not
Thank you for advice to create a backup port removing it from switch before create vlans... I locked out myself and saved by that port
I got locked out when I switched to vlan aware mode and changed pvid and vid on eth ports, how do you connect back onto the back up port?
Awesome video. You explained the process perfectly. Thanks, man!
great detail, very useful content
Can you update this video with recent firmware? (Router and Switch) Ty
thanks for the help, setting up iot network on edgerouter x and ac pro
very helpful, thanks!
can someone help with this...i would like to have the same topology accept that instead of using the Unifi AP, i would like to use a Ubiquity LiteAP ac www.ubnt.com/airmax/liteap-ac/ where CPE (like a Nanostation ac loco) will connect to it.
i would like to keep the CPE on the admin (192.168.0.#) so i can manage it but when the client connects to the CPE via his PC or his own Router/AP etc, where he will get the GUEST (10.0.0.#) address on his unit. basically i want to manage also the CPE(Station) on (192.168.0.#). i am sure it has something to do with the vlan settings on the AP and/or on the CPE side.
Later i wish to add the unms and radius and billing system to the network, maybe remove eth1 from the vlan and give it its own native IP...
anyones assistance with this deviation from the vid will be greatly appreciated
noormuhammed(at)gmail(dt)com
Update. I have resolved the above by creating a WLAN0.10 and also by creating a 2nd bridge on the CPE unit where the GUEST IP is bridge0 to the LAN0 (WLAN0.10LAN0) ... and ... ADMIN IP is bridge2 to WLAN0 alone set as the MANAGEMENT IP.
I now get a GUEST IP for the CLIENT PC connecting via lan cable to the CPE(Nanostation ac loco) (10.0.0.#) from the VLAN0.10 on the Router.
I have set the CPE IP to be Static 192.168.0.# and this all worked out brilliantly until i did the ping test.
at this stage i had NOT CONFIGURED THE FIREWALL YET(before firewall) when i did the PING test to the other IP Ranges and it does not want to ping past the Router ....i can ping within the clients 10.0.0.# to see each other but i cannot ping the management from the client. this is before the firewall. .....also vice versa/opposite.....I can ping within the admins 192.168.0.# to see each other but i cannot ping the CPE from the admin.
10.0.0.# cant ping past router to see admin 192.168.0.#
and
192.168.0.# cant ping past router to see 10.0.0.#
This behavior is exactly the same after i setup the firewall settings. no change. i followed the video like 5 times and setup and reset 5 times but still nothing.
btw i didnot setup the unifi cotroller but instead i skiped from 11:00 - 19:20 . I just setup the edgerouter firewall straight after the GUEST DHCP
Plz help with this. why cant i see across ranges even after firewall settings completed 100% 5 times and same result. what am i doing wrong or what did i miss????
Ben you have excellent videos i have learned a lot from them, do plan on making some new content?
awsum man
Hi Ben, Thanks for this tutorial. However, can you explain what is the different from this link "th-cam.com/video/TWAM9aZBtN8/w-d-xo.html"? Both make VIF but on different interfaces. I tried to create 2 VLANs, one for house network (172.16.x.x), other for lab testing (10.30.x.x). I also have a switch that can configure with VLANs