Ubiquiti Unifi Wirlesss Access Point not obtaining IP Address when VLAN Tagged

Question

This question follows on from this one which I managed to resolve. Draytek 2830, Multiple VLANS on Same Port

My Ubiquiti Unifi Wirlesss Access Points are not allowing clients to obtain an IP address when VLAN Tagged. The Draytek 2830 which it is plugged directly into works and gives out addresses to my MAC when plugged in directly.

Interestingly (and maybe a clue) the Unifi Wirlesss Access Point doesn't obtain an IP Address itself, when plugged into Port Four of the Router. Which I have configured for VLAN 30 and 40.

Can anyone assist?

This is ODD... Just had the Wireless Accesss Point on line with a steady green light and giving out DHCP addresses on both VLANS. However when I went to the Unifi Controller, the access point is not seen 'Disconnected'

Then I noticed this;

So I changed the Wireless Access Point to Port 1 on the Draytek and the VLAN Setup to the following, it works!!! YEAH..

BUT it gets weird... IF I change the IP Addressing on VLAN1 (P1) FROM the default 192.168.1.0/24 to something else, anything else it stops working again.

BUT Why? I don't want 192.168.1.0 allocated to VLAN1.... I have two sites to get working both, identical setups with the exception of the IP Addressing. I have a P2P link to join these two sites, and I am guessing IF it remains like this I may have some issues.

Can anyone answer this question?

Answer 1

Management traffic in a Unifi APis always untagged according to the documentation.

How does vlan traffic get tagged?

traffic initiated from AP is untagged (sent through br0)

UniFi and switch VLAN configuration

In this example, we will trunk 4 different switches (Netgear, HP, Cisco, D-Link) and use AirRouter as the DHCP server also the gateway to internet. We choose 4 different switch brands to demonstrate UAP interoperability. We will create 4 WLANs (vlan10_mgmt, vlan20_user, vlan30_finance, vlan40_guest) in 4 different VLAN id (10, 20, 30, 40) each. To make things a little bit more complicated, we didn't use the default VLAN 1, but set VLAN 10 to be untagged to carry UniFi AP management traffic. It shall be fairly easy for readers to change management VLAN from VLAN 10 back to use default VLAN 1.

This is why it works with the second setup.

I would suggest adding untagged VLAN to Port 4 in the first example and see what happens. This is also recommended in the user manual of the router.

http://www.draytek.co.uk/download/support/userguides/Vigor2830%20User%20Guide%20V2.31.zip

Note: Leave one VLAN untagged at least to prevent from not connecting to Vigor router due to unexpected error.

Answer 2

The Unifi Wireless Supports VLANS BUT what I have found is it must also use a port on the Draytek that is UNtagged. So, UNtagged and Tagged on the Same port. The ONLY port that this seems to work for this is PORT1 on the Draytek. No idea why and frankly I have no more time left to investigate it. Hope this helps someone else.

Answer 3

To start with, I was initially a bit confused because to me the way the router presents this configuration is a bit confusing. Primarily the "VLANX" terminology used in the listing down the left side. It finally clicked to me that these labels really has nothing to do with the actual 802.1Q VLANs and could be as easily been listed as "LANX", "NetworkX" or anything else. It is only the VID column that correlates to the actual VLAN in use.

To be clear, I will italicize any name that references the routers labeling throughout the rest of the answer like so: VLANX or LAN X.

In addition, whether a VLAN is tagged or untagged is determined by the "Enable" column (this has nothing to do with whether the VLAN itself is enabled/disabled as I initially thought). So if you want to use a VLAN on two ports as both tagged and untagged, you are required to use two of the VLANX entries.

Again to be clear, in the configuration pictured you only have one line (VLAN2) that indicates it is untagged. The configured VID is actually not used, and it is only the "Subnet" field that is important (in this case LAN 3).

On P4 in your diagram, you only have two VLANs configured on the port, both of which are tagged ("Enable" box is checked). What you still need is the VLAN for the untagged traffic from the AP (i.e. management traffic). This is proven by the fact that it "works" to some degree when plugged into P1 which in the picture has an independent check box that will always allow untagged traffic to reach the router on P1.

Based on what you provided, I see two cases:

1. Your AP needs to receive 3 VLANs. This would include two tagged VLANs for the user VLANs (30 and 40) and an untagged VLAN for the management interface.
2. You actually intend for the management interface of the AP to be on the same network as one of your two user groups and your AP needs to receive 2 VLANs. This would include one tagged VLAN for one user group and one untagged VLAN for the other user group as well as the management interface.

So in case #1 above, you need to configure another VLANX line for the management VLAN setting the correct "Subnet", leaving the "Enable" check box unchecked, and assign this to P4. (Again, with the "Enable" box unchecked, the VID field means nothing). This will now indicate three VLANs on P4.

In case #2 above, you need to uncheck the "VLAN" check box in the AP configuration; on SSID#1 if the management interface should be on LAN 4 (VLAN 40) and on SSID#2 if LAN 3 (VLAN 30).

Then on the router, if this is the LAN 3 "Subnet", you should select VLAN2 for P4 and remove VLAN4 from P4. If this is LAN 4, then you need to configure another VLANX with the "Subnet" set to LAN 4, select this VLANX for P4 and remove VLAN3 from P4.

That should at least get you working. Without knowing a bit more about your network, I couldn't say if there might be a more ideal configuration.