Unifi 7.3.83

1 view

Skip to first unread message

Ottavia Delamar

unread,

Aug 3, 2024, 1:42:55 PM8/3/24

to clasveysoundmep

Hoping folks with more experience and knowledge can help me figure out what I haven't done correctly to facilitate Guest WiFi access with VLANing using Sophos XG, Ubiquiti switch and Ubiquiti Unifi APs. Hopefully, once I get this working, I can then apply the learnings and figure out what I am doing wrong to get an isolated IOT VLAN/WiFi network running as well. Seems my last hurdle to solving this puzzle is getting DHCP to work for my Guest Network clients

I found this thread and thought it would help because I also have a DHCP problem -firewall/f/discussions/117185/guest-wifi-with-sophos-xg-and-unifi-aps. This helped get me going, but I didn't end up having a hardware/switch issue like OP in this thread. I have been staring at this for hours and am sure I am missing some improper configuration somewhere that I am just not able to see.

Here is a diagram of how I have things setup currently. My macbook on the right side of the diagram is what I am using to test. When connected via Ethernet, manually setting MB to 10.0.71.11 because I can't get DHCP to work for both wireless and hardwired. I am able to ping the XG interface and am able to access the web as well.

Now it was time to set things up on the switch side. This is probably where I am making a mistake. I understand VLANs conceptually, but don't have any practice in implementing or configuring them. To make things a bit steeper on the learning curve, it seems Ubiquiti does things a bit differently as it relates to tagging and trunking.

4. Now I assigned the switch port profiles to the ports in the switch. Port 7, which is the upliink to the LAN port on XG. Didn't actually change anything here, just left switch port profile set to "all".

Since in the XG your port 5 for the normal guest network is not a VLAN port, this port would most likely not be a tagged port. Only port 5.71 is a Tagged port. So in your profiles try to untick "Select All" and only have Tagged Network enabled for the GuestVLAN71(71).

Thank you for looking. I tried your suggestion, but am unable to make the adjustment. As long as native is set to LAN, checking either the "select all" or "GuestVLAN71 (71)" boxes activates both. Doesn't look like there is a way to independently check one or the other. They are either both on or both off.

I was able to fix my issue related to the DHCP. I statically assign all my family's clients for web filtering, application filtering, reporting, etc....Anyway, the macbook was assigned a DHCP address from my private LAN so it couldn't pick up an address from my Guest LAN DHCP. This would explain why I had some successes when manually configuring the wireless adapter. Once I deleted the static entry for my macbook from the private DHCP, I was able to pick up an address from the Guest DHCP.

As for the VLANs, I was over complicating things. I had added two new physical ports to the XG. One for Guest and one for IOT and then built VLAN subinterfaces under each of those ports. Bone headed mistake on my part because all I needed to do was build two VLAN subinterfaces under the existing LAN port, one for Guest and one for IOT. On the Unifi side, I built VLANs to match and just tagged the Guest and IOT at the ports for the uplink to the XG and the ports for my APs. Now, i am able to hop on all three SSIDs, get a DHCP address from each respective scope and surf properly on all three networks.

We have well over 100 POE devices, last week we added 14 more "Unifi G4 Pro" cameras (already have 35 that have been working for 2 years). 6 of the 14 cameras will not power on. Switch lights do not turn on. In meraki dashboard the ports will show "PoE port was denied power" and be orange for a short time and then just goes black 'disconnected'.

I restarted the switch and some of the new cameras came online while other older G4 cameras went offline with above issue. Restarted the switch again and they all moved around again. Seems to be random. Tried another switch and have the same issue. We have close to 50 "unifi g4 pro" cameras spread across 14 switches and after testing, it seems this is affecting all switches. Again, the other 60+ POE devices are not having an issue at all (multiple brands including other unifi devices.

We have not had any issues with these cameras for the last 2 years. The only thing I can see that would cause this was that we upgraded to "MS 16.8" about 3 weeks ago. Unfortunately, rollback is not available since it was over 2 weeks ago. Not sure I would want to roll back anyway.

We had the same problem with some older Axis 360 cameras, but as they were only 12MP ones, we replaced them with newer ones. On the working Unifi cameras does the CDP/LLDP information populated correctly?

Screenshot from working G4 pro camera. Havent had a chance to do packet capture on working camera yet. I will say there is a 50% chance if I unplug and replug in any of these that they will not come back online.

I checked the unifi 360 cameras and unifi viewports as well as our isonas access control keypads and they all show the exact same with the exception of the 360 cameras which show requested 30 W. The unifi stuff updates pretty regularly so not sure if anything happened recently but the isonas stuff is old as hell (10mbps) and is never updated.

Are the isonas devices also having issues now? When I logged a ticket about the Axis 360 cameras that I was having trouble with, the conclusion was that as they sent no CDP/LLDP data, the switch was unsure about the PoE requirements and therefore they often failed. I think that all Unify cameras do not have CDP or LLDP and your screenshots appear to confirm this.

All registered participants who would like to present their work as an oral contribution or a poster are invited to submit an abstract until April 22nd, 2018, using the word TEMPLATE provided below, to isme...@chim.unifi.it. The number of slots for oral presentations is limited; should the number submitted exceed the number of slots available, the Scientific Committee will select which of them will be presented orally. Starting on April 23rd, only abstracts for poster will be considered untill the available positions for their exhibition are completed.

All abstracts for either oral or poster presentations will be peer-reviewed by the Organizing Committee for their acceptance. The notification of acceptance will be emailed not later than one week after the submission deadline. Each participant can submit only one abstract and full payment of the registration fee is required for acceptance.

All accepted abstracts will be published online in the Acta of the International Symposia on Metal Complexes (ISSN: 2239-2459), Vol. 8 (ISMEC Group series, Symposium edition: XXIX) and archived on the website of the Group of Thermodynamics of Metal Complexes (GTC).

PowerPoint files with oral presentations should be given on site to the organizers as early as possible, latest before the first lecture on the day of the talk. Should any specific facility be required, please contact the conference secretariat in advance.

Each abstract will be assigned a poster number that will be communicated to the presenting author. Posters will be permanently exposed, during the meeting, at the entrance of the lecture hall. Authors are invited to hang their posters as soon as possible on Monday, June 4th, during the registration time, coffee breaks or lunch. Two poster sessions are scheduled for the afternoons of June 4th and 5th. Authors are invited to attend both. The material to hang the posters on wooden panels will be provided.

You must send the Period of mobility certification to outgoing.erasmus(AT)unifi.it within a few days of arrival to receive the first part of your scholarship, as scheduled in the financial contract.

Please note: To receive the first part of the scholarship, you must have sent your correctly filled out and countersigned Learning Agreement (by the Sending Institution and the Receiving Institution).

The extension must be requested at least a month before the planned end of the mobility, so as to get authorization from the Partner University. You can only ask for one extension during the mobility period; the total duration cannot exceed 12 months and must end before the 30th of September.

In case of exceptional circumstances, you can give up your Erasmus+ mobility by sending a declaration of motivated renunciation to both Universities. You must include your name and surname, registration number, course of study, Partner University and your reason of renunciation.