Hi Folks,
Ubiquiti newbie here, and a bit rusty on networking...
I have an EdgeRouter X, a host to run Unifi Controller on, and a UAP AC LR to configure, and I'd like to do so in the following way:
eth1 10.0.20.1/24 (PRIMARY NET) VLANs 35 WLAN-PRIMARY 10.0.35.1/24 DHCP server 30 WLAN-GUEST 10.0.30.1/24 DHCP server 25 WLAN-LINK 10.0.25.1/24 DHCP server switch0 eth3 PVID 25 VID 30,35 eth4 PVID 25 VID 30,35
The goal here is to connect my Unifi AP to eth4 with the primary VLAN being WLAN-LINK=VLAN25, as well as tagged traffic for the private and guest SSID networks (vlan 30, 35). Then have eth3 also have a PVID of 25 so that the Unifi controller is on the same L2 as the Unifi AP.
For the life of me I can't get this to work.
Here's a network diagram:
Here's my current config dump - but it's been through about a million iterations and I still can't pull an IP from the DHCP server for the 10.0.25.0/24 network from either switch0 member.
erx-admin@ERX:~$ show configuration
interfaces {
ethernet eth0 {
address 192.168.1.50/24
description ERX-WAN
}
ethernet eth1 {
address 10.0.20.1/24
description ERX-PRIMARY
vif 25 {
address 10.0.25.1/24
description WLAN-LINK
}
vif 30 {
address 10.0.30.1/24
description WLAN-GUEST
mtu 1500
}
vif 35 {
address 10.0.35.1/24
description WLAN-PRIMARY
mtu 1500
}
}
ethernet eth2 {
description VACANT-2
}
ethernet eth3 {
description SWITCHp3
}
ethernet eth4 {
description SWITCHp4
poe {
output off
}
}
loopback lo {
}
switch switch0 {
description WLAN-LINK-SW
switch-port {
interface eth3 {
vlan {
pvid 25
vid 30
vid 35
}
}
interface eth4 {
vlan {
pvid 25
vid 30
vid 35
}
}
vlan-aware enable
}
}
}
service {
dhcp-server {
shared-network-name DHCP-PRIMARY {
subnet 10.0.20.0/24 {
default-router 10.0.20.1
dns-server 8.8.8.8
dns-server 8.8.4.4
start 10.0.20.101 {
stop 10.0.20.150
}
}
}
shared-network-name WLAN-GUEST {
subnet 10.0.30.0/24 {
default-router 10.0.30.1
dns-server 8.8.8.8
dns-server 8.8.4.4
start 10.0.30.101 {
stop 10.0.30.150
}
unifi-controller 10.0.25.10
}
}
shared-network-name WLAN-LINK {
subnet 10.0.25.0/24 {
default-router 10.0.25.1
dns-server 8.8.8.8
dns-server 8.8.4.4
start 10.0.25.101 {
stop 10.0.25.150
}
}
}
shared-network-name WLAN-PRIMARY {
subnet 10.0.35.0/24 {
default-router 10.0.35.1
dns-server 8.8.8.8
dns-server 8.8.4.4
start 10.0.35.101 {
stop 10.0.35.150
}
unifi-controller 10.0.25.10
}
}
}
gui {
}
nat {
rule 5000 {
description WAN-MASQUERADE
log disable
outbound-interface eth0
protocol all
type masquerade
}
}
ssh {
}
}
system {
domain-name downlink
gateway-address 192.168.1.1
host-name ERX
login {
user erx-admin {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name erx-admin
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/New_York
}Currently I'm trying to do everything graphically because I'd like to crawl before I walk. That said I'm starting to exhaust myself on this because I did have this working fine a couple days ago through my external switch with the same vlans, but I decided I wanted to try to do it all on the ER-X and lost the original config that worked for the separate switch.
So far it's kind of not that intuitive and I'm wondering if I need to just fall back to treating this like an ER-L and leave the additional ports of the ER-X vacant...