Hello to the community,
I’ve recently made a transition from the Unifi gateway system as it was becoming a bit intricate for my home network setup. Instead, I opted to use devices from GL.iNet as my gateway and DHCP server. I still intend to keep the Ubiquiti wireless access points, as I’ve been quite satisfied with their performance.
Good news is, I managed to set everything up correctly. All my devices are connecting back to the network and functioning as expected since I retained the same local IP range, static IPs, and firewall rules from my previous Unifi gateway.
Now, the challenge I’m facing is setting up the guest WiFi network. I always had a guest network setup, and I would like to integrate it with the guest network existing on the new GL.iNet gateway. I observed that within the Unifi controller settings, I can configure the guest WiFi to use a VLAN from a third-party gateway. However, I’m having a hard time understanding and successfully setting up the VLAN and guest network in the advanced settings of the GL.iNet gateway. From what I can see, there are two VLANs listed – VLAN 1 and VLAN 2. I tried adding VLAN 2 to the Unifi controller, but the devices are not getting IP addresses when connected. There is already a guest network from the OPAL (192.168.9.0/24), since I’m using it temporarily until my Brume 2 arrives.
Here are my configs:
Could someone kindly provide guidance on how I can set up the guest network using the Unifi access point system? Any help would be greatly appreciated. Thank you in advance!
These are questions that are best answered on the Ubiquiti community and/or the GL-inet forums since none of your devices is running an official version of OpenWrt. You appear to be running the GL-inet vendor firmware, and you're obviously running the Unifi firmware.
Please feel free to clarify if you have installed official OpenWrt (obtained from openwrt.org) on your devices.
1 Like
I don't know the unifi stuff, but I see you have rj45 ports in mixed mode with both, tagged and untagged traffic. I'd suggest to not do that.
- Pick an rj45 port on your router that communicates with your AP
- Make that rj45 port "tagged" for every vlan you want to have on your AP (vlan 1 and vlan 3 i your case)
- Don't use "untagged" and "tagged" on the same port.
- Configure your AP in the same way
- Use a cable to connect your AP and your router and don't expect regular client devices to be able to understand what's going on
psherman,
Thank you for your response. To clarify, while I am indeed using the devices you've mentioned, I'm currently in the process of transitioning from the Unifi system to openwrt. My GL.iNet gateway is underpinned by OpenWrt version 18.06 r0-d5ed0258f. While there is a native interface provided by GL.iNet, I primarily access and manage the device through its advanced interface, which is the official OpenWrt interface.
I believe my setup mirrors that of users who utilize the official/native version downloaded directly from openwrt.org. I apologize for bringing configurations from other systems into the mix; however, as mentioned, I'm in this transitional phase and seeking guidance for the setup.
On the Unifi side, the available configuration options for setting up a local network with a third-party gateway are limited. I can only set the VLAN ID for the network, with no other advanced settings available. I suspect the challenge lies in my OpenWrt configuration—specifically in properly recognizing the VLAN and integrating it with the existing guest network.
Any assistance or insights from anyone who might have gone through a similar setup would be invaluable. Again, thank you for your time and understanding.
To be clear, the version of OpenWrt provided by Gil-net is not the same as openwrt from the official project. It is heavily modified and has many material differences in how it works.
Please consider installing official openwrt if your device is supported:
https://firmware-selector.openwrt.org/
Otherwise, you need to ask Gli-net for help.
1 Like
golialive,
Thank you for your input. To provide some context, the configurations you observed in the images were factory-default settings on the GL.iNet device. I must admit, I don't have a deep understanding of the rationale behind those default configurations, and I wasn't the one who initially set them up that way.
Out of the box, the device was configured with VLAN 1 and VLAN 2. I subsequently created VLAN 3 and marked it as "tagged" on all interfaces except the WAN. Following this, I adjusted the Unifi network settings to use a third-party gateway and configured it to use VLAN 3 as well. The Unifi access point connects to the GL.iNet device via a cable through the switch, and on the GL.iNet end, it's configured as "tagged".
Moreover, I made adjustments to the guest network settings to use the interface with VLAN ID 3. Unfortunately, it hasn't been successful.
If you have further insights or suggestions on how I should adjust these settings, or any specific changes you think could make a difference, I'd appreciate your guidance.
Thank you. I'll have a look on how to do it. Have a great day!
You need to know what "vlan" and "tagged" means.
Despite the fact that you're dealing with an Unifi AP, you're trying to do what we call a "dumb AP".
I tried to explain vlan tagging in that context here:
Basically this image:
https://upload.wikimedia.org/wikipedia/commons/0/0e/Ethernet_802.1Q_Insert.svg
Every IP package can be either "untagged", which means there's no "802.1Q Header" section at all, or "tagged", which means there's a "802.1Q Header" section holding the actual vlan ID.
You can have a matrix of LAN ports as columns as and vlans as rows. That's the first part of your image.
- "off" means: Packages of this vlan don't travel this LAN port.
- "untagged" means:
- Packages coming from inside of your router pass that LAN port to the outside
- if they internally already contain that vlan tag already
- and lose their tag on the way out.
- Packages coming from outside enter your router through that LAN port,
- are expected to not have a vlan tag
- and get ths vlan tag added when entering.
- "tagged" means:
- Packages coming from the inside of your pass that LAN port to the outside
- if they internally already contain that vlan tag already
- and keep that vlan tag while leaving the port.
- Packages coming form the outside world enter your router through that port
- only if they already carry that vlan tag on the outside.
- They keep that vlan tag on the way in.
There is a scenario where a single port having both, tagged and untagged packages at the same time. But this obviously doesn't fit into my simplified explanation. And that's for a reason.
So:
- Make one LAN port "vlan 1 untagged, vlan 2 and 3 off" for LAN communication to wired devices. Those device will not be confronted with any vlan-tagged IP package because the router will remove that tag when they leave that port. And those device will only get vlan 1 traffic.
- Make another LAN port "vlan 1 tagged, vlan 3 tagged, vlan 2 off" for your wire link between your router and your APs. So your router and your AP will only communicate with vlan tagged packages where every package is either vlan 1 or vlan 3.
That's from the OpenWRT perspective. I can't say anything about the GL-iNet situation and I don't what your Unifi will do with that information. But I suspect you need to adjust your primary wifi on your Unifi box to "vlan ID 1" as well. The technical thing about vlan tagging (treating packages one way or the other depending if a port is expected to be tagged or untagged) is certainly similar on the Unifi device.
1 Like
