My house doubles as a server (build) farm for my software company, so I have many dedicated machines running as infrastructure. My goal is to set up separate VLANs for (1) infrastructure and security cameras (2) trusted devices (3) guests.
I use a Peplink Balance Two as my edge node. I also have a bunch of Ubiquiti gear for my internal networking, including various managed switches and WiFi access points. I much prefer the peplink interface and reliability; it is already configured as my router, with various local DNS records, static IP addresses, and other settings needed in my environment. I want to continue to manage these settings from Peplink, including IP address assignment and inter-VLAN traffic security policies.
I’m wondering what the “optimal” way to use the two together is. I started by trying to turn off Ubiquiti’s “LAN” feature, so that it would not act as a DHCP server. However, this has created many problems (the switches seem to revert to handing out 192.168.1.0/24 addresses after being rebooted… but this isn’t a Ubiquiti support forum If I let Ubiquiti assign DHCP leases in its preferred range, I see the clients in my Peplink interface with the 192.168.1.0/24 IP addresses, but I’m not sure if this is the “right” approach or not given that I want to manage DNS records, etc. within Peplink.
At this point I’m not sure if I’m even barking up the right tree, and would appreciate advice. Not being a networking guru, I suspect there is some way to design the network “correctly” such that I can optimally take advantage of the feature sets of both products.
I have a lab environment the same way that you want to set it up.
I have setup dhcp reservations for my unifi switches.
I have disabled all the extra network stuff in unifi dhcp, etc.
Settings network →
name Lan
purpose corporate
dhcp mode no dhcp
name phones
purpose vlan only
vlan 15
If you want the unifi devices to be a management vlan.
Then setup the mgmt vlan on the peplink first then.
highlight device in unifi ui.
click gear config icon
services
vlan
management vlan mgmt
network use dhcp
My user interface may be difference then yours but hopefully that will help you get going.
When I apply the “no DHCP” setting (and turn the LAN network on), clients are not assigned a DHCP lease. Is there some Peplink setting required to make the Ubiquiti equipment be able to forward the DHCP lease request to Peplink?
Note that turning off the Ubiquiti LAN entirely does technically work. With it off, a client connecting to the Ubiquiti Wifi APs successfully gets a DHCP lease from Peplink (Zanju/Trusted works with the “Trusted” network disabled, whereas Oodalolly/Guests does not assign DHCP leases even though Guests has “no DHCP” and is enabled):
You should be able to turn off dhcp everywhere, and any unifi firewalls and the dhcp should just flow across the ethernet, along with any connect wifis.
I assume the networks for the wifi should be lan?
I haven’t done a lot with my setup with a unifi ap as here I have a peplink ap and peplink router and unifi switch.
Here’s how the “Guest” network is setup. Nobody who connects to it receives a DHCP lease. So presently the Trusted network “works” for Wifi (because it’s off and Peplink does the DHCP), but the Guest network doesn’t (if it is attached to wifi, clients are not assigned a DHCP lease).
You have mentioned “purpose” a couple of times. I don’t see these anywhere in Ubiquiti’s UI.
I’m relatively new to VLANs. Do Peplink/Ubiquiti understand the same VLAN ID? So by using the VLAN ID=2 from the last post in Ubiquiti, I need the upstream Peplink to also have a VLAN #2? And both devices will thereby have a shared understanding of what VLAN#2 means?
@inzania, You need to go into the “Networks” tab on your Unifi controller. When there, click “Create new network.” and choose VLAN only. It looks like you only setup the wifi SSID’s but not actual networks through the controller correctly to be able to route tagged traffic. Your networks should not have 192.168.X.X subnets showing up in the controller.
Once you do that go back over to the “Wireless Networks” tab and either select your guest network, or just start over and make a new one. Once you create the network and whatever, make sure the yellow box is the VLAN you created on the previous “Networks” tab. Once you do that it should fix the issue.
@Cable17 thanks, but… your UI looks nothing like mine. I’m using the latest version of the Unifi Network application, self-hosted on a Linux box. There is no “Networks” tab, and when I create a netwmork there is no such “VLAN only” option.
There are many ways to do this. Im an MSP and we have 1000’s of UBNT devices on networks with UT NG or SD-WAN and Peplink Max Transit 5G as failover WAN2…
The first question is what are you using for a UNFI controller? Cloud Key, Cloud Key Gen2, Windows Install UBNT controller, hosted controller?? All of these work, just a little different setup for each.
Simple setup with UBNT controller on the local LAN (Windows controller or Cloud Key), is you first setup your subnets in your Router (peplink) with the VLAN tag you want (I use the 3rd octet in the subnet for simplicity).
After you have that all setup… You go into your UNIFI controller Settings>Networks and create your various networks but select VLAN ONLY and put in the VLAN ID you created in your Peplink router. Its that easy.
Now go to WiFi, create your various SSID and tag the VLAN network you want those SSID to be on… If you are running UBNT switches, you can tag ports with the same VLAN ID as well…
I personally host my multi site UBNT controller on VULTOR… Then each UBNT device we receive at the shop before we deploy it, we SSH into it, upgrade, set inform URL then adopt in the controller for that site, leaving them as DHCP. Then just go install at the site and plug in. As long as they have internet they talk to the controller…
That is because you are using the HORRIBLE “New Interface.” We’ve been a UBNT reseller and installer for a LONG time, and I cant stand this new interface. You can go to System Settings and click (turn off new interface or something like) and you will have the interface we all use and are used to. That is what @Cable17 screenshot above. Much easier IMHO.
omfg I wasted days of my life not being able to find all these expected settings!
Unfortunately… I’m still getting the same problem. You can see above I’ve configured VLAN2 as my guest network via Peplink already. Here, you can see I’ve created a “VLAN Only” network in the Ubiquiti controller. But when I connect my laptop to the WiFi that is associated with this “Guest2” network, I still fail to receive a DHCP lease (“self assigned IP address.”) Is there some place I should be looking for debug logs…?
DHCP has nothing to do with UNBT devices if you arent using their Router/Dream Machine, etc and are using a 3rd party Router/Gateway… When you created the VLAN on your Peplink, you created an Addressed VLAN with DHCP enabled and created your subnet you wanted right??
Example “Guest” Wifi VLAN, 10.1.2.0/24 with VLAN ID 2… DHCP enabled with range 10.1.2.25 - 10.1.2.254… Thats what needs to be created in your Peplink (sorry I dont use Peplink devices as my main gateway/router, only for 5G WAN2 Failover) so I cant help you with exactly how to do that but I can look in my Max Transit 5G real quick.
After you setup the proper addressed VLAN interface up in your Gateway, all your doing is simply VLAN tagging in UBNT devices. There is no config there…
Understood, that’s why I’m asking here — it seems like Peplink (the DHCP server) is what I need to configure.
In the screenshot from my earlier post, VLAN ID 2 has DHCP enabled and IP range of 192.168.2.10-192.168.2.200. I’ll paste that screenshot again below.
So no additional steps here, right? Between this screenshot and my last post, it should be configured…
Just went into one of the Max Transit 5G I have here at the shop. Went to Networks>New LAN then entered IP address 192.168.100.1 255.255.255.0/24
Gave it a Name and VLAN ID (100) DHCP Server Enabled… Set start IP 192.168.100.20 - 192.168.100.254… Assign DNS Server automatically and save. Created VLAN Only ID 100 in UNIFI, Went to a UBNT switch, tagged Port 14 with VLAN ID 100 and then plugged my laptop in… my laptop was given IP 192.168.100.20 from DHCP…
Works exactly as I outlined above… If its not working for you, then you have something misconfigured unfortunately
Nope, that is correct… You have something configured in UNIFI you arent supposed to maybe? What hardware do you have on your lan other than peplink? Just UNIFI AP’s??
I just stripped down the hardware to a very simple setup:
Peplink → Unifi USG 24 Pro → 1 Long-Range AP
Then I cycled the power on all 3 hardware and tried connecting to both of the two wifi networks. Same symptoms (the VLAN network doesn’t work). Is there nowhere I can find debug logs?? I mean, can I even look at Peplink to see if it’s receiving the DHCP request? Otherwise I guess I’ll just try a manufacturer reset on everything…
If I let Ubiquiti assign DHCP leases in its preferred range, I see the clients in my Peplink interface with the 192.168.1.0/24 IP addresses, but I’m not sure if this is the “right” approach or not given that I want to manage DNS records, etc. within Peplink.
I wasted days of my life not being able to find all these expected settings!
