Hi
How do CRS125 port on which traffic will no tagging (Native VLAN) and tagging (guest VLAN)?
I need to set CRS125 to support the corporate network and WiFi for guests to UBNT UniFi.

Thanks for the information and greet

I do the same thing...

#send vlan 99 & to the Unifi
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether16,switch1-cpu vlan-id=99

#any packets arriving without a tag (inside wifi & unifi management traffic) tag with vlan 100
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=100 ports=ether16

Thank you very much

And how to separate the traffic from the guest vlan from the corporate network?

In the example above guest will be on VLAN99 and Corporate LAN+Unifi Management users will be on the Native VLAN100. Then it's just a matter of assigning a new DHCP server to the guest VLAN and creating the necessary firewall rules to ensure traffic is separated.

As an alternative to vlans, you can also use the features within the unifi to create an isolated guest network. You just mark one of your wireless SSIDs as guest and add your internal subnets to the restricted networks under Guest Control.