Page 1 of 1
CRS125 end Native VLAN
Posted: Tue Jun 03, 2014 4:42 pm
by zak2k
Hi
How do CRS125 port on which traffic will no tagging (Native VLAN) and tagging (guest VLAN)?
I need to set CRS125 to support the corporate network and WiFi for guests to UBNT UniFi.
Thanks for the information and greet
Re: CRS125 end Native VLAN
Posted: Tue Jun 03, 2014 5:48 pm
by gkornato
I do the same thing...
#send vlan 99 & to the Unifi
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether16,switch1-cpu vlan-id=99
#any packets arriving without a tag (inside wifi & unifi management traffic) tag with vlan 100
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=100 ports=ether16
Re: CRS125 end Native VLAN
Posted: Tue Jun 03, 2014 10:33 pm
by zak2k
Thank you very much
And how to separate the traffic from the guest vlan from the corporate network?
Re: CRS125 end Native VLAN
Posted: Wed Jun 04, 2014 5:54 pm
by gkornato
In the example above guest will be on VLAN99 and Corporate LAN+Unifi Management users will be on the Native VLAN100. Then it's just a matter of assigning a new DHCP server to the guest VLAN and creating the necessary firewall rules to ensure traffic is separated.
As an alternative to vlans, you can also use the features within the unifi to create an isolated guest network. You just mark one of your wireless SSIDs as guest and add your internal subnets to the restricted networks under Guest Control.