* Official Ubiquiti Discussion Thread *

the-evaluator · 24 Nov 2021 at 09:21

Nope. If the clients were using WiFi then you could use RADIUS controlled VLANs from a single SSID.

In your situation I would probably setup the switch port so that it's untagged in one VLAN and tagged in the other. So plug a client in and it'll be in the untagged VLAN but with a bit of configruation on the client you can make it join the tagged VLAN.

The switch port config for that would be as follows. A client connected to that switch port without any specific configuration applied to it would be in VLAN 1 but you'll note that VLAN 3 is tagged on that switch port. You can tag in more VLANs if you want, this is just an example:

If I then connected a client to that switch port that I wanted to be in the tagged VLAN then I'd need to configure that on the client. In the case of a Windows PC for example you'd generally go to Device Manager and to the advanced tab of the network card:

So in that example the Windows PC would then be in VLAN 3.

ChrisD. · 24 Nov 2021 at 09:27

Yeah that is something I had considered doing.

WJA96 · 24 Nov 2021 at 12:04

ChrisD. said:
Is there a way for a port on a switch to change its profile depending on which client is plugged into it? I ask as I have an external monitor and network cable and I switch it between a customers' laptop which is on an isolated VLAN and also my own MacBook Air which I want on a different VLAN. It's annoying to have to change the switch port each time I change the device.

No. You really need a bigger switch if you're regularly plugging and unplugging kit.

RSR · 24 Nov 2021 at 13:51

ChrisD. said:
The requirement is twofold. One is to future-proof any potential upgrade of FTTP so not really relevant for a few years at least until OR start releasing XGS-PON. The second is that I have a number of VLANs at home and being able to move data between them at 10 Gbps would be a nice thing to have.

A UDM-Pro would be fine for that, as I have mine connected with 10Gb links and on the intervlan side its more or less line speed. The UDM-P is very strong at routing traffic, its when you add IPS / IDS etc... it will slow it down to 3.5Gb/s ~

It's also going to be more than a few years before OR start upgrading to XGPON, unless you are in a lucky area which has been rolling them out.

10Gb networking gear normally still has a high price tag, if you want to do everything at full line speed other wise you have to make compromises to work to a budget.

Caged · 24 Nov 2021 at 15:08

ChrisD. said:
Is there a way for a port on a switch to change its profile depending on which client is plugged into it? I ask as I have an external monitor and network cable and I switch it between a customers' laptop which is on an isolated VLAN and also my own MacBook Air which I want on a different VLAN. It's annoying to have to change the switch port each time I change the device.

You can do MAC-based VLANs on some switches, the easiest workaround might be to just tag the VLAN you want your MacBook Air to be on and then set the VLAN tag up on the Mac's network card.

ChrisD. · 24 Nov 2021 at 15:31

I have my main network untagged and the isolated network tagged. As luck would have it, I am unable to change the VLAN of the NIC on the customers laptop due to GPO.

the-evaluator · 24 Nov 2021 at 16:16

If you can't change the VLAN on the NIC of the customer laptop then you'd need your VLAN tagging the other way around. Main network tagged, isolated network untagged.

ChrisD. · 24 Nov 2021 at 16:40

the-evaluator said:
If you can't change the VLAN on the NIC of the customer laptop then you'd need your VLAN tagging the other way around. Main network tagged, isolated network untagged.

I know but that's easier said than done due to the complexity of my network.

the-evaluator · 24 Nov 2021 at 16:45

I'm confused. If you can't change the VLAN ID on the customer laptop because of GPO then how will you connect it to the tagged network?

If you can't change the VLAN ID then it won't be set so it'll be connecting to the untagged VLAN on that switch port.

ChrisD. · 24 Nov 2021 at 17:08

the-evaluator said:
I'm confused. If you can't change the VLAN ID on the customer laptop because of GPO then how will you connect it to the tagged network?

If you can't change the VLAN ID then it won't be set so it'll be connecting to the untagged VLAN on that switch port.

What I mean is I can't simply change the my untagged network to a tagged network. Well, I could, but I'd have to change it in a lot of places and it's more hassle then physically changing the port that the customer laptop is connected to.

maj · 24 Nov 2021 at 17:49

I'm due to move into a new build next month which will have FTTP and rather than have ethernet ports all over the house like I do now I've been looking at Access Points and then stumbled upon this thread. For someone starting out is there a recommended single AP to get? It would be providing wifi signal for all devices in the house including my home office (more than likely bedroom 3). At the moment I'm looking at the NanoHD since I don't have a PoE switch and it comes with a PoE injector. Is there any other AP to consider?

Here's a floorplan with dimensions and was thinking of putting it where the red X is for easy of cabling as based on the other show homes on this development the master socket is in the 'ST' on the 2nd floor.

Thanks for any help and advice.

ChrisD. · 24 Nov 2021 at 17:50

If it has ports already the cable as much as you can. I definitely couldn't work on wifi alone, it's simple not reliable enough no matter the APs used.

b0rn2sk8 · 24 Nov 2021 at 18:42

maj said:
I'm due to move into a new build next month which will have FTTP and rather than have ethernet ports all over the house like I do now I've been looking at Access Points and then stumbled upon this thread. For someone starting out is there a recommended single AP to get? It would be providing wifi signal for all devices in the house including my home office (more than likely bedroom 3). At the moment I'm looking at the NanoHD since I don't have a PoE switch and it comes with a PoE injector. Is there any other AP to consider?

Here's a floorplan with dimensions and was thinking of putting it where the red X is for easy of cabling as based on the other show homes on this development the master socket is in the 'ST' on the 2nd floor.

Thanks for any help and advice.

AP placement looks fine and one should be more than enough but I wouldn’t go for a nanoHD now, it’s WiFi 6 and anything you have bought in the last 2 years will likely support wifi6. Look at the U6-LR instead. If it doesn’t come with an injector, grab a separate one or a PoE switch, they don’t have to be Ubiquiti, just support the correct standard.

Dave85 · 25 Nov 2021 at 12:44

UDM PRO SE and the rack thats always out of stock are showing as in stock now for anyone looking for either.

maj · 25 Nov 2021 at 18:08

ChrisD. said:
If it has ports already the cable as much as you can. I definitely couldn't work on wifi alone, it's simple not reliable enough no matter the APs used.

Sadly the house is too far through the building process to have them put them in now I believe. If so I may have to look into putting ethernet in place at a later date if possible.

b0rn2sk8 said:
AP placement looks fine and one should be more than enough but I wouldn’t go for a nanoHD now, it’s WiFi 6 and anything you have bought in the last 2 years will likely support wifi6. Look at the U6-LR instead. If it doesn’t come with an injector, grab a separate one or a PoE switch, they don’t have to be Ubiquiti, just support the correct standard.

U6-LR looks to be the way forward if one of them will give me the coverage I need thanks. I'll just need to source a suitable PoE device to add to the total cost.

Sinbad2000 · 25 Nov 2021 at 18:34

Just a comment, more stemming from ignorance than anything else

(I have a bunch of Unifi kit that I haven't paid a lot of attention to, really, for quite a while).
My PC updated to Windows 11 last night, and I noticed that now the wifi is using wpa3. I'm seriously impressed, I mean my newest AP is a UAP-AC-M that I got just after they were launched so it must have been 2016 or 2017. For it to support WPA3 is awesome. I love my Unifi!

thewanted · 25 Nov 2021 at 22:29

Sinbad2000 said:
Just a comment, more stemming from ignorance than anything else (I have a bunch of Unifi kit that I haven't paid a lot of attention to, really, for quite a while).
My PC updated to Windows 11 last night, and I noticed that now the wifi is using wpa3. I'm seriously impressed, I mean my newest AP is a UAP-AC-M that I got just after they were launched so it must have been 2016 or 2017. For it to support WPA3 is awesome. I love my Unifi!

Nice! I’ve yet to work out how to get my UAP-AC-Lite to support WPA3. I think I’m limited by using the phone app to control it.

Sinbad2000 · 26 Nov 2021 at 07:34

thewanted said:
Nice! I’ve yet to work out how to get my UAP-AC-Lite to support WPA3. I think I’m limited by using the phone app to control it.

On my controller it's on the wifi / advanced settings / security drop down. No idea how you'd do it otherwise, sorry

Dangerous · 26 Nov 2021 at 14:36

UAP-AC-Lite probably wont be updated to support WPA3

thewanted · 26 Nov 2021 at 15:26

Dangerous said:
UAP-AC-Lite probably wont be updated to support WPA3

Damn, but not surprising at all.

*** Official Ubiquiti Discussion Thread ***

* Official Ubiquiti Discussion Thread *