Setup Edgerouter X and a WAP with 2 VLANs ver 1.04 1/25/2021
This was written for version 6.x.
7.x is now available and some settings may be in new locations. I haven’t checked in detail. The interface can be switched back to display as it did in 6.x and returned to 7.x later.
Introduction: Because Ubiquiti is rapidly changing the GUI interface in Edgerouter and the switch controller, tutorials on setup rapidly become dated and inaccurate in details. I wasted a lot of time trying to follow specific instructions for interface settings that no longer existed. This is a more generic approach and hopefully will survive future updates.
There are a lot of moving parts that have to be coordinated for the system to function. This description assumes you already have the switch and WAP connected in the controller software as well as an Ethernet cable between the switch and router.
Overview: In the controller you’ll be setting up Wireless Networks, Networks, Switchport Profiles and editing individual ports on the switch. In Edgerouter X you’ll be adding interfaces to the switch, choosing Vlans for the switch ports and setting up DHCP services.
Switchport profiles are optional and used to provide fine grain control of VLAN traffic thru ports. We’ll address those last as we want a functional system first, then tweak the settings.
General notes: save the configuration every time you make a change. Make sure you backup after the WAP has changed status to a green “connected” and is not updating when you save. At some point you will cut your arm off and have to do a factory reset. The backup will save you a lot of extra work in reconfiguring the system. It also allows you to go back to an intermediate stage and rework a section you think you may have bungled.
I have had mystery problems where every setting appeared valid but a specific VLAN didn’t work while all the others did. In this case, delete the problem VLAN and references to it at all points and recreate it from scratch. Give it a different VLAN ID so you can tell if you have a ghost you missed deleting.
Another bug is the Edgerouter X dashboard will sometimes show TBD at one of 2 IP addresses for a newly created VLAN interface and interface doesn’t work. There should only be a single, valid IP address. This is a problem related to vlan setup in the GUI. Log out of the router interface, close Firefox then restart it and log in again.
Under profiles, Switchports is where you create new port profiles containing multiple VLANs. Tags are no longer available.
Process:
Overview:
In the console:
Create 2 networks on separate VLANS.
Match them to wireless networks you create
Configure a port that links the WAP to the switch with both VLANs allowed.
Configure another port to serve as trunk to the router which passes all VLANs.
On the router
Eth0 will be the uplink to the home router
Add the VLAN interfaces to switch0.
Under services, configure DHCP and DNS for each VLAN.
First, the controller.
Create 2 VLAN networks. That’s done in settings under neworks. Select “create new network” and choose “VLAN only” option. Give it a descriptive name. The only other item needed is the VLAN number. Save it and create the second network. The new VLANs will also show up in the profiles section under switchports; there is nothing to configure in switchports at the moment.
Next create wireless networks, also done in settings. Here you will associate a broadcast ID with the networks you just created. Give each a name then select the network the SSID will be associated with. Save it and that’s all that’s needed. Backup your work.
Next go to devices, select the switch and open the port editing panel. You will edit 2 ports: the uplink and the WAP link. In both, give it a descriptive name and select the switchport profile “All”. This will save a lot of debugging for now. If you haven’t done it before, further restrictions are best left for later when you have a functional system.
Make sure the status of the WAP has updated and is green and reads “connected”; it may take a little while to finish updating. Backup your work.
Now the Edgerouter X.
Manually configure your computer to 192.168.1.2 mask 255.255.255.0 . Plug into Eth0 and browse to 192.168.1.1. The browser will complain about invalid security certificate. If there is a problem connecting, try pinging 192.168.1.1. The connection may need to be unplugged and replugged to get connection. Sometimes the browser is the problem. Exit Firefox and restart the browser if repeated attempts fail and all settings are correct.
When you first login, you will have an option to use a wizard to initially configure the unit. Do it. If you know enough to do manual configuration, you wouldn’t be reading this. You will get a user name/password selection. I keep it at default for configuration and change it later when everything else is done. There is one easily overlooked item in the automatic process. You have to expand the LAN,VLAN item and enter the address of the new network. It’s hidden in there. By default it’s 192.168.1.0 which is the network of Eth0. Easy change is to make it 192.168.2.0 but you can put in whatever other network you want. Save and it will then reboot.
Next login after initial configuration: Set you computer network to use DHCP addressing. Plug into Eth1 and login. Be sure to wait long enough after reboot. It may take several minutes or respond to unplugging and replugging the network connection. Login with a browser as before. If there is a problem connecting and you can ping the address it is trying to connect, exit the browser and restart it.
Here is an important and easily overlooked item. From the dashboard, select switch0 and open for configuration. The network address you previously entered will be here. On the VLAN tab, check VLAN Aware. On the switch ports, select the port you are using as the trunk from the physical switch earlier. In vid box, enter the VLAN numbers you want that are on the physical switch. You can check or uncheck other ports to participate in the switch as suits your setup.
From the dashboard again, select “add interface” -> “add VLAN”. Enter the VLAN ID number. For interface select switch0. Then “Manually define IP address” enter the VLAN network in the form 192.168.20.1/24. This example defines the network and the router. This will add interface switch0.20 to the list.
Next step. Under services select add DHCP server. In the fields enter a name and the network for the VLAN you’re setting up. I use 192.168.20.0/24 for VLAN ID 20. Helps keep things clear later when debugging. Enter Range start and stop for DHCP assignment then whatever DNS servers you want. Save and Backup your work.
At this point you can plug in the WAP and power up. Check that it broadcasts the 2 SSIDs you defined. Selecting either one will link to the associated VLAN and provide your laptop with an IPV4 address of that VLAN. It should ping to outside IP addresses and also domain names if DNS is setup correctly.
Debugging is a much longer post for another day. Short test is to connect the configured WAP into a port on the router with the port configured to pass the VLANs. (I normally use port Eth4.) That bypasses the physical switch and tells you if the router VLANs are configured correctly with switch, DNS and DHCP.
Found a recent YouTube video showing the procedure.
https://www.youtube.com/watch?v=3j6RiovCFz0
Restricting an access point to the guest status.
This is done in the controller under the wireless network settings. Check apply guest policies to apply default policies.
EDGEROUTER X Internal console port
Jumper pins internally. Requires a TTL cable to connect. Connect only ground and signals; do not connect power.
Jerry's blog 