Intro

Have you ever wanted to add multiple VLANs to your Ubiquiti WiFi network? Me too! I did this recently and in this blog I will explain the process to make it work when you have Juniper switches.

Hardware and Software

The following Hardware and Software was used in this post.

  • Juniper EX2200 - 15.1R6-S3
  • Ubiquiti UAP-AC-Pro - 6.2.44
  • Unifi Controller (VM) - 6.5.55

Change Plan

The target state configration is as follows.

  • Configure 2x wireless networks.
  • VLAN 10 - AP Management (No WLAN).
  • VLAN 20 - IOT (IOT WLAN).
  • Enable Trunk between Ubiquiti AP and Juniper switch.
  • Verify Operation.

The change manager has approved, let's go!!!

Ubiquiti

AP Management

On the Unifi controller, there is a default network. I set this up some time ago and it might be called LAN. I have forgotten if that is the default name, or I changed it to that. You can tell it's the default network because it cannot be deleted. Furthermore, you cannot set a VLAN ID on the default network.

Important
I found that when APs boot up they use the default network and it's not possible to set a VLAN ID for this network. So the AP management traffic is untagged.

First, let's update the default network. Browse to:

The following table lists the AP Mangement networks configuration parameters.

Parameter Value
Enable Network On
Network Name AP-MANAGEMENT
Advanced v
VLAN ID <blank>
DHCP Mode None

I am also disabling the default WiFi Network. Browse to:

Turn the Enable switch to off and click Apply Changes.

Internet of Things (IOT)

Now let's configure the IOT network. Browse to:

The following table lists the IOT networks configuration parameters.

Parameter Value
Enable Network On
Network Name INTERNET-OF-THINGS
Advanced v
VLAN ID 20
DHCP Mode None

Now configure the WiFi network, browse to:

The following table lists the IOT WLAN configuration parameters.

Parameter Value
Enable Network On
Name iot
Password <super-secret-password>
Network INTERNET-OF-THINGS
Note
I have a seperate firewall that is used for the Layer3 configuration. The configs for that are out of scope for this post.

Juniper

Ok, now for the Juniper configs, first let's create the VLANS.

junos-config
VLAN10 {
    description AP-MANAGEMENT;
    vlan-id 10;
}
VLAN20 {
    description INTERNET-OF-THINGS;
    vlan-id 20;
}

Now, for each interface connected to an AP, configure the following to make the interface a trunk port.

junos-config
ge-0/0/10 {
    description "to AP01";
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members VLAN20;
            }
            native-vlan-id 10;
        }
    }
}

The above config creates a trunk port and permits frames tagged with VLAN 20. Any untagged frames will be placed in VLAN 10, which we defined as the native VLAN.

Verification

Juniper

Confirm that the VLANs can be seen on the trunk port. VLAN 10 should be untagged and VLAN 20 should be tagged.

cmd
show ethernet-switching interfaces ge-0/0/10

Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/10.0  up     VLAN10              10    untagged unblocked
                    VLAN20              20    tagged   unblocked

Now, confirm that you are learning MAC addresses on each VLAN.

cmd
show ethernet-switching table interface ge-0/0/10

Ethernet-switching table: 26 unicast entries
  VLAN              MAC address       Type         Age Interfaces
  VLAN10            0e:92:a0:69:ec:c7 Learn          0 ge-0/0/10.0
  VLAN20            34:7e:5c:3e:6a:c8 Learn          0 ge-0/0/10.0

Ubiquiti

On the Unifi controller, Browse to Client Devices and confirm that the devices have an IP address in the correct subnet.

That's it! Adrian!!!! We did it!!!!

Outro

In this post, I showed you how to configure your Ubiquiti AP's and Juniper swithces to carry multiple VLANs for your WiFi networks. Thanks for tuning in ✌️