Hi,
I have an XG 125 firewall running SFOS 17.5.11.
Attached to this on the LAN interface (Port 1) is an unmanaged switch. Connected to the switch are a number of wired devices such as printers, and a number of Ubiquiti Unifi wireless APs. The APs have two different SSIDs. One of the SSIDs is used for restricted access based on time of day. There is a schedule applied so that it can only be accessed at certain times. This is all managed through the Unifi Controller.
I now want to be able to control access between devices connected to the restricted SSID and devices that are connected via ethernet or the unrestricted SSID.
The only way I can see to make this work is via VLANs and firewall rules to apply the restrictions.
My idea is to add a VLAN for devices on the restricted SSID. The Unifi Controller and APs allow me to add a VLAN tag to individual SSIDs. So I have added the VLAN tag ID of 2 to the restricted SSID.
What I know need to know is how to define the VLAN on the XG.
I have tried to add a VLAN interface on Port 1 in the LAN zone. The Port 1 is currently configured with IP 10.10.0.1/24. With DHCP for part of this range and static assignments for specific devices.
I have tried a couple of ways to add a VLAN on Port 1, with a VLAN ID of 2.
The first way was to add the VLAN with an IP of 10.10.1.1/24, and DHCP for part of this range.
The second way was to extend the IP range of the interface in Port 1 to 10.10.0.1/23 and then add the VLAN with an IP of 10.10.1.1/24.
In both cases, a wireless device can connect to the restricted SSID on a Unifi AP, but then fails to get an IP address.
Any assistance to get this working would help.
Thanks
David
This thread was automatically locked due to age.