Re: GS324TP S350 unable to obtain IP from unifi USG3 and UAP-AC-PRO

Pictures did not appear on the first post.

@jleon71 

Based on the NetgearGS324TP-VLANPVIDPORT.png and assuming USG and AP are connected to the two ports configured accordingly, there isn't anything wrong with your VLAN config. Back to the UniFi config I'd say...

PS. The in-line images are under mandatory moderation, so it will take a while until visible.

Hi Jelon71,

I have a very similar problem using a Unify Dream Machine  and  a GS348T switch  +  a Unify U6-Lite AP.

The AP  plugged into the Unify Dream Machine works perfect, when I plug it into my switch  it does no longer.

My assumption is that the DHCP requests  do not get through, but  I 'm just not sure  what I need to configure .

My config on the switch VLAN looks exactly like yours.

Is there any other traffic that needs to be allowed  on the switch?

Did you find the problem?

Thanks

Dietmar

---

@DietmarItsMe wrote:

My assumption is that the DHCP requests  do not get through,

---

Where exactly, which VLAN, ...? The basic untagged (?) UniFi management VLAN or any other VLAN accessed by some dedicated SSID(s)?

Hi  schumaku,

I have  3 WIFI Networks , lets call them WIFI_PRIVATE, WIFI_GUEST, WIFI_IOT and according to these 4 VLANs  

WIFI_PRIVATE = 5 (DM Port 1 - Switch Port  1) PVID 5 Tagged 5

WIFI_GUEST = 15(DM Port 2 - Switch Port  15) PVID 15 Tagged 15

WIFI_IOT = 35(DM Port 3 - Switch Port  20) PVID 35 Tagged 35

Management LAN = 1(DM Port 4 - Switch Port  30) PVID 1 Tagged 1

AP = Switch Port 31 - Tagged for  1,5,15,35 and  PVID  1

The WIFI Networs all do have wired network as well.

And there are 4 DHCP  Servers configured in my Dream Machine

I use 4 uplink cables from my Dream Machine to  the switch . One for each VLAN (I  know  this is not needed, but made it easier for mybrain 🙂

The switch is configured on VLAN 1 to be management VLAN

My thought was, that the AP needs to acquire an IP Address, which should be on the Management VLAN, as this defaults to 1 (I assume) it should come through from Port 31 to 30 and should reach the DHCP there.

Then it spans the  WIFI and communicates on the  tagged Networks according to the LAN Config  that is used on each WIFI.

But the AP just tries to communicate with my DM and then fails. 

As I said, I assume it is the DHCP, bur maybe it is something that I don't see yet.

Any idea what I do wrong?

Thanks

Best guess (at least by default) the UniFi management network is untagged - so keep the port to the AP untagged for the management VLAN 1. PIVD is already set to 1, so now you should be ready to run.

Hi schumaku,

thanks a lot, now it works. I had to switch off my firewall rules between the networks and need to figure out how they need to be set, but this is a different story. 

If there is a hint how to allow management traffic  like DHCP requests m but no other traffic, please let me know 🙂

Thanks a lot

Hi schumaku,

seems my success was called too early. IAfter rebooting the AP the problem stays as I've seen it before.

Here my question.

The DM does not TAG VLAN 1 , and it is impossible to configure it for VLAN 1. Would it be a good decision to configure the DM  Management LAN with VLAN 2.  The switch needs to have  the Management VLAN to be tagged. If the switch defaults to 1 and DM to no Tag, would they even talk together? I assumed the PVID  and an untagged Port would solve this, but does it?

Thanks

Lot's of training seems to be required here - most general VLAN and Ubiquity specific - very few Netgear switch related.

---

@DietmarItsMe wrote:

The DM does not TAG VLAN 1 , and it is impossible to configure it for VLAN 1.

---

Yes, this is siilar to what I mentioned ref. the UniFi APs, too. 

Configure the ports where you are connecting the DM and the APs for VLAN 1 [U]ntagged and PVID 1. This makes the switch sending VLAN 1 frames untagged, the PVID 1 assigns incoming untagged frames to the VLAN 1. (the second is about the only Netgear switch specific thing).

---

@DietmarItsMe wrote:

The switch needs to have  the Management VLAN to be tagged. If the switch defaults to 1 and DM to no Tag, would they even talk together?

---

No. Where is this information coming from? The config says the switch does make use the VLAN 1 for the management. How the management access comes to the switch is not relevant.

The VLAN 1 traffic be on a trunk port where the VLAN 1 it [T]agged (not just on the switch, also the connecting device to this network link - this is what one would typically do if multiple VLANs are transported on the same link - unless devices require one VLAN untagged), or it can be VLAN 1 frames untagged, the PVID 1 assigns incoming untagged frames to the VLAN 1 as explained. 

---

@DietmarItsMe wrote:

I assumed the PVID  and an untagged Port would solve this, but does it?

---

See above.

Hi schumaku,

thanks for filling my knowlege holes 🙂 and helping me out here.

I do have, the DM and AP  on  PVID 1 and [U]ntagged for  VLAN1

All the other VLANs are Tagged on  both ports, my assumption  was that this would be a transparent way through the switch, as a direct connect to the AP to DM on the same DM Port works fine.

The AP  continuously restarts with  "Isolated/Restarting/RFScanning" state. The IP seems to be assigned now.

I'm lost, and the guy I pay for handle my Network suggests to buy a new switch from unify.   I don't want to do this.  😞

Is there a diagram, video or anything out there explaining how the AP and DM communicate, and what kind of traffic needs to be enabled in order they could find and like each other?

Yet another issue that is not a Netgear problem - your config looks fine based on the description, but I would double check things 8-)

Reads to me your APs can't reach the UniFi controller - this is either a the UniFi Cloud Key or the DM - is why ever not reachable, or does hang around in another VLAN and/or IP subnet. Again something that should reside on an untagged VLAN 1 by rule of thumb. Also check the APs (without a tagged management configured - just in case) VLAN and the controller are really on the same subnet (and VLAN).