Cisco ASA with Ubiquity switches and AP's
I have a Cisco ASA 5512x which I use as my router with Cisco switches and AP's. I have configured one of the interfaces for our Guest Wi-Fi which it was working. However I recently got new AP's and switches from Ubiquity and now that Guest Wi-Fi does not work. I want to know if it is just a configuration issue or is there just a flat out incompatibility between the 2 vendors?
Thanks!
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So plug the POE box into the Guest Wi-Fi interface (POE connection) and connect the POE Cable to the Ubiquiti Box
ASKER
I have more then I AP. I have about 8 of them scattered throughout our building. They are all powered through the switch which is POe capable.
ASKER
*1
I think that should work but check the setup documents. The documentation talks about this setup
@Nath603
Are you using a separate physical interface for the guest wifi on your firewall or are you using a sub-interface (sharing one interface with staff network) tagging a vlan for guest wifi?
Are you using a separate physical interface for the guest wifi on your firewall or are you using a sub-interface (sharing one interface with staff network) tagging a vlan for guest wifi?
I think so long as there is a connection to the Ubiquiti box from the POE port, the Controller Software (Unifi) should be able to see it and then the Guest Wi-Fi password can be provided.
@John
It could very well be that simple. A lot is left out about his design. Are these new devices connected to his existing Cisco switches? If so, he is most likely using a separate vlan for the guest wifi. Need more information or clarification from the author on his network layout.
It could very well be that simple. A lot is left out about his design. Are these new devices connected to his existing Cisco switches? If so, he is most likely using a separate vlan for the guest wifi. Need more information or clarification from the author on his network layout.
ASKER
Yes it is a separate physical interface for the guest WiFi that is coming from my ASA to my new ubiquity switch. All my Cisco switches have been replaced with Ubiquity EdgeMax POE switches so I do not have any more Cisco switches.
Did you install Unifi and try seeing the Ubiquiti box(es) and assigning the Wireless credentials?
ASKER
Yes. The controller software is installed. I see all the AP's they are all updated with hte latest firmware and they are broadcasting my 2 wireless signals. However, I can't seem to get the Guest WiFi to pull its connection from the Guest Network interface.
Did you go to the properties of the Access Point in Unifi and enter the Guest wireless IP address and Password. I had to set this up to allow computers to access the Ubiquiti box .
Just for clarification. You have your guest AP's connected to the new Ubiquit switch(s), and that switch is connected to the firewall interface. This switch is completely separate from the rest of the network?
ASKER
There are 2 interfaces that are both plugged into the Ubiquity switches. At this point everything is plugged into the Ubiquity switches. There is the main one which is the WiFi access for staff and then there is the Guest interface which only guest should only use. I am thinking I need to maybe create another vlan for the guest WiFi to use and tag that traffic in order for the "Guest WiFi" to only use the Guest interface. What do you think?
That might be a good idea because the Ubiquiti needs its source IP address so it may be better on a VLAN that is close to the source wireless router
To say a different way, in Unifi for the setup of the Ubiquiti , you need to enter the wirele router IP address and the password of the wireless.
You can temporarily put the Ubiquiti near you on its Ethernet Connection so you see its blue light connection ring
You can temporarily put the Ubiquiti near you on its Ethernet Connection so you see its blue light connection ring
@Nath603
Ok so if you have both firewall interfaces plugged into the switch. You will need to differentiate how your wireless will determine which interface to use. What you want to do is place the switchport connected to the ASA guest wifi interface on a separate vlan and place the ports connected to your guest AP's on the same vlan. If your AP's are broadcasting both the Staff and Guest SSID's. Then they will need to be set up on separate vlans and tag the vlans to the switch. The switch port in this case will need to tag both vlans to the AP's. I hope that was clear.
Ok so if you have both firewall interfaces plugged into the switch. You will need to differentiate how your wireless will determine which interface to use. What you want to do is place the switchport connected to the ASA guest wifi interface on a separate vlan and place the ports connected to your guest AP's on the same vlan. If your AP's are broadcasting both the Staff and Guest SSID's. Then they will need to be set up on separate vlans and tag the vlans to the switch. The switch port in this case will need to tag both vlans to the AP's. I hope that was clear.
ASKER
Let me try that. I will let you here shortly.
ASKER
I wanted to know if there is there a way to configure the Ubiquity switch that the Guest Wi-Fi interface is plugged into to direct traffic from there to all the AP's that are broadcasting the Guest Wi-Fi signal? Or do these 2 vendors not play well together?