UniFi - Virtual Network (VLAN) Troubleshooting

2023-09-24 18:49:55 UTC

UniFi makes it easy to create and manage virtual networks (VLANs), however certain misconfigurations may result in broken network connectivity. This article walks through the most common symptoms and the mistakes associated with them.

Please note that the mistakes described do not apply to VLANs whose VLAN ID is set to 1.

Wireless Clients Unable to Join WiFi

If clients are unable to join a particular WiFi instance, it is usually a result of one or more incorrectly configured switch port that prevents them from receiving an IP address. This commonly occurs after adding a new switch, moving APs, changing port configurations, or creating a new WiFi.

Common Mistakes

1. The VLAN associated with a WiFi instance is configured as the Primary (Native) Network on the AP’s direct uplink port.

1.A.png

Clients will be unable to connect to the Broken WiFi because VLAN 20 is also configured as the Primary (Native) VLAN on the switch port to which the AP is directly connected.

 

2. The VLAN associated with a WiFi instance is not allowed (tagged) on an upstream switch port.

1.B.png

Clients will be unable to connect to the Broken WiFi because VLAN 20 is not allowed (tagged) on an upstream switch port that AP traffic must pass through to reach the gateway and DHCP server.

Valid Configuration

The following image illustrates one example of a functioning configuration. Notice that mistake (1) does not apply here because neither port using VLAN 20 as the Primary (Native) VLAN has an AP directly connected to it.

1.C.png

UniFi Devices Offline or Not Appearing for Adoption

Some network changes, such as adding or moving devices, changing port configurations, or using the Network Override feature, can cause a UniFi device to go offline. This is due to the UniFi device not receiving an IP address, or having an invalid IP address. The same symptoms and solutions apply to wired UniFi devices that cannot be adopted

Common Mistakes

1. The Network Override feature is used to assign a device to a VLAN that is already used as the Primary (Native) Network of the switch port it is connected to. 

2.A.png

The UniFi device will be unreachable because VLAN 20 is also configured as the Primary (Native) VLAN on the switch port to which the device is directly connected.

 

2. The Network Override feature is used to assign a device to a VLAN that is not allowed (tagged) on an upstream switch port.

2.B.png

The UniFi device will be unreachable because VLAN 20 is not allowed (tagged) on an upstream switch port that the device's traffic must pass through to reach the gateway and DHCP server.

 

3. The Primary (Native) Network of a switch port a device is connected to is not allowed (tagged) on an upstream switch port.

2.C.png

The UniFi device will be unreachable because VLAN 10 is not allowed (tagged) on an upstream switch port that the device's traffic must pass through to reach the gateway and DHCP server.

Valid Configuration

The following image illustrates one example of a functioning configuration that also uses the Network Override feature. Notice that mistake (1) does not apply here because neither port using VLAN 20 as the Primary (Native) VLAN has the UniFi device connected to it.

2.D.png

Was this article helpful?
182 out of 390 found this helpful