I suggest to review the following document to deploy a high availability setup
Now we've allowed the access to USG additionally via SSH, but from local LAN subnet only. Works so far.
By connecting the Ubiquiti APs to the tagged port you are putting the APs in the Vlan and therefore their management IP addresses are in that Vlan. I’m guessing your Ubiquiti controller is in a different Vlan and cannot reach the AP.
What you want to do is configure a guest SSID on the Ubiquiti AP and tag it for a particular Vlan on the AP (Configured in the Ubiquiti controller). Then set up the switch port to allow both the management Vlan (probably default of Vlan 1) and the guest Vlan traffic. Untagged packets should be tagged with the management Vlan not the guest Vlan.
Thank you very much, it helped me a lot to clarify some doubts. Already working
I have a USG40 and tested with 192.168.252.0/255.255.254.0 IP pool start address 192.168.252.2 pool size 509
first device gets IP 192.168.253.0
second device gets IP 192.168.252.2
I then changed the IP pool start address 192.168.252.255 pool size 2
second device gets IP 192.168.252.255
So it seems the starts in the middle then to low if I had more devices it might likely get 192.168.253.1
Its not subnet overlap as your using the correct subnet for a bigger IP space so it may be simply be the way DHCP hands out IP's.
Set pool size to 205 this will make 172.31.3.1 to one device then add one more and the DHCP puts the device in the 172.31.2.xxx range.
Bienvenida al foro.
To enable access the internal server a policy allowing traffic to RDP port (3389 TCP), and a NAT (Network address translation) to your internal server.
This video could help to you:
Saludos / Regards
Hi @GingerMonkey ,
I would like to explain again for your configuration and hope it would be more easily to understand.
In your original configuration, the traffic of VLAN 10 and 30 are untagged out to the AP due to the PVID setting.
The packet flow will be like below: (From left to right are NSG > SW > AP > Wireless Client)
After you correct the PVID, the packet flow will be like this:
The reason why you see there is no problem when you use wired connection is the packet flow will be like below without any issue: (NSG > SW > Wired Client)
Same is VLAN 30.
Hope it helps.
In my config it's here:
Given Client names for manually named devices (in Gateway > Clients / Switch > Clients / AP > Clients) should be displayed in NSG > Monitor > Security Gateway > Live Tools > DHCP Leases.