Can’t get Internet connection from VLAN.

[MrPresBear]

Hello all. Longtime viewer, first time poster. I’ve recently taken over IT for a private medical practice with a fairly high (75) amount of staff. In the past few months I’ve replaced an older generation Dell Sonicwall with a gen 7 model (TZ 270) and replaced their ancient Rukus APs with 3 UniFi AP-AC-Pros which I manage through the UniFi controller software on the PC that hosts our server VMs. I’ve set it all up through the 2 existing ZyXEL GS1910-48 switches running firmware 2.0 (the most recent version I can find in their website, though they’ve reached EoL)
 

I’ve built the main and guest networks on both the Sonicwall and the UniFi panel and everything works fine. My problem lies in VLANs. I’d like to add a 3rd network for a specific group of staff primarily using wireless devices that is completely isolated from our production network. I’ve created the VLAN under X0 in the Sonicwall and created the DHCP lease scope, then allowed the VLAN tag through the port of the AP I’m using for testing on the switch, then finally created the Network in UniFi using the VLAN only checkbox and assigning its tag. Once completed, I have a broadcasting network that can’t connect to internet or even give an IP address.
 

Is there a step I’m missing somewhere? Feels like I’m close but a step or two off. I’d appreciate any ideas you have, as I’m at a loss. 

[itsparks]

Did you create the network in unifi and set vlan only ? then add that to the wireless / network ?

 

I do this on a daily basis and what you said you did should work..  Unless you missed the step i suggested. 

 

Funny though, i just setup 10 tz270's today.

 

 

[LAwLz]

So you got a Sonicwall firewall that is acting DHCP and default gateway for this new VLAN. Correct?

Assuming everything is configured correctly on there (for example subinterface created correctly if that's what you use) then the issue is probably on some link between the firewall and the end device. Are you sure all switches have the same VLAN configured in their VLAN database? Typically, switches won't pass traffic tagged to a VLAN that they don't have configured.

 

In other words, if you created VLAN 10 on the firewall and the access points, you also need to make sure that VLAN 10 exists on all switches in-between, and that the VLAN is allowed on all links that the traffic may pass through.

 

 

It might be a good idea to rule out the UniFi part of the equation as well by configuring an access port on one of the switches that belongs to the same VLAN, and then connect a PC with a cable to it. If it works by doing that, then the issue is probably in your UniFi config.

[MrPresBear]

5 hours ago, LAwLz said:

So you got a Sonicwall firewall that is acting DHCP and default gateway for this new VLAN. Correct?

Assuming everything is configured correctly on there (for example subinterface created correctly if that's what you use) then the issue is probably on some link between the firewall and the end device. Are you sure all switches have the same VLAN configured in their VLAN database? Typically, switches won't pass traffic tagged to a VLAN that they don't have configured.

 

In other words, if you created VLAN 10 on the firewall and the access points, you also need to make sure that VLAN 10 exists on all switches in-between, and that the VLAN is allowed on all links that the traffic may pass through.

 

 

It might be a good idea to rule out the UniFi part of the equation as well by configuring an access port on one of the switches that belongs to the same VLAN, and then connect a PC with a cable to it. If it works by doing that, then the issue is probably in your UniFi config.

Thank you sir. After reading through your response and checking my work, I found I only applied the VLAN tag to the port of the AP, not the other links the traffic flows through. After I applied the proper settings, my devices immediately had a connection with a different IP and subnet. Thanks again for your quick response!