network

VLAN for Guests with Ubiquity: Unifi USG, USW8-150, AC-Pro, AC-LR and other stuff

This posts is merely an overview of what I did to get my WLAN guests, who access the Internet through the hotspot feature of the USG and the Unifi controller,through a VLAN so that they are not part of my own private network. (security)

This handout only applies when you own some gear of Ubiquity. (I have also other hardware, here you might have to make some configuration as well, my situation is explained.

What hardware is in the network
USG Router – US 8-150W switch – AC-Pro, 2 x AC-Lite AccessPoint (Unifi stuff)
1x TP-Link TLSG108E (Smart Switch)
2x Dump switch 5 port Netgear (not important in this story)
1x TP-Link TLSG2216 (Smart Switch)

1st Create a guest network with VLAN100. Do this only if you have the USG. If you do not have an USG this does not apply cause the network part in the controller is for use with the Unifi USG router.

If you use “Guest” it is already isolated from your corporate LAN.
Modify other settings like DHCP in this menu. This I do not explain.

Now make sure your SSID for your guests can be on a VLAN

This is the most important part.

Notice: I have an US-8-150W. When creating a VLAN Guest network in the profiles part of the controller the ports will be configured automatically. As long as you have all profiles accepted on the ports, the VLAN will directly work if your AccessPoint is directly connected to the Unifi Switch.

In my situation I have 2 AccessPoints behind a smart switch and 1 AccessPoint connected to a dumb switch what is connected to the US-8-150W (all devices eventually come to the US-8-150W as the uplink is the USG Router).

A simple test towards the AP connected to the dumpswitch is showing that the VLAN is working

To have the VLAN100 working towards the other APs you need to tag the ports in other smart swiches. In my situation 2 different TP-Link devices

Tips for the TP-Link: TLSG108E: enable 802.1Q (no need to set the 802.1Q PVID setting)

In my example you see that port 1 and port 6 are tagged with VLAN 100. Port 1 is the uplink port towards the other switch (the unifi switch) and port 6 is the port towards the AccessPoint

Apply and save the configuration and your guests can access the guest portal over VLAN

the TP-Link SG2216 is a business smart switch so the screens are a little different

Here you see the VLAN section of the SG2216 where I tagged port 16 (uplink port towards the Unifi Switch) and port 10 connected to the AccessPoint. Now this AccessPoint is also serving VLAN towards my Guests.

Maybe you wonder what will happen to your normal LAN clients when you enable or tag ports on VLAN100: your normal LAN is not tagged and the switches will forward your data normally.

XP Home: cannot access network shares

Many users report issues with sharing folders under XP Home, after getting a machine with this issue we could do some testing today.

First: the issue is about: trying to access a XP Home machine, where you can ‘logon’ to the Machine, but accessing the actually shared folders will be denied.

Irritating if you want to access your downloaded prOn movies from your PC and play it on your TV through your MediaPlayer.

Under XP/Vista you can read: Not enough server storage is available to process this command ..

Under Linux with a CIFS mount you can read: CIFS VFS: cifs_mount failed w/return code -12

The errors refer to a memory issue. It was very hard to find the solution as the Help of Microsoft is a crime…  finally we found the reason: certain virus scanners like: NOD32, Norton Antivirus, IMB AntiVirus is causing you not to access network shares.

With a simple registryfix you can solve it.

Redesigning Study Room

Today we redesigned the study room which is our control room. The HiFi installation, the PC’s, the Notebook, the Server .. (around 4 UTP connections are in the wall so short cables is the only thing we need).

The server was moved to the livingroom (yeah, we have UTP there as well) on Saturday. Around 16.00h Sunday we moved it back to the study again. No downtime .. the UPS is alive ;-) About 1 or 2 minutes 20 seconds no network activity. It’s patched through a main connection to the main switch so no extra switches are used.

A little geeky but if it’s working, it is working great.

CFULLHDMA: Trying to understand Samba

The Conceptronic CFULLHDMA has an automatical way of finding Samba Shares, to make life easy for customers. The device is using ‘smbtree’ for this purpose. smbtree is a text based network browser.

As I do a lot of testings I suddenly did not get any samba share to see on the CFULLHDMA anymore. Bummer, a bug? let’s find out …

Normally I have 6!! Samba shared devices in my network. Suddenly, after rebooting a PC (XP) and a NAS I lost all Samba shares to bee seen in my CFULLHDMA, reboot, turn off / turn on .. nothing helped.

Analyzing I found out following:

the smbtree was generating an error on the CFULLHDMA.

smbtree
session request to 192.168.1.30 failed (Called name not present)
Data overflow in cli_receive_trans

the 192.168.1.30 is my printserver, turning off that device only gave totally no output on running smbtree.

Using the same utility ‘smbtree’ on my Centos webserver (where aroundmyroom.com is running at) generated the same error. For me it meant that it was not a bug on my CFULLHDMA but a general ‘error’ within my network. Checking my network neighbourhood at my XP machine revealed only 1 samba share: a rebooted nas device I had to reset to factory defaults and modified on IP level again (fixed) and where I changed its Samba Share name as well. The rest of my shares were even not seen at my XP system, Linux Server or CFULLHDMA.

To solve the issue I did following:

I rebooted my DSL modem (router / dns / dhcp device) &

Upgrade internal network

Upgraded my internal network (home) with a new ‘dumb’ 16 port Gigabit (11″ rack version) switch for test.

Directly I saw issues with my network not being correctly wired (sigh) .. Causing the link to the internet to be down. After checking all wires finally found 2 wires causing some serious issues. Now all devices do have Gigabit, only my own PC is connected at 100MBit still so I will upgrade that probably later to check the performance.

Message to Self: CentOS 4.4 & Bluequartz

Onboard SIS900 network card issue with Centos 4.4 & Bluequartz and no network activity available even when all config info says it is (with Linux version 2.6.9-42.0.2.EL). Problem found in disabled APM / ACPI. When disabled the 2.6.9-42.0.2.EL will not be able to communicate through the network card. When enabling APM / ACPI it is.

This error was not seen when using Linux version 2.6.9-22.0.2.EL 

I removed all kernels in between and now CentOS together with my BlueQuartz services is running fine. Even when I will have a power shutdown again ;-) Enig klein probleem wat ik heel even tegen kwam, waren de 2 volgende meldingen:

Sep  6 19:26:49 wb kernel: CPU0: Running in modulated clock mode
Sep  6 19:26:54 wb kernel: CPU0: Temperature above threshold

Changed some BIOS settings this morning. Info of temperature is not measured. Maybe that’s a solution