Good morning guys, with the colleague we are following a company for which about 40 U6-LR and a UDM-PRO have been purchased, with a view to replacing the very old Cisco access points, driven by two dying wireless controllers (both are kept on with a spit and two prayers :D ...).
A small important premise: currently the Cisco controllers are each connected with 4 ports to HPE Aruba 2530 switches in trunk configuration, where the 8 trunk ports (4 each wireless controller) are configured with "untagged" on the VLAN100 that gives ip to the two controllers and access points and as tagged on the VLAN20 that gives ip address to clients connected in Wi-Fi (phones, pc, etc.). The individual Cisco access points are attached to the various switches and configured with only their eth untagged port on the VLAN100. And they work without problems. Dhcp and routing of everything is managed by a dedicated firewall with OPNSense.
Currently discarded the idea of using the UDM-Pro as a controller, mainly for a problem of dual nat and not apparent total compatibility with the HPE Aruba 2530 switches, I decided to put, for now, in production a virtual machine under Hyper-V with the Ubiquiti controller. This machine is connected to a switch with a port configured as a trunk, untagged on the VLAN100 and tagged on the VLAN20. In the controller is disabled both the lan (I noticed that ubiquiti do strange things with the lan) and the dhcp and are present, as controller's networks, the VLAN100 dedicated to the ips of the access-poit and the VLAN20 dedicated to the ip of the clients (set the latter in the management of the Wi-Fi network). For scruple I also put the dhcp option 43, converting the ip of the controller to hexadecimal, to be sure that the access points find without problems the way home :D.
Now comes the beauty, which is making us literally crazy: if the individual Ubiquiti access points, are connected to the switches untagged on the VLAN100 (like the Cisco, which work without problems!!!), they only take the ip of their network, but do not assign ip to the clients connected in wi-fi, as if the package related to the VLAN20 did not pass. To make the wi-fi network work, I have to, for each port to which the access points are connected, tag the VLAN20, and actually everything starts to work...
It's bizarre because regardless of everything each switch is interconnected via 4th trunk... I came up with a suspicion, which until next week I will not be able to verify: is it possible that the network card assigned by hyper-v does not correctly handle the passage of the tagged vlan20 between switch and network card? For example, remember that the "Intel PRO/1000" network adapters do not actually handle the vlan tag. The current one, on the other hand, is a Qlogic.