My goal is to put all guest network traffic from the Ubiquiti Unifi access points onto their own subnet using VLAN 20 on a series of HP Procurve 2610-48-PWR switches.
The Unifi Access controller allows me to set the guest network to work with a given VLAN ID, which I obviously set to 20.
I want all guest traffic to be filtered to our secondary ISP on a separate firewall that will also issue DHCP addressing. The ISP runs to a firewall that runs to a web filter, then to the central Procurve. The Procurve then splits to the other two Procurves in the other wings of the campus.
On the Procurves, I configured each to use VLAN 20 over the designated subnet and tagged every port that has an access point plugged into it. All three switches have IP addresses that are contained within the desired subnet.
I was under the impression that configuring a VLAN with the same ID on each connected switch, as well as supplying an IP address within the correct addressing scheme would allow them to communicate. The switches can communicate with each other over the separate subnet, but they can't reach the filter or the firewall. They also can't reach a client plugged into the switch with a statically assigned IP address in the correct subnet.
I have been at this for a few hours and am running out of ideas. Any advice would be much appreciated.
Best Answer
First off, the switches don't have to have an address in VLAN 20; in fact you absolutely don't want that. (unless you want guests hacking into your switches) VLAN 20 should exist on ports connected to (a) the APs, (b) the inter-switch links, and (c) the router infrastructure (firewall, etc.) That will be tagged everywhere but the access ports going to the router/firewall/etc.
(Your switches aren't routers; they're just layer-2 switches. The address they're assigned is for management.)