Oops! Sorry!!


This site doesn't support Internet Explorer. Please use a modern browser like Chrome, Firefox or Edge.


Tests to be performed on Network Configuration

Network Tests for Ubiquiti Technician (Local Storage)

Network Tests for Ubiquiti Technician (Local Storage)

Test 1: SSID Connectivity and VLAN Assignment

Objective

Verify that each SSID assigns devices to the correct VLAN and provides the expected IP address range.

Procedure

  • TVB WiFi (All 42 VLANs with PPSK):
    • Connect a device to “TVB WiFi” using a tenant’s PPSK (e.g., `kmpn4839` for VLAN 101, Suite 101).
    • Expected Result: The device should be assigned an IP in the correct VLAN subnet (e.g., `192.168.101.x` for VLAN 101) and appear in the UniFi Controller (Clients tab) under VLAN 101.
    • Repeat for a few other tenant VLANs (e.g., VLAN 200, VLAN 300) to confirm PPSK-based VLAN assignment works across floors.
  • Guest WiFi (VLAN 2):
    • Connect a device to “Guest WiFi” using the password `GuestPass123`.
    • Expected Result: The device should be assigned an IP in the VLAN 2 subnet (`192.168.5.x`) and appear under VLAN 2 in the UniFi Controller.
  • IoT_ConfRoom (VLAN 3):
    • Connect a device to “IoT_ConfRoom” using the password `qwer1958`.
    • Expected Result: The device should be assigned an IP in the VLAN 3 subnet (`192.168.3.x`) and appear under VLAN 3 in the UniFi Controller.
  • Ring Cameras (VLAN 8):
    • Connect a test device (or verify an existing Ring camera) to “Ring Cameras” using the password `asdf7203`.
    • Expected Result: The device should be assigned an IP in the VLAN 8 subnet (`192.168.8.x`) and appear under VLAN 8 in the UniFi Controller.
  • Additional Check: Ensure that “Guest WiFi” and “IoT_ConfRoom” SSIDs are only broadcast by the indoor U6-Pro APs, and “Ring Cameras” is only broadcast by the exterior U6-Mesh APs, as specified.

Notes

Test 2: Tenant VLAN Isolation (Inter-Tenant Isolation)

Objective

Confirm that tenant VLANs are isolated from each other, preventing tenants from accessing each other’s devices.

Procedure

  • Connect Device A to “TVB WiFi” with the PPSK for VLAN 101 (`kmpn4839`), assigning it to VLAN 101 (`192.168.101.x`).
  • Connect Device B to “TVB WiFi” with the PPSK for VLAN 102 (`rtyg7291`), assigning it to VLAN 102 (`192.168.102.x`).
  • From Device A, attempt to ping Device B’s IP address (e.g., `192.168.102.x`).
  • Expected Result: The ping should fail, confirming that VLAN 101 cannot communicate with VLAN 102.
  • Repeat for a few other tenant VLAN pairs (e.g., VLAN 200 vs. VLAN 201, VLAN 300 vs. VLAN 301) to ensure isolation across floors.
  • Additional Check: Attempt a network scan (e.g., using a tool like `nmap`) from Device A to see if it can discover devices on VLAN 102. Expected Result: No devices on VLAN 102 should be visible.

Notes

Test 3: Guest Network Isolation

Objective

Verify that the Guest Network (VLAN 2) is isolated from all other VLANs, except for Internet access.

Procedure

  • The technician has already confirmed that VLAN 2 cannot see tenant VLANs, which is good.
  • Additional Test 1: From a device on “Guest WiFi” (VLAN 2, `192.168.5.x`), attempt to ping a device on VLAN 1 (Main LAN, `192.168.1.x`), VLAN 3 (Conf Room/IoT, `192.168.3.x`), and VLAN 8 (Cameras, `192.168.8.x`).
  • Expected Result: Pings should fail, confirming VLAN 2 is isolated from VLANs 1, 3, and 8.
  • Additional Test 2: Attempt a network scan from VLAN 2 to VLANs 1, 3, and 8. Expected Result: No devices should be visible on these VLANs.

Notes

Test 4: Shared Resource Access: Printing (VLAN 10) and Casting (VLAN 3)

Objective

Verify that tenants and Conf Room/IoT (VLAN 3) can access printers on VLAN 10 using ports 9100, 631, and 515, and that tenants can cast to the TV on VLAN 3 using mDNS (UDP 5353). Confirm that the Guest Network (VLAN 2) cannot access VLAN 10 for printing or VLAN 3 for casting.

Procedure

  • Printing Access (VLAN 10):
    • Tenants: Connect a device to “TVB WiFi” with a tenant PPSK (e.g., VLAN 101). Attempt to print to a printer on VLAN 10 (`192.168.10.x`) using a supported protocol (e.g., IPP on port 631 or raw printing on port 9100).
    • Expected Result: Printing should succeed.
    • Conf Room/IoT: Connect a device to “IoT_ConfRoom” (VLAN 3). Attempt to print to the same printer on VLAN 10.
    • Expected Result: Printing should succeed.
    • Guest Network: Connect a device to “Guest WiFi” (VLAN 2). Attempt to print to the printer on VLAN 10.
    • Expected Result: Printing should fail, as VLAN 2 is not allowed to access VLAN 10.
    • Isolation Check: From a device on VLAN 1 (Main LAN) or VLAN 8 (Cameras), attempt to print to the printer on VLAN 10.
    • Expected Result: Printing should fail, as VLAN 1 and VLAN 8 are not allowed to access VLAN 10.
  • Casting Access (VLAN 3):
    • Tenants: Connect a device to “TVB WiFi” with a tenant PPSK (e.g., VLAN 101). Attempt to cast to the TV on VLAN 3 (`192.168.3.x`) using a protocol like AirPlay or Chromecast, which relies on mDNS (UDP 5353).
    • Expected Result: Casting should succeed, and the device should discover the TV via mDNS.
    • Guest Network: Connect a device to “Guest WiFi” (VLAN 2). Attempt to cast to the same TV on VLAN 3.
    • Expected Result: Casting should fail, as VLAN 2 is not allowed to access VLAN 3 for mDNS traffic.
    • Isolation Check: From a device on VLAN 1 (Main LAN) or VLAN 8 (Cameras), attempt to cast to the TV on VLAN 3.
    • Expected Result: Casting should fail, as VLAN 1 and VLAN 8 are not allowed to access VLAN 3 for mDNS traffic.

Notes

Test 5: Internet Access for All VLANs

Objective

Confirm that all VLANs have general Internet access (e.g., HTTP/HTTPS traffic) but that printing and mDNS ports are not exposed to the Internet.

Procedure

  • Connect a device to each SSID and VLAN (e.g., VLAN 101 on “TVB WiFi,” VLAN 2 on “Guest WiFi,” VLAN 3 on “IoT_ConfRoom,” VLAN 8 on “Ring Cameras”).
  • Test Internet access by browsing to a website (e.g., google.com) or running a speed test.
  • Expected Result: Internet access should succeed for all VLANs.
  • Security Check: From an external device (outside the network, e.g., via a mobile hotspot), attempt to access the printer on VLAN 10 (`192.168.10.x`) on ports 9100, 631, or 515, or the TV on VLAN 3 (`192.168.3.x`) on UDP 5353.
  • Expected Result: Access should fail, confirming that printing and mDNS ports are not exposed to the Internet.

Notes

Test 6: Admin VLAN Access (VLAN 120)

Objective

Verify that VLAN 120 (Admin Account) has full access to all VLANs.

Procedure

  • Connect a device to “TVB WiFi” with the PPSK for VLAN 120 (`Hpg31731!`).
  • Attempt to ping devices on VLAN 101, VLAN 2, VLAN 3, VLAN 8, and VLAN 10.
  • Expected Result: Pings should succeed, confirming full access.
  • Attempt to access shared resources (e.g., print to VLAN 10, cast to VLAN 3).
  • Expected Result: Access should succeed.

Notes

Test 7: Camera Functionality and Tenant Camera Service

Objective

Confirm that cameras on VLAN 8 are functioning, isolated, and that the tenant camera service framework is ready.

Procedure

  • Existing Cameras: Verify that the 9 UVC-G5-Dome-Ultra cameras and 4 Ring cameras on VLAN 8 are operational:
  • Check live feeds in UniFi Protect (UniFi Protect > Cameras).
  • Confirm motion and person detection alerts are working (UniFi Protect > Find Anything tab).
  • Expected Result: Cameras should record motion events, send alerts, and provide live feeds.
  • Isolation: From a device on VLAN 101 or VLAN 2, attempt to ping a camera on VLAN 8 (`192.168.8.x`).
  • Expected Result: Ping should fail, confirming VLAN 8 isolation.
  • Tenant Camera Service Framework:
    • Simulate a tenant subscription by adding a test camera on VLAN 8 (if available) or pre-configure the user setup.
    • Create a test user account in UniFi Protect (UniFi Protect > Settings > Users), e.g., “Test_Tenant_200.”
    • Assign the test camera to this user with “Viewer” role, ensuring no access to other cameras.
    • Log in to the UniFi Protect app with the test user credentials and verify:
    • The user can see only their assigned camera.
    • Motion and person detection alerts are received.
    • Expected Result: The test user should have restricted access to only their camera, with functional alerts.

Notes

Test 8: Dual WAN Failover for Premium and Regular Tenants

Objective

Verify that premium tenants use AT&T fiber as primary with Comcast failover, and regular tenants use Comcast with no failover.

Procedure

  • Premium Tenants:
    • Connect a device to “TVB WiFi” with a premium tenant PPSK (e.g., VLAN 101, if designated premium).
    • Check the WAN in use (Settings > Internet in UniFi Controller or trace route to an external site like `8.8.8.8`).
    • Expected Result: Traffic should route through AT&T fiber (WAN 2).
    • Simulate an AT&T fiber outage (e.g., disconnect WAN 2) and re-test Internet access.
    • Expected Result: Traffic should failover to Comcast (WAN 1) seamlessly.
  • Regular Tenants:
    • Connect a device to “TVB WiFi” with a regular tenant PPSK (e.g., VLAN 102, if designated regular).
    • Check the WAN in use.
    • Expected Result: Traffic should route through Comcast (WAN 1).
    • Simulate a Comcast outage (e.g., disconnect WAN 1) and re-test Internet access.
    • Expected Result: Internet access should fail (no failover for regular tenants).

Notes

Test 9: Switch Port VLAN Assignment for Office Wall Jacks

Objective

Confirm that Ethernet wall jacks in offices on floors 2 and 3 (connected to USW-24-G2) assign devices to the correct tenant VLANs.

Procedure

  • Plug a device into a wall jack in an office (e.g., Suite 200, mapped to Port 1 on USW-24-G2).
  • Expected Result: The device should be assigned to VLAN 200 (`192.168.200.x`) and appear in the UniFi Controller under VLAN 200.
  • Repeat for a few other offices (e.g., Suite 201 → VLAN 201, Suite 300 → VLAN 300).
  • Expected Result: Each device should be assigned to the correct VLAN based on the port mapping.
  • Test Internet access and shared resource access (printing, casting) from these devices.
  • Expected Result: Devices should have Internet access and access to VLAN 10 (printing) and VLAN 3 (casting).

Notes

Test 10: Wi-Fi Policy Compliance (Interference Reduction)

Objective

Ensure the network is free from unnecessary wireless interference (e.g., from wireless printers, personal Wi-Fi hotspots).

Procedure

  • Perform an RF scan in the UniFi Controller (Devices > [U6-Pro AP] > Insights > RF Environment) to identify any rogue Wi-Fi signals (e.g., 2.4 GHz or 5 GHz hotspots, wireless printers).
  • Expected Result: No unexpected SSIDs or devices broadcasting Wi-Fi signals that could interfere with the network.
  • If rogue signals are detected, identify the source (e.g., a tenant’s wireless printer) and coordinate with the tenant to disable the wireless radio and connect via cable, as per the new policy.

Notes

Summary of Tests

The technician should perform the following tests:

  1. SSID Connectivity and VLAN Assignment: Verify that each SSID (“TVB WiFi,” “Guest WiFi,” “IoT_ConfRoom,” “Ring Cameras”) assigns devices to the correct VLAN and IP range (e.g., VLAN 101 → `192.168.101.x`, VLAN 2 → `192.168.5.x`).
  2. Inter-Tenant VLAN Isolation: Confirm tenants (e.g., VLAN 101 vs. VLAN 102) cannot communicate with each other (ping and network scans should fail).
  3. Guest Network Isolation: Verify VLAN 2 is isolated from all other VLANs (e.g., VLAN 1, VLAN 3, VLAN 8), except for Internet access (already tested for tenant VLANs).
  4. Shared Resource Access:
    • Printing: Tenants and VLAN 3 can print to VLAN 10 (ports 9100, 631, 515); VLAN 2, VLAN 1, and VLAN 8 cannot.
    • Casting: Tenants can cast to VLAN 3 (UDP 5353); VLAN 2, VLAN 1, and VLAN 8 cannot.
  5. Internet Access for All VLANs: Confirm all VLANs have general Internet access (e.g., HTTP/HTTPS), but printing/mDNS ports are not exposed externally.
  6. Admin VLAN Access (VLAN 120): Verify VLAN 120 has full access to all VLANs (ping, printing, casting).
  7. Camera Functionality and Tenant Camera Service: Confirm cameras on VLAN 8 work (live feeds, motion/person detection alerts), are isolated, and the tenant camera service framework is ready (user accounts, restricted access).
  8. Dual WAN Failover for Premium and Regular Tenants: Verify premium tenants use AT&T fiber with Comcast failover, and regular tenants use Comcast with no failover.
  9. Switch Port VLAN Assignment for Office Wall Jacks: Confirm Ethernet wall jacks (USW-24-G2) assign devices to the correct tenant VLANs (e.g., Suite 200 → VLAN 200).
  10. Wi-Fi Policy Compliance (Interference Reduction): Perform an RF scan to ensure no rogue Wi-Fi signals (e.g., wireless printers, hotspots) interfere with the network.

These tests will ensure your network is secure, reliable, and meets the needs of all tenants, including access to shared resources, Internet connectivity, and camera services.

© The Vault Buildings and JV Development, LLC.