Cisco Business 250-24T-4X Smart Switch and Ubiquiti APs issue

Has anyone experienced issues with Ubiquiti APs and Cisco Switches?

I am experiencing a problem with APs that cannot reconnect to the controller when APs are assigned more than one WLAN and VLAN tag on its trunk port.

Details:

  • UnifiController: 6.5.54 on linux
  • Cisco Business 250-24T-4X Smart Switch
  • FlexHD APs - Firmware tested 5.60.18, 5.60.19 and 5.43.32

Network configuration:

3 vLANs:

  • Management (wired only) Native vLAN 1099 [172.16.99.0/24]
  • HOME (wifi and wired) vLAN 1088 [172.16.88.0/24]
  • IOT (wifi and wired) vLAN 1022 [172.16.22.0/24]

The UnifiController has all the networks and wireless defined:

  • MANAGEMENT is the Unifi default network. The port connected to the controller is an ACCESS mode Native VLAN 1099 [172.16.99.0/24] - APs use Management VLAN for configuration and adoption.
  • HOME Network and Wireless (VLAN 1088) [172.16.88.0/24]
  • IOT Network and Wireless (VLAN1022) [172.16.22.0/24]

Netgate 2100 pfSense:

  • DHCP on Management segment has option 43 set UnifiController IP
  • each AP has a registered IP via DHCP

Cisco Business 250-24T-4X Smart Switch:

  • Each AP interface was set to the following:
interface GigabitEthernet6
  description "AP-XX"
  switchport mode trunk
  switchport trunk native vlan 1099
  switchport trunk allowed vlan 1022,1088,1099

trunks are using global dot1q

Steps taken:

  1. Created the networks in UnfiContorller: Management, HOME, and IOT
  2. Create HOME and IOT wireless
  3. Create WLAN groups to toggle AP WLAN assignments as necessary
  4. Configure Trunk port with native VLAN to 1099 and tagged 1088 for HOME
  5. Toggle in UnifiController, ALL AP group to only have HOME WLAN
  6. Adopt AP - everything works as expected, AP is managed, clients connect traffic flows, can reboot AP, it comes back.
  7. Configure APs switch Port to add IOT tagged VLAN (1022)
  8. Toggle in UnifiController ALL AP group to include IOT WLAN
  9. In the Controller the AP status changes to provision, restart and then flipped to its default IP 192.168.1.20 and never connects back to the controller but always attempting to adopt.

I can force the AP back into the controller by removing the IOT WLAN from the ALL group and removing the IOT VLAN tag from the trunk port.

I have tried the AP with different versions of the firmware, same result. I cannot get the APs to connect back to the UnifiController or broadcast with more than one WLAN/VLAN combination.

Any insight would be greatly appreciated.

Thanks,
Kevin