Reply
Highlighted
Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5
Accepted Solution

Assign public IP's to Unifi routers from edge max(separate Public IP)

[ Edited ]

So, my main router is assigned a x.x.8.254/30 ip and I have 14 static ip's in the x.x.202.44 range for clients I hand out.  Normally I just NAT the internal radio IP to their assign static and everything is great.  However now I have 4 clients using Unifi routers and they want to IPsec VPN all of their networks together.  Unifi routers require a public IP to be set at their level not my internal network for the auto IPsec VPN to work.  Is there anyway to do that with my current setup??

 

Main Router Config is attached.

 

 

network setup here (with airmax radios after the edgeswitch's:

 

network setup.png 

**Sorry about the MS paint diagram**


Accepted Solutions
Established Member
Posts: 1,486
Registered: ‎07-07-2014
Kudos: 324
Solutions: 99

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)


@CptJames32 wrote:

So just set them up as a /24 vlan and don't set a dhcp server for them?


Well you said:

 

"I have 14 static ip's in the x.x.202.44 "

 

A /24 has 256 addresses, what's the subnet of this x.x.202.44 block? Sounds like a /28 Let's say this block is 5.5.202.44/28

 

You make a port on your edgerouter (let's say eth1) with the address 5.5.202.44/28

You plug eth1 into the distribution switch(es) that goes out to your customers.

You can either setup a DHCP scope for this 5.5.202.44/28, or instruct your customers how to manually configure their devices, but you must provide the static IP info to them.  DHCP may be easier if that's what you're doing now, and you can even do static assignments if you know your customers' MAC addresses, that way they don't plug in other devices to your network and use up your precious Public IP space.

View solution in original post

Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

I got it working.

I got a new /28 block and made that block a VLAN.  I then made a NAT exempt rule for those ip's on source nat.

All is now good and working perfectly.

View solution in original post


All Replies
Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Main router IP: 192.168.8.254/30

 

Clients IP's: 192.168.202.44/28

 

 

I have changed the IP's from their real ones these are just place holder's.

Established Member
Posts: 1,486
Registered: ‎07-07-2014
Kudos: 324
Solutions: 99

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

[ Edited ]

Hi @CptJames32 ,

 

Have you looked at this article for different ways in which you can distribute Public IPs?

 

https://help.ubnt.com/hc/en-us/articles/115009504308-EdgeRouter-Routing-How-to-Distribute-Public-IPs

Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Yes,  currently im doing 1 to 1 Nat and have a Nat pool.

 

But for these 4 clients I would like to enter the public ip on their router.  And im not sure how to do that.   Maybe a static route?  I was hoping someone else knew

Established Member
Posts: 1,486
Registered: ‎07-07-2014
Kudos: 324
Solutions: 99

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

It sounds like you're being provided a "Transit Address"

 

I imagine your x.x.8.254/30 sits on one ethernet port

And x.x.202.44 lives on another ethernet port <-- this port is the handoff to your customers, and you can even assign addresses  DHCP via this pool.  It sounds like .44 is your customer's gateway address, and your router's gateway address is your next hop on x.x.8.254/30.

 

Does this sound about right?

Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

that is correct

Established Member
Posts: 1,486
Registered: ‎07-07-2014
Kudos: 324
Solutions: 99

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Then it sounds like a plan! Just treat that x.x.202.44 block as if it was private addresses, it's all the same to a router. Just exclude them from NAT.

Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

So just set them up as a /24 vlan and don't set a dhcp server for them?

Established Member
Posts: 1,486
Registered: ‎07-07-2014
Kudos: 324
Solutions: 99

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)


@CptJames32 wrote:

So just set them up as a /24 vlan and don't set a dhcp server for them?


Well you said:

 

"I have 14 static ip's in the x.x.202.44 "

 

A /24 has 256 addresses, what's the subnet of this x.x.202.44 block? Sounds like a /28 Let's say this block is 5.5.202.44/28

 

You make a port on your edgerouter (let's say eth1) with the address 5.5.202.44/28

You plug eth1 into the distribution switch(es) that goes out to your customers.

You can either setup a DHCP scope for this 5.5.202.44/28, or instruct your customers how to manually configure their devices, but you must provide the static IP info to them.  DHCP may be easier if that's what you're doing now, and you can even do static assignments if you know your customers' MAC addresses, that way they don't plug in other devices to your network and use up your precious Public IP space.

Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

correct its a /28

is there anyway to make the .44/28 a vlan on my current setup?

 

 

edgerouter_mainpage.png

Established Member
Posts: 1,486
Registered: ‎07-07-2014
Kudos: 324
Solutions: 99

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Certainly, set it up the same way you setup eth8.30 or eth8.32.  

Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

I made the correct /28 dhcp server but it errors out when making a vlan.

 

 

edgerouter_mainpage_error.png

Established Member
Posts: 1,486
Registered: ‎07-07-2014
Kudos: 324
Solutions: 99

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

[ Edited ]

@CptJames32 wrote:

I made the correct /28 dhcp server but it errors out when making a vlan.

 

 


Are you sure .144 is your first usable address? Your usable addresses are probably .145 through .158.  Made your edgerouter .145, assign the other 13 to your customers.

Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

[ Edited ]

so I got a new public /28   x.x.200.16   I made that a vlan.  However my router is NATing that to my other public IP's instead of staying how it is.

 

Any idea how to make that vlan (35) so just straight passthrough to the internet?

Member
Posts: 163
Registered: ‎04-18-2016
Kudos: 28
Solutions: 5

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

I got it working.

I got a new /28 block and made that block a VLAN.  I then made a NAT exempt rule for those ip's on source nat.

All is now good and working perfectly.

Reply