Assign public IP's to Unifi routers from edge max(separate Public IP)

CptJames32 · ‎04-18-2016

So, my main router is assigned a x.x.8.254/30 ip and I have 14 static ip's in the x.x.202.44 range for clients I hand out. Normally I just NAT the internal radio IP to their assign static and everything is great. However now I have 4 clients using Unifi routers and they want to IPsec VPN all of their networks together. Unifi routers require a public IP to be set at their level not my internal network for the auto IPsec VPN to work. Is there anyway to do that with my current setup??

Main Router Config is attached.

network setup here (with airmax radios after the edgeswitch's:

network setup.png

**Sorry about the MS paint diagram**

jms33 · ‎07-07-2014

@CptJames32 wrote:
So just set them up as a /24 vlan and don't set a dhcp server for them?

Well you said:

"I have 14 static ip's in the x.x.202.44 "

A /24 has 256 addresses, what's the subnet of this x.x.202.44 block? Sounds like a /28 Let's say this block is 5.5.202.44/28

You make a port on your edgerouter (let's say eth1) with the address 5.5.202.44/28

You plug eth1 into the distribution switch(es) that goes out to your customers.

You can either setup a DHCP scope for this 5.5.202.44/28, or instruct your customers how to manually configure their devices, but you must provide the static IP info to them. DHCP may be easier if that's what you're doing now, and you can even do static assignments if you know your customers' MAC addresses, that way they don't plug in other devices to your network and use up your precious Public IP space.

View solution in original post

CptJames32 · ‎04-18-2016

I got it working.

I got a new /28 block and made that block a VLAN. I then made a NAT exempt rule for those ip's on source nat.

All is now good and working perfectly.

View solution in original post

CptJames32 · ‎04-18-2016

Main router IP: 192.168.8.254/30

Clients IP's: 192.168.202.44/28

I have changed the IP's from their real ones these are just place holder's.

jms33 · ‎07-07-2014

Hi @CptJames32 ,

Have you looked at this article for different ways in which you can distribute Public IPs?

https://help.ubnt.com/hc/en-us/articles/115009504308-EdgeRouter-Routing-How-to-Distribute-Public-IPs

CptJames32 · ‎04-18-2016

Yes, currently im doing 1 to 1 Nat and have a Nat pool.

But for these 4 clients I would like to enter the public ip on their router. And im not sure how to do that. Maybe a static route? I was hoping someone else knew

jms33 · ‎07-07-2014

It sounds like you're being provided a "Transit Address"

I imagine your x.x.8.254/30 sits on one ethernet port

And x.x.202.44 lives on another ethernet port <-- this port is the handoff to your customers, and you can even assign addresses DHCP via this pool. It sounds like .44 is your customer's gateway address, and your router's gateway address is your next hop on x.x.8.254/30.

Does this sound about right?

CptJames32 · ‎04-18-2016

that is correct

jms33 · ‎07-07-2014

Then it sounds like a plan! Just treat that x.x.202.44 block as if it was private addresses, it's all the same to a router. Just exclude them from NAT.

CptJames32 · ‎04-18-2016

So just set them up as a /24 vlan and don't set a dhcp server for them?

jms33 · ‎07-07-2014

@CptJames32 wrote:
So just set them up as a /24 vlan and don't set a dhcp server for them?

Well you said:

"I have 14 static ip's in the x.x.202.44 "

A /24 has 256 addresses, what's the subnet of this x.x.202.44 block? Sounds like a /28 Let's say this block is 5.5.202.44/28

You make a port on your edgerouter (let's say eth1) with the address 5.5.202.44/28

You plug eth1 into the distribution switch(es) that goes out to your customers.

You can either setup a DHCP scope for this 5.5.202.44/28, or instruct your customers how to manually configure their devices, but you must provide the static IP info to them. DHCP may be easier if that's what you're doing now, and you can even do static assignments if you know your customers' MAC addresses, that way they don't plug in other devices to your network and use up your precious Public IP space.

CptJames32 · ‎04-18-2016

correct its a /28

is there anyway to make the .44/28 a vlan on my current setup?

jms33 · ‎07-07-2014

Certainly, set it up the same way you setup eth8.30 or eth8.32.

CptJames32 · ‎04-18-2016

I made the correct /28 dhcp server but it errors out when making a vlan.

jms33 · ‎07-07-2014

@CptJames32 wrote:
I made the correct /28 dhcp server but it errors out when making a vlan.

Are you sure .144 is your first usable address? Your usable addresses are probably .145 through .158. Made your edgerouter .145, assign the other 13 to your customers.

CptJames32 · ‎04-18-2016

so I got a new public /28 x.x.200.16 I made that a vlan. However my router is NATing that to my other public IP's instead of staying how it is.

Any idea how to make that vlan (35) so just straight passthrough to the internet?

CptJames32 · ‎04-18-2016

I got it working.

I got a new /28 block and made that block a VLAN. I then made a NAT exempt rule for those ip's on source nat.

All is now good and working perfectly.

Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Re: Assign public IP's to Unifi routers from edge max(separate Public IP)

Company

In the News

Training

Buy Now

Social