04-17-2018 03:26 AM
Essentially, someone bought the Edge Router Pro (non PoE, no built in switch) and I decided to put it to some use as its just sitting there.
We have multiple networks in the office and I thought I would try and tidy it up, but I'm not able to figure out whether this can even do what I need, let alone the correct way to configure it. I have a feeling if someone knows the equipment they will just say this isn't the kit I need for this job (perhaps because it has no built in switch I suspect?).
Below is a desciption of how I planned to configure (each port being a different network, but also assigned to a VLAN so the wireless devices could get onto the right network by joining the correct wifi.
eth0 is the WAN link out
eth1 (VLAN11) office network (PCs servers and office peripherals: printers
eth2 (VLAN12) phone network (office VoIP phones)
eth3 (VLAN13) test network (mainly just voip phones)
eth4 (VLAN14) training room (VoIP phones, laptops and chromecast streaming to screen for training)
eth5 (VLAN15) Guest Network - possibly speed limited, probably isolated from other devices (believe this can be done with Unifi
eth6 (untagged?) Unifi (zero handoff) -
eth7 (untagged?) Unifi (zero handoff) -
eth1 (VLAN11) needs to be able to communicate with all except eth5 (vLAN15 - GuestNetwork)
FYI: I have multiple smart switches daisy chained both PoE (to power the phones), and non PoE (for general ethernet equipment).
I started by assigning the LANs on the ports with their respective network addresses in [dashboard] and created DHCP servers in [services] to match those addresses. - That arrangement worked fine.. then I realised I can't add the vLAN to a port that way (to add the tags so the wireless could work with them).
So I chose eth4 (training room) to test. I created the vLAN interface in the GUI, gave it vID:14 and assigned it to eth4 with an IP address that I had created a DHCP server for (192.168.4.0/24). Just to test it worked, I plugged a VoIP phone into eth4 and it didn't pick up an IP address, so I configuired the phone with vID:14 and it still wouldn't even pick up DHCP.
So if I can't even get that part working, I think the overall plan is a bit of a stretch
Can anyone volunteer whether the plan above is possible/practical on an Edge Router Pro?
Having looked at the EdgePoE(5port) which I am about to try and configure with a reduced number of networks, I seem to be presented with more options for making ports vLAN aware, so I'm assuming the built in switch does help to manage this configuration, although I am a GUI user and not too familiar with CLI..
Maybe the smaller device is the best for the job, but I was asuming the Edge Pro would be less taxed by so many networks running on one device (the 5 port PoE does run pretty hot after all).
Thanks in advance for any thoughts.
04-17-2018 03:43 AM - edited 04-17-2018 03:47 AM
Actually the ER doesn't need VLANs at all.
eth0-7 configured as plain ethernet interface, no VLAN, just an IP, DHCP and stuff.
all ports connected to a vlan-capable switch. The switch ports are configured with a pvid so that all packets hitting switch port 3 (from ER-eth3) get tagged with as VLAN, e.g. VLAN 30. Configure the uplink port to the access point as trunk and add all VLAN ids as tagged. Assign the VLAN ids to the corresponding ssids in the access point and it should work without any issues.
The firewall in the ER handles the traffic between eth0-7 and basically look like this:
allow destination 192.168.10.0/24 (VLAN 10 at switch) from source 192.168.30.0/24 (VLAN 30 at switch)
drop destination 192.168.10.0/24 (VLAN 10 at switch) from source 192.168.40.0/24 (VLAN 40 at switch)