New Member
Posts: 8
Registered: ‎06-20-2014

newbie and almost good to go except for one last thing

I have the following:

Edgerouter POE 5 port using the config found here with no modifications: link
Unifi AP

I have both wireless and wired pulling the correct IP addresses but have one issue. I cannot access devices that are using the opposite connection method.

IE: Wireless (192.168.2.10) cannot access wired file server (192.168.1.2)

What do I need to do to allow cross communication? 

 

Thank you for your time and assistance!

Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 387
Solutions: 40

Re: newbie and almost good to go except for one last thing

Go ahead and post your config for us to look at.  I would expect to find an issue with one of the dhcp server's not giving a default route to the hosts though.

New Member
Posts: 8
Registered: ‎06-20-2014

Re: newbie and almost good to go except for one last thing

I am looking for how to do this now. Do I just export my config file and upload it somewhere? I am reading the CLI primer but haven't figured it out yet.

New Member
Posts: 8
Registered: ‎06-20-2014

Re: newbie and almost good to go except for one last thing

Alright I think I got it all. When I try and post it I am told "Message cannot exceed 20,000 characters."

I will break it up.

ubnt@ubnt:~$ show configuration                                                 
firewall {                                                                      
    name WAN_IN {                                                               
        default-action drop                                                     
        description "WAN to internal"                                           
        rule 10 {                                                               
            action accept                                                       
            state {                                                             
                established enable                                              
                related enable                                                  
            }                                                                   
        }                                                                       
        rule 20 {                                                               
            action drop                                                         
            state {                                                             
                invalid enable                                                  
            }                                                                   
        }                                                                       
    }                                                                           
    name WAN_LOCAL {                                                            
        default-action drop                                                     
        description "WAN to router"                                             
        rule 10 {                                                               
            action accept                                                       
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            state {
                invalid enable
            }
        }
    }
interfaces {
    ethernet eth0 {
        address 192.168.1.1/24
        description "Local 2"
        poe {
            output off
        }
    }
    ethernet eth1 {
        address dhcp
        description Internet
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        poe {
            output off
        }
    }
    ethernet eth2 {
        description Local
        poe {
            output 24v
        }
    }
    ethernet eth3 {
        description Local
        poe {
            output off
        }
    }
    ethernet eth4 {
        description Local
        poe {
            output off
        }
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.2.1/24
        description Local
        switch-port {
            interface eth2
            interface eth3
            interface eth4
        }
    }
}

 

New Member
Posts: 8
Registered: ‎06-20-2014

Re: newbie and almost good to go except for one last thing

service {
    dhcp-server {
        shared-network-name LAN1 {
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                start 192.168.1.21 {
                    stop 192.168.1.240
                }
            }
        }
        shared-network-name LAN2 {
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                start 192.168.2.21 {
                    stop 192.168.2.240
                }
            }
        }
    }
    dns {
        forwarding {
            listen-on eth0
            listen-on switch0
        }
    }
    gui {
    }
    nat {
        rule 5010 {
            outbound-interface eth1
            type masquerade
        }
    }
    ssh {
    }
}
system {
    login {
        user ubnt {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
}

 

New Member
Posts: 8
Registered: ‎06-20-2014

Re: newbie and almost good to go except for one last thing

I tried reseting the router and using the built in wizard to produce the config above. 

Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 387
Solutions: 40

Re: newbie and almost good to go except for one last thing

Your config is correct.  What are your UniFi settings for the wireless?  Make sure that you do not have Guest Policy Checked as this will block access to you LAN.

The first pic below has guest policy enabled and the second pic does not.  Yours should look like the second if you want access to your wired network.

UniFi Guest.png
UniFi Secure.png
New Member
Posts: 8
Registered: ‎06-20-2014

Re: newbie and almost good to go except for one last thing

[ Edited ]

I tried going into the settings of the AP but it shows disconnected? Wifi connections and DHCP are still working though.

New Member
Posts: 8
Registered: ‎06-20-2014

Re: newbie and almost good to go except for one last thing

I have reset and reprovisioned the AP and it is now showing as connected. I keep learning more so that is a good thing. I just want to get the rest of the house back online this weekend before I have to go back to work!

I viewed my settings and they appear to mirror yours. Any other thoughts?

 

Capture.PNG
Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 387
Solutions: 40

Re: newbie and almost good to go except for one last thing

[ Edited ]

First.  In regards to the AP showing disconnected.  This simply means that it was not connected to the controller at that time and the controller could not talk to it.  Has nothing to do with operational status of the AP.

OK, back to troubleshooting your issue....

Do you have more than one computer, printer, etc. capable of wired connection?  Disconnect the AP and place a wired computer on that port.  I assume this is eth0?  See if it can ping or access any device on the other subnet.  The idea here is to identify where the problem is.  Routing or AP.  I still suspect it is with the AP.  You could also try moving the AP to one of the switch ports at the same time to see if you get access to the file server.

I'm going to look back at earlier posts and see if I see anything else.

Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 387
Solutions: 40

Re: newbie and almost good to go except for one last thing

[ Edited ]

@sephronis wrote:

I have the following:

Edgerouter POE 5 port using the config found here with no modifications: link
Unifi AP

I have both wireless and wired pulling the correct IP addresses but have one issue. I cannot access devices that are using the opposite connection method.

IE: Wireless (192.168.2.10) cannot access wired file server (192.168.1.2)

What do I need to do to allow cross communication? 

 

Thank you for your time and assistance!


This confuses me.....

Your config shows eth0 has IP 192.168.1.1/24 and switch0 (ports eth2, eth3, & eth4) is 192.168.2.1/24.  Your first statement shows wireless has address 192.168.2.10 and the wired server has address 192.168.1.2.  Is the AP on switch0 and the wired server on eth0?  This is backwards from what I would expect.  Has topology on the network changed from your first post?  If so, what is the current topology?  How is the IP address assigned to the file server to keep a static address?

New Member
Posts: 8
Registered: ‎06-20-2014

Re: newbie and almost good to go except for one last thing

Eth0 = LAN
Eth1 = WAN
Eth2 = WIFI AP

Is this incorrect?

For the moment I just moved the access point to the switch as I had no more time to test so far today. The little ones needed their cartoon fix.
Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 387
Solutions: 40

Re: newbie and almost good to go except for one last thing

There is no real incorrect.  With your config everthing except eth1 are lan ports.  Two different subnets however.  eth0 is one subnet and switch0 (eth2, eth3, & eth4) are another subnet.  Many people put the AP one eth0 and the wired lan on switch0.  There is no real right or wrong for this.  It's all personal preference.

OK.  eth0 (1921.168.1.1/24 network) File server is connected to this port with an address of 192.168.1.2.  There is no static address assignment on your code, how is this server getting its static address?

Highlighted
Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 387
Solutions: 40

Re: newbie and almost good to go except for one last thing


@sephronis wrote:
The little ones needed their cartoon fix.

Important activity.Thumbsup