Emerging Member
Posts: 54
Registered: ‎07-14-2015
Kudos: 34
Solutions: 1

How to setup a small LAN with a Unifi 24 port switch and USG

[ Edited ]

Hi kind folks!

 

I'm trying to get some help (on a high level) with how I can setup my office LAN. I have just finished installing a unifi 24 port switch, a few AC AP's and I have a USG that hasn't been installed.

 

Context

- 1x 24 port unifi switch

- 5 wifi AP's

- 1x USG

- 2x ADSL 2+ modems (and we have 2x different phone lines with seperate dedicated public IP's).

- 1x VOIP base station with some wireless (not wifi, just RF wireless) handsets.

 

Currently

- ADSL Modem #1 is connected to the switch.

- AP's all connected to the switch

- Wifi is working (SSD is called .. say .. 'Office'). All our iphones, mac book's and printers are all on the network and internet is working fine.

- Unfi Controller - working fine. has green DOT for LAN and WLAN.

- DHCP server is via the software on our NAS. 

 

What I'm hoping to do...

- Have all computers, printers, phones, etc use ADSL modem #1.

- Have all VOIP use ADSL modem #2.

- ADSL #1 does a perm Site to Site VPN connection to our AZURE network (which was a previous question in these forums). 

 

Now, is this possible to do? I'm not sure of the 'key words/terms' to do this (so I can research / ask questions about). For example:

- do i need to create 2x subnets? or do i need to create 2x VLAN's? 

- What doe the USG do for us? Can this help?

- Do I need 2x USG's .. one per ADSL modem?

- Assuming i can use my DHCP server to give static (LAN) IP's to the phones, can I say anyone with IP a.b.c.d or in some subnet range, use modem #2, etc...

- For the voip phones, are there any networked DECT base stations (repeaters?) available? Not sure how to wire up voip phones if we are in a wifi environment and the main DECT base station is miles away (and there's an elevator shaft in the middle of our 'U' shapped office (we're in an office tower in a CBD).

 

 

Finally, I'm happy to purchase new equipment, if required (and it's not _heaps_ of money), etc.

 

Sorry if this is all a newbie question - just learning here.

 

BTW, totally LOVE the unifi controller and how I can finally see general overall network activity _visually_. eg. this client device is has a few green bars of network traffic, etc. yes!

 

-PK-

Emerging Member
Posts: 54
Registered: ‎07-14-2015
Kudos: 34
Solutions: 1

Re: How to setup a small LAN with a Unifi 24 port switch and USG

I started playing around with VLan's and I messed everything up :/ oops Man Happy lucky I was prepared and can fallback/undo what I was experimenting with.

 

No one available to help / add a quick comment or 3 ?

Established Member
Posts: 1,733
Registered: ‎08-27-2010
Kudos: 1088
Solutions: 51

Re: How to setup a small LAN with a Unifi 24 port switch and USG

[ Edited ]

You seemed to have the whole network in a mess. 

 

DSL modem -> USG Wan port(configure vlans and dhcp) -> USG LAN port -> switch Port 1

 

APs -> switch <- VOIP Base station

 

Load Unifi Controller on laptop/PC connected to the switch and configure it all from there. 

 

The USG isn't a load balancing router.  Adding the 2nd DSL modem will be the kicker. 

 

This will get you started with a standard basic setup... the rest if where the fun begins! Man Happy

I can't teach you anything, I can only make you think
Don't forget to mark your thread as solved and to give kudos
Emerging Member
Posts: 54
Registered: ‎07-14-2015
Kudos: 34
Solutions: 1

Re: How to setup a small LAN with a Unifi 24 port switch and USG

Hi @kimchiGUN - thank you so much for reading my question and helping out. _really_ appreciate it! I didn't think anyone was going to look at my question Man Sad

 

I have a few questions about your reply:

 

>DSL modem -> USG Wan port(configure vlans and dhcp) -> USG LAN port -> switch Port 1

 

- Ok .. so my modem has a static IP of 192.168.1.1. Can i configure the USG to be 192.168.1.3 and then plug my modem into USG Wan port and that's it?

- What is this VLAN thing? (i've not setup any vlan's or anything for our current office as far as i know)...

- Our DHCP server is running off our Synology NAS (static ip = 192.168.1.2. DHCP range = 192.168.1.10 => 192.168.1.200)

 

thank you kindly again for looking at my question Man Happy

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: How to setup a small LAN with a Unifi 24 port switch and USG


@PureKrome wrote:

 

- Ok .. so my modem has a static IP of 192.168.1.1. Can i configure the USG to be 192.168.1.3 and then plug my modem into USG Wan port and that's it?

 


Your ADSL modem is actually a modem and router, and you want to configure it to be only a modem and let the USG do the routing.

 

The modem will likely need to be placed in bridge mode, to essentially only act as a media converter between the ATM circuit (ADSL) and the Ethernet circuit. Your USG then initiates the connection with your Internet provider using PPPoE (your ADSL modem will use PPPoA when it is in routing mode, in bridging mode it will simply provide the A to E translation).

 

You will then probably need to set up a point to point tunnel (based on the following quote)


@PureKrome wrote:

- ADSL #1 does a perm Site to Site VPN connection to our AZURE network (which was a previous question in these forums). 


It's not clear whether this tunnel is only for resources on your Azure network or for all traffic, but either can be accomodated.

 

As @KimchiGUN said though, load balancing or policy based routing the two WAN circuits will be a challenge, as will setting up the VPN tunnel, neither of these can be done from the UniFi controller interface, both will require CLI config and making the settings persistent.

 

An EdgeRouter might actually be a better fit, but you lose the nice UniFi Controller integration.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 54
Registered: ‎07-14-2015
Kudos: 34
Solutions: 1

Re: How to setup a small LAN with a Unifi 24 port switch and USG

@spynappels - thanks heaps for the reply mate. much appreciated!

 

OK, so i need to figure out how to change my modem to a bridge mode. ok, I can sort that out i think.

 

It's not clear whether this tunnel is only for resources on your Azure network or for all traffic, but either can be accomodated.

 

I was hoping to have the tunnel between our office<-> our Azure VLAN .. _only_ if we're trying to access a resouce in that azure vlan. All other traffic will go out to the ADSL modem. For example, we have a VM running some OS. fine. We want to block or public internet traffic -unless- it's via the VPN (for example).

 

> policy based routing the two WAN circuits will be a challenge, as will setting up the VPN tunnel, neither of these can be done from the UniFi controller interface, both will require CLI config and making the settings persistent.

 

 

drats but ok (and expected). So .. what is *policy based routing* ?

 

What i'm hoping to do is the following ...

Here is my 24 port switch currently.

 

Screen Shot 2015-08-18 at 5.51.38 pm.png

 

I was hoping to :-

ADSL #1 (main connection) : Port #1.

ADSL #2 (voip connection) : Port #2

Main office WIFI - SSID = MyOffice : Wifi AP's : PORT #10, 12, #14, #16, #18, #20, #22, #24.

Void office Wifi - SSID = MyVoip : Wifi AP's: Port #9, #11, #13

(The other used ports are Network Attached Storages: Port #2, #4)

 

So then I guess i need two subnets?

- 1st for all wifi clients and the NAS.

- 2nd for VOIP

 

and then can I make it so that anything that is on the VOIP ports #9/11/13 that traffic goes to ADSL #2 (Port #2)?

the rest to Port #1 ?

 

Is this what VLAN'S are???

 

(Port #1 is where i'll stick the USG into .. but for simplicity, i'll just say Port #1 is the main ADSL modem connection).

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: How to setup a small LAN with a Unifi 24 port switch and USG

Ok, wow, that's ambitious!

 

Let's talk about the 2 WAN connections first. I'm assuming you have 2 modems and you connect to them and use PPPoE?

 

It is possible to connect each of your ADSL modems to a separate port on the USG, using the VOIP port on the USG for the second ADSL connection, but as you said you wanted to use the switch as well, we can approach this a different way. The bad news is that I don't know how much of this will actually be visualised in the UniFi controller, and it will be a pain to save the config.....

 

In broad strokes, what I'm suggesting is this:

ADSL1 modem is plugged into port 3 on the switch. This port is set as an access port on VLAN5001 (untagged).

ADSL2 modem is plugged into port 4 on the switch. This port is set as an access port on VLAN5002 (untagged).

USG WAN port is plugged into port 1 on the switch. This port is set as a trunk port, with VLAN 5001 and 5002 tagged.

USG LAN is plugged into port 2 on the switch, don't do any VLAN config on that yet.

 

In the USG, you need to create 2 VLAN interfaces on eth0, one on VLAN 5001 for ADSL circuit 1 and one on VLAN 5002 for ADSL circuit 2. Set each one as a PPPoE interface to get your two WAN connections up.

 

Set a basic DHCP server with a basic test scope up on eth1 (along with a testing LAN IP) and check for internet connectivity.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 54
Registered: ‎07-14-2015
Kudos: 34
Solutions: 1

Re: How to setup a small LAN with a Unifi 24 port switch and USG

[ Edited ]

Hi @spynappels! Wow - i'm slowly getting closer to a solution. Massive kudos to you!

 

>Let's talk about the 2 WAN connections first. I'm assuming you have 2 modems and you connect to them and use PPPoE?

 

Correct.

 

>It is possible to connect each of your ADSL modems to a separate port on the USG, using the VOIP port on the USG for the second ADSL connection

 

I thought the VOIP port was not working on the USG's. (Coming soon, etc). ?

 

>but as you said you wanted to use the switch as well,

 

That's only because I didn't think there was any other way :blush: I'm happy to follow _any_ way that is the best/recommendations Man Happy So if that includes using the VOIP port of the USG ... i'm totally kewl with that too!

 

Ok.. now down to the meat and potatoes...

 

ADSL1 modem is plugged into port 3 on the switch. This port is set as an access port on VLAN5001 (untagged).

 

 

Hm. ok. Lots of new lingo here for me to learn. Please excuse me, for me lame noobness now. 

- Access port (vs trunk port?)?

- VLAN5001 ? Is that as specific name for any reason?

- untagged (vs tagged?)

 

EDIT: Updating post...

 

/me does some quick Networking 101 reading.  

 

Ok. i'm starting to grok access (untagged) v trunk (tagged) ports. Not sure why I still understand -why- they are used (as in, a scenario).

 

I'm wondering if a picture might explain it.

 

Also - i'm happy to simplify this problem. I thought the USG can only have -one- ADSL modem connected to it? If it can have two connected, totally happy to try and use that....

 

If not, i'm totally happy to have the USG only handle ADSL#1's traffic and somhow have the 2nd adsl modem just handle VOIP, another way...

 

I'm open to any ideas.

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: How to setup a small LAN with a Unifi 24 port switch and USG


@PureKrome wrote:

 

Hm. ok. Lots of new lingo here for me to learn. Please excuse me, for me lame noobness now. 

- Access port (vs trunk port?)?

 


Yep, you've got this right. An Access port is one you can plug any bit of kit into. traffic that comes in to that port is not expected to be tagged, but once it has got to the switch, it will be on whatever VLAN the Access port is set up on. This type of port is used to connect to end user equipment that is not VLAN aware.

 

A Trunk Port can carry traffic on different VLANs, although normally each VLAN except one is tagged to differentiate between them. The tagging allows the device on the other end to separate all the packets back into their correct VLANs. These ports normally connect things like switches, routers and APs, although some devices (Linux servers for example) can be VLAN aware and have several VLANs on a single NIC and can handle VLAN tagged traffic.

 

 


@PureKrome wrote:

 

- VLAN5001 ? Is that as specific name for any reason?

 

 


Nope it's random. I used 5001 and 5002 as that is my personal design convention, VLANs 5000+ are used for WAN connections if required in systems I design.

 


@PureKrome wrote:

 

Also - i'm happy to simplify this problem. I thought the USG can only have -one- ADSL modem connected to it? If it can have two connected, totally happy to try and use that....

 


Going for the VLAN on the switch option is actually better, as it allows you to scale better, for example if you decide to add a third WAN connection later.

 

I'd go with what you have for now, try to set up the two WAN connections and see if you can get them connected. You can basically use any EdgeMax KBs to do this, as the UniFi Controller simply won't let you do this, and you need to use the CLI anyway. Then make it persistent using the method described here

You will definitely learn a lot about networking by doing this, but approach it in stages and ask specific questions if you get stuck. Stage 1 is setting up the first WAN connection using PPPoE on (virtual) interface eth0.5001 once you have your switch configured the way I suggested. You can use any of the EdgeMax KBs on setting up a PPPoE connection, combining it with a KB on setting up a VLAN interface. You will be able to use interface eth0.5001 like you would any other interface. 

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Emerging Member
Posts: 54
Registered: ‎07-14-2015
Kudos: 34
Solutions: 1

Re: How to setup a small LAN with a Unifi 24 port switch and USG

[ Edited ]

>Going for the VLAN on the switch option is actually better, as it allows you to scale better, for example if you decide to add a third WAN connection later.

 

Ok then. I can do this!

 

First, I need to visualize this bad boy. So i've started updating this image of stuff so I can grok all of this. This network is currently in use (it's our work!) So i need to make sure I get it, before i start re-setting things Man Happy

 

Ok, this is what I've got so far:

 

Untitled.png

 

You mentioned a DHCP server. I have one of those (it's via our Synology NAS). But can we leave that out, for the start and stick with static IP's?

 

Now, i'm assuming that a common pattern is to use a different Subnet per vlan? Is that a good thing to do?

 

if yes, then

- 192.168.1.X - for all clients _except_ voip devices. This includes wifi AP's, computers, printers, the toaster, etc.

- 192.168.2.X - for all voip clients - the phone handsets.

 

If no, then

- 192.168.1.X - Ip's for all the devices! <insert meme here!>

 

Next, I don't understand how a VOIP client will know to use VLAN5002. and vice-versa for my notebook or an AP, etc.

Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: How to setup a small LAN with a Unifi 24 port switch and USG

Ok, backup a little. 

The VLANs I've mentioned so far are purely on the WAN side.The LAN side is completely separate, and while it would benefit from VLANs as well, it is better to look at this one step at a time, with the WAN side being the first step.

 

The router can make any decisions it needs to on where to route packets (which WAN VLAN) depending on the source IP of the packet using Policy Based Routing, so that would allow you to keep the WAN and LAN configs separate while you get comfortable with the WAN configuration.

 

As this is for your work, and the options surrounding downtime are presumably rather limited, it makes sense to mock this up in a lab first. This may be difficult in your situation, as you are working with existing PPPoE connections , but everything else can be tested in a lab.

 

I applaud your desire to learn, and I think you'd probably do all right, but it seems to me what is actually required here is a fundamental rethink of your network, with the network as a whole being redesigned to take advantage of the benefits of VLANs and a more sophisticated router. This is something which really needs to be done before you start to change aspects of your existing network, so that changes can be tested thoroughly before deployment.

 

I think you may benefit from engaging a professional to help you design your network based on your requirements and advise you on the best way to migrate to this new network setup. This is not a reflection on you, but rather a safeguard for you, so you have a safety net for this complex set of changes. The effort involved in this is not trivial, and will require several distinct phases which realistically fall outside the scope of Community Support.

 

Please don't take this as the Community not wanting to help, but essentially you need a network design from the ground up, for which you have not had the training or the chance to learn, and to avoid this becoming a headache for you, you will need some more help than the Community is able to provide.

 

If you have a lot of time, and access to a beefy Virtualization host to build a lab on, you would be able to take a high level network design and work out how to replicate that, but without that time or resources, you would be making your job more difficult than it needs to be.

 

 

Wow, that was a wall of text!

 

TLDR: If you want to build a scalable network with segregated VOIP and general network segments, you'll need to design your network from the ground up and then apply this design in stages. This is non-trivial and will take a lot of time to do properly.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: How to setup a small LAN with a Unifi 24 port switch and USG

[ Edited ]

In your image above, the LAN port to the switch would also be a trunk port, carrying the separate VOIP and general network segments as separate VLANs, both tagged.

 

Your VOIP ports on the switch would then be set as access ports on the VOIP VLAN, and the general network ports on the switch would be set as access ports on the general network VLAN.

 

For the purposes of routing, DHCP etc, these two VLANs would be completely separate subnets/networks.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!