New Member
Posts: 3
Registered: ‎08-21-2015

New Ubiquiti Purchase - Best setup and performance

 

Hi Everyone,

 

I have read through the forum and have seen multiple different configs but not 100% what i need.

 

I have just purchased the following equipment:

 

- EdgeRouter POE

- 3 x Unifi AP

- EdgeSwitch 24 LITE

 

I purchased the EdgeRouter POE as it has the ability to connect 3 x AP and power them via 24 or 48 volts. Hence able to drop the use of the injectors and have a clean setup.

 

My ideal setup would be as per attached image that someone else posted online but had no real constructive help.

 

The Unifi controller software would be running on a PC via the LAN side of the router and would obviously need to communicate with the 3 x AP on the switched ports. I would also have a NAS on the LAN side that i would like wireless devices to stream from in terms of the highest performance needed (2 x WDTV at once for instance). 

 

Bridging would be an option but i understand that there is a performance hit. What this would be in reality only testing would confirm.

 

I would asume that there would still need to be routing from LAN to Switch0 which would require CPU. Would this CPU hit be the same as bridging eth2 to switch0?

 

If the CPU hit is the same then bridging would be less complex setup. If it would be better to setup separate LANs then i have read on the forums that the controllers static IP needs to be included in the DHCP server setting on i would guess the WLAN side. Not 100% sure of the config setup for this.

 

Looking for recommendations as it seems this router is perfect setup for the 3 x AP combos, WAN routing and a LAN. Without the need for injectors and switches that have more POE ports than i need as well as costs.

 

Does someone already have this config setup they can share, point me to a url that already has the config or construct a config for this setup? DHCP receive would need to be on the WAN side and a DHCP server would need to be on the LAN side. As there is only 3 x AP on a switch i would manually hardcode the IP on each AP.

 

Thanks in Advance.

routerpoe.jpg
Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: New Ubiquiti Purchase - Best setup and performance

Hi,

 

I don't have an EdgeRouter PoE so I can't give you the exact commands, but I can sketch out what would allow you to build your network.

 

eth0 - WAN - configure to grab external IP through DHCP (I believe that's what you meant)

          Source NAT (masquerade) rule to NAT traffic form other subnets out to Internet.

          Set up firewall WAN_IN and WAN_LOCAL to allow ESTABLISHED, RELATED traffic only, drop everything else.

 

eth1 - LAN - Static IP with DHCP server (suggested 192.168.100.1 as IP with scope on 192.168.100.0/24 subnet)

 

Get these two set up and working first, and then you can start on the APs and their subnets/VLANs

 

At a high level, you'll add eth2, eth3 and eth4 to switch0. Set a static IP on switch0 in the same subnet as the management IPs of the APs, but different to the LAN (suggestion 192.168.101.0/24 subnet). Use L3 adoption to adopt these on your controller running in the LAN subnet.

Then create a separate VLAN on switch0 for each SSID, with an associated DHCP server etc. which can be firewalled individually to permit or deny access to the LAN and/or Internet (for example for a guest WLAN which only has Internet access, but no LAN access).

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!
New Member
Posts: 3
Registered: ‎08-21-2015

Re: New Ubiquiti Purchase - Best setup and performance

Hi Spynappels,

 

Thanks for the super fast reply, appreciate you reading my post and taking the time to comment. Before submitting a message on this forum I had gone over some SOHO config posted on this site and web.

 

Found some good examples of configs that have provided me a good understanding as this is the first time like a lot of users on here that have either bought Ubiqiti products or had to configure equipment in this way.

 

Your step use "L3 adoption", I am not sure what this is. I have not done a search on the Internet for research yet. I am assuming this will allow the discovery over the different subnets as broadcast will not work? What allows the router to automatically route between these different subnets in your sketch below?

 

I have seen several wiki configs that have setups that look like what I want but without the device yet to test am not sure if more is needed.

 

An example https://wiki.ubnt.com/SOHO_Edgemax_Example

 

In this example one would assume the unifi controller would be installed on the LAN side or you would have to have a switch and dedicated pc on the WLAN side or multihomed PC on LAN side. If it were on the LAN, by default with this config how is routing provided from LAN to WAN and vice versa, i dont see the config rules for this. If its not then without further information how is the office to manage the Unifi APs? Is this where your L3 adoption allows this?

 

With the seperate VLANS, i am asuming this is for secuirty and granular control? I have not seen previous posts with this setup. I am not at the level yet to imediately config the VLAN and firewall rules for your last paragrah. Do you have a documentation link you could share for research? Would it be correct in saying all of your sketch can be done via the GUI except for say the switch0 config?

 

Thanks

New Member
Posts: 3
Registered: ‎08-21-2015

Re: New Ubiquiti Purchase - Best setup and performance

Researching the L3 adoption and found multiple options.
 
Thanks for the heads up i now know why it’s needed.
 
The discovery utility sounds easy. But i think it be a good idea to go down the track of adding a static DNS and DHCP 43 entry for the future. Reading peoples comments they provide inconsistent information and wanted to clarify the HEX format of the IP address. Do you have a clear understanding of the exact value?
 
Is it:
 
- 0xValue (plain HEX)
- 0104xValue
- xx:xx:xx (this HEX format)
- 01:04:xx:xx:xx (as above with the addition in the front)
 
Thanks
Established Member
Posts: 1,558
Registered: ‎07-18-2015
Kudos: 747
Solutions: 121

Re: New Ubiquiti Purchase - Best setup and performance

Ok, the switch0 interface will only be used to connect the APs themselves to the network, not for actual client traffic. So set up a small DHCP scope on switch0 with maybe 10 IPs that the APs will pull their IPs from. In this DHCP server subnet declaration, include the following line:

set service dhcp-server shared-network-name AP-SCOPE subnet 192.168.2.0/24 unifi-controller <<IP of controller>>

I've used AP-SCOPE for the shared-network-name and 192.168.2.0/24 for the switch0 subnet, but you can use whatever you actually decide on.

 

This way, when you plug an AP in to eth2, eth3 or eth4, it will pull it's IP from this scope, and will automatically try to talk to the controller on the IP you set. Note that this IP will be in your LAN segment on eth1 rather than a dedicated box on the WLAN segment on switch0.

 

You then simply adopt the AP, and you are good to go.

 

On the VLAN per SSID setup, you are correct, this is to increase segregation and security. It i also very easy to set up.

 

Let's say for example you want 2 SSIDs. You then need to create 2 virtual interfaces on switch0, to create 2 VLANs. I'll call these switch0.100 and switch0.200 which means these are now on VLAN100 and 200 respectively.

You can then treat each of these virtual interfaces as a completely separate network, with their own IP and their own DHCP scope which will be handed out to any clients that connect to that SSID.

 

In the example of vif switch0.100, if you give it a IP of 192.168.100.1, you'd create a DHCP scope with a shared-network-name of SSID1, a subnet of 192.168.100.0/24, a start IP of 192.168.100.20 and a stop IP of 192.168.100.250. Set 192.168.100.1 as the default router.

 

You will simply need to set the VLAN on SSID to 100 in the controller to finish setting this up.

 

When a client now connects to SSID1, they will get a DHCP IP from the 192.168.100.0/24 range and will access the Internet through the router. Depending on the firewall setup, you can block access to your wired LAN or even the other SSID clients, and apply filtering or anything else to each SSID separately.

 

Some of this is best configured using the CLI, although I suspect it should be possible to configure pretty much all of it from the WebUI too. If you get stuck, you'll certainly get help on configuring this using CLI if you need it.

If pasting output, please use the code tags button ({i})!
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!