a week ago - last edited a week ago
I have some basic networking knowledge and I'm setting up a network to provide internet access to my tenants across 3 buildings with five apartments each. Building 1 is about 100m up the street and buildings 2 and 3 are right next to each other.
I've connected building 1 (with internet connection) to building 2 via an AirMax link. Buildings 2 and 3 are connected via underground Cat6 cable.
I would like to give each apartment internet access with the following requirements:
- Limit each apartment's internet speed (both and up and down)
- Do not limit the speed that each apartment's devices communicates with each other
- Ability to isolate each apartment's network from the rest of the network
After looking at the Unifi switches and the way the USG router does QoS, it seems that if I will be limiting their internet speed, I will have to use a switch that has both ingress and egress rate limiting (Unifi switch only does egress). I found a TP-Link switch that does this perfectly. That solves 1. and kind of solves 2.
So my problem now is to create a whole bunch of VLANs so that each apartment has its own network isolated from everything else.
And this is where I'm lost. I know I can create VLANs in the Unifi controller but I cant figure out how I would have to configure tagged and untagged ports on the switch in order to make it all work.
Also, I don't know if by rate limiting the port assigned to each AP, I'll also be slowing down the internal traffic, or does each AP act like a little switch/router, therefore devices connected to it will talk to each other at full wireless speed?
Finally, the reason I've created unique SSIDs for each apartment is so I can control the internet speed for each apartment at the port level.
To summarize, here are my questions:
- How do I configure the VLANs for each unit both at the Unifi controller and at the switch?
- Does rate limiting the port an AP is connected to slow down internal traffic connected to that AP?
Link to higher resolution image
I have not done this on unifi, and most of the work you need to do is on the switches, so you probably need to review the tp-link docs.
But in a nutshell, each port with an AP on the switch needs to be a member of its own vlan. The ports connecting switches or carrying traffic from multiple vlans need to be a trunk. Rate limiting the switch port should not affect clients on the same ap.