Reply
Emerging Member
Posts: 49
Registered: ‎07-15-2017
Kudos: 1

Need design assistance with two sites and EdgeRouters, AC-PROs, CloudKey and the tricky part IoT.

I have two sites A and B located in two difference cities.  Both site have dynamic IP addresses from ISP.

A is primarysite with an EdgeRouterX, 3 AC - Pros, wired and wireless comptuer clients and has a Cloud key. 

B is the secondary having an EdgeRouter POE and 4 AC-Pros, wirered and wirelss comptuer clients. 

Adding IoT data monitoring sensosor whihc send email alarms to a gMail account.

I have a Google Domains domain for DDNS. - Not yet configured.

 

Goals

1 - Site B AC-Pros need to be manages from site A using site A's cloud key.

2 - IoT wireless sensors need to be managed/monitored from Site A.  Should be separate netowork from "normal" comptuer traffic.

3 - Site A's Cloud Key manage Site B's AC-Pros and EdgeRouter PoE.

4 - Site B's IoT sensors data and management from Site A on a network separate from "normal" comptuer traffic.

5 - Manage Site B's EdgeRouter POE from Site A.  

 

Proposed solution/questions

Can Site A's cloud Key can manage the AC-Pros at Site B but not the EdgeRouter PoE with on a protected/isolated network? 

For the IoT sensor traffic I'm thinking of setting up a SSID for the sensors at Site B and Site A.  Ubiquity's documentation is a bit confusing.  The IoT traffic only needs to be isolated from Site B's comptuer traffic. 

One thought is to confgure a site to site Edge Router to Edge Router VPN using a "sensor SSID" at Site A and Site B.  To access the IoT from Site A one would just join the Sensor SSID.

 

The other thought is to use DDNS and set-up port forwarding on the EdgerRouter at site B to the IoT sensor.

 

Any thoughts or suggestion?   

 

 

20190515_191418434_iOS.jpg
Member
Posts: 296
Registered: ‎10-16-2017
Kudos: 32
Solutions: 5

Re: Need design assistance with two sites and EdgeRouters, AC-PROs, CloudKey and the tricky part IoT

Hello Dough Spiders,
of course is it possibe to use one controller for both sites. But I would suggest you to use a cloud space controller with an static ip and ssl certificate. This is easier to mantain. You can google to cross talk solution, he has an easy setup for histed setups. https://www.youtube.com/watch?v=poGSr5Qvj0A and of course some other have similar howtos here for it.

If you have a private ip from your ISP, than its not possible to use the cloud key with an external site. (without an external ipv4 relay server, advanced setup with other hardware and service provider)

The UNifi Controller cant manage the edge router.

When its possible its much easier to use on both sites an USG. Depenting on your ISP speed and needed functions, maybe the USG 3P is enough. With this setup you can use sitetosite vpn (public IP on both sites, double NAT must be checked, is bridge mode or modem possible for your ISP, I didn´t try it with both sites on ddns. One site with static IP will work for sure)
Separating the network with an VLAN is simply with unifi, if you were having all switches from unifi. Its also possible with other manufactures, but I guess you won´t find anyone here for helping in this setup.

Best regards
Torsten 


@DougSpindler wrote:

I have two sites A and B located in two difference cities.  Both site have dynamic IP addresses from ISP.

A is primarysite with an EdgeRouterX, 3 AC - Pros, wired and wireless comptuer clients and has a Cloud key. 

B is the secondary having an EdgeRouter POE and 4 AC-Pros, wirered and wirelss comptuer clients. 

Adding IoT data monitoring sensosor whihc send email alarms to a gMail account.

I have a Google Domains domain for DDNS. - Not yet configured.

 

Goals

1 - Site B AC-Pros need to be manages from site A using site A's cloud key.

2 - IoT wireless sensors need to be managed/monitored from Site A.  Should be separate netowork from "normal" comptuer traffic.

3 - Site A's Cloud Key manage Site B's AC-Pros and EdgeRouter PoE.

4 - Site B's IoT sensors data and management from Site A on a network separate from "normal" comptuer traffic.

5 - Manage Site B's EdgeRouter POE from Site A.  

 

Proposed solution/questions

Can Site A's cloud Key can manage the AC-Pros at Site B but not the EdgeRouter PoE with on a protected/isolated network? 

For the IoT sensor traffic I'm thinking of setting up a SSID for the sensors at Site B and Site A.  Ubiquity's documentation is a bit confusing.  The IoT traffic only needs to be isolated from Site B's comptuer traffic. 

One thought is to confgure a site to site Edge Router to Edge Router VPN using a "sensor SSID" at Site A and Site B.  To access the IoT from Site A one would just join the Sensor SSID.

 

The other thought is to use DDNS and set-up port forwarding on the EdgerRouter at site B to the IoT sensor.

 

Any thoughts or suggestion?   

 


 

best regards
Torsten

Highlighted
Emerging Member
Posts: 49
Registered: ‎07-15-2017
Kudos: 1

Re: Need design assistance with two sites and EdgeRouters, AC-PROs, CloudKey and the tricky part IoT

Torsten, thank you for your reply. 

Are you suggesting using static IP over DDNS becuase the EdgeRouters do not suppport DDNS?

There's a video on DDNS.

 

Don't have and can't get static IPs.  That's why I'm using DDNS.

Are you sure one can not use DDNS with a Cloud Key?  Doen't make sense to me.  Please explain. 

 

https://www.youtube.com/watch?v=3AeD5nL3vdc

 

Member
Posts: 296
Registered: ‎10-16-2017
Kudos: 32
Solutions: 5

Re: Need design assistance with two sites and EdgeRouters, AC-PROs, CloudKey and the tricky part IoT

Hello @DougSpindler 

It can be a problem when you use site to site VPN or . any type of VPN. The Controller himself has no bigger problems with DDNS. It depends a little bit on how good it's working. When the ISP is changing your IP, how long will it take to notify the ddns service? When you use a cloud based controller, it doesn't matter, but a local controller will loose connection to all devices from the external site. 

And the tunnel is disconnected for this time periods.

 

When you can live with this, it will work as well as a static public IP. If it is a business used setup, it's maybes problem. IOT devices are maybe not available on the other site. 

 

You can get a static public IP over service providers. These are the same ways for users with private ISP addresses. for example http://www.feste-ip.net/

 

 

best regards
Torsten

Member
Posts: 296
Registered: ‎10-16-2017
Kudos: 32
Solutions: 5

Re: Need design assistance with two sites and EdgeRouters, AC-PROs, CloudKey and the tricky part IoT

[ Edited ]

Hello @DougSpindler 

It can be a problem when you use site to site VPN or . any type of VPN. The Controller himself has no bigger problems with DDNS. It depends a little bit on how good it's working. When the ISP is changing your IP, how long will it take to notify the ddns service? When you use a cloud based controller, it doesn't matter, but a local controller will loose connection to all devices from the external site. 

And the tunnel is disconnected for this time periods.

 

When you can live with this, it will work as well as a static public IP. If it is a business used setup, it's maybe a problem. IOT devices are maybe not available on the other site. 

 

You can get a static public IP over service providers. These are the same ways for users with private ISP addresses. for example http://www.feste-ip.net/

 

By the way, when you were using port forwarding for any device it is a real unsecure setup. You should better use VPN instead. 

If a botnet or any other is compromising your IOT devices, it doesn't make a difference when the are isolated from your private devices.

best regards
Torsten

Reply