Reply
Highlighted
Member
Posts: 177
Registered: ‎10-24-2017
Kudos: 86
Solutions: 9
Accepted Solution

Yaaaaayy!! Got a new US-8-150W but now what?

Hello - I now have USG and a Unifi switch - US-8-150W. But I don't know how to use it! LOL.

I know its appearing in my controller currently is. 

THe setup I have in USG is - WAN ->

LAN port 1 -> Unmanaged switch -> bunch of devices including AP. (MAIN_LAN)

LAN port 2 -> directly to iOT hub. (iOT_LAN)

 

What I want to do is:

  1. Have my APs in a separate network - MAIN_LAN
  2. Have my Synology NAS drive more secure LAN (currently in MAIN_LAN, as it's port #1 of USG)
  3. Ditto for my VoIP device - Ooma but I want to give Ooma highest priority, etc.
  4. Remaining devices - 3 of them, including a printer in some type of WORK LAN. In this WORK LAN I want all my Wireless devices (not Guest) to connect.
  5. Debating whether I should move over iOT_LAN into this switch and be able to maintain the same level of segregation or not OR continue leveraging LAN #2 port of USG. [The thought I had was perhaps using LAN 2 port of USG later for cloud key]

If anyone can guide me on how to achieve this would be much appreciated. I believe most of the guide stuff would repeat itself against the points above. 

Did the answer helped you ? if yes, i would love your kudos on it

Accepted Solutions
Member
Posts: 177
Registered: ‎10-24-2017
Kudos: 86
Solutions: 9

Re: Yaaaaayy!! Got a new US-8-150W but now what?

topic - closed.

Did the answer helped you ? if yes, i would love your kudos on it

View solution in original post


All Replies
Emerging Member
Posts: 42
Registered: ‎01-19-2017
Kudos: 17

Re: Yaaaaayy!! Got a new US-8-150W but now what?

[ Edited ]

You need VLANs. All this stuff is well documented. If you need help with a very specific issue, I'm sure many would be happy to help, but you need to check the documentation first.

 

Before you start messing with network settings, you should spend some time thinking about how you want to set it up. Which devices go on which VLANs, and why. Should these VLANs be able to communicate with each other? Why or why not?

 

Just to give you an example, here is how mine is set up:

TRU10 - VLAN10, my trusted network. My wired PC is on this network, as are all of my management and storage devices. This network can talk to everything on my entire network.

UNT20 - VLAN10, my untrusted network. Basically, my virtual machines are here. My storage can also be accessed from this VLAN, but it's very restricted with both a firewall and tight user permissions on the SMB shares. No communication to other networks, except where explicitly given access.

INT30 - VLAN30, all of my wireless stuff. No communication to other networks, except where explicitly given access. For instance, my Roku Stick needs to be able to talk to my Plex VM on VLAN20, so there's a firewall rule to allow that communication.

Member
Posts: 177
Registered: ‎10-24-2017
Kudos: 86
Solutions: 9

Re: Yaaaaayy!! Got a new US-8-150W but now what?

Thank you. My pupose is straight forward - security. 

However, I did go thru some materials and frankly the short tutorials of Unifi are more confusing!

 

As I have understood  (and lets keep this simple here) let's say I need 3 networks - MGMT_LAN and UNTRUSTED_LAN and WORK_LAN.

 

I create these 3 networks with its own IP ranges in Controller -> Settings -> Network. Except of MGMT_LAN, the others I also associate a VLAN ID (say) 10 and 20 respectively.

 

Where I am getting confused is - in switch settings - there's this untagged and tagged. Now, what I gathered is this - correct me if I am wrong:

 

There are 3 devices I need to put in UNTRUSTED_LAN. So these 3 devices get connected to 3 ports in the switch. Each port I mark it as TAGGED and put the value = 10 (VLAN of Untrusted). 

Using similar logic - WORK_LAN.

The untagged port - are where all my management lan devices will connect (VLAN = 1).

What I don't get is the combination of port ID here.

 

 

Did the answer helped you ? if yes, i would love your kudos on it
Member
Posts: 177
Registered: ‎10-24-2017
Kudos: 86
Solutions: 9

Re: Yaaaaayy!! Got a new US-8-150W but now what?


@bmninada wrote:

Thank you. My pupose is straight forward - security. 

However, I did go thru some materials and frankly the short tutorials of Unifi are more confusing!

 

 

 


I went thru various materials. Here's what I understood:

 

@my default network is MGMT_LAN. I need to have 1 port @ USG-8-150W switch untagged. This is the port where the cable from USG will connect to the switch. 

 

OOMA - VOIP device:

I need to create EITHER of the following - a VLAN only type of network OR a new network (let's call it OOMA_LAN) and associate a VLAN = xx to it. If network, then I also need to create a IP range.

Connect OOMA to port #2 and in switch configurations associate this port with VLAN = xx. This is what's called tagging. Switch will auto forward requests received in port #1 (untagged - and VLAN = Default) to port #2 if and only if Ooma traffic is coming in.

 

Using similar approach - do for NAS Drive and iOT Hub.

 

All my work related devices - like my desktop computers OR my laptops (wireless) OR my smart phones (wireless) either keep it in default LAN - the MGMT_LAN or create a new network - WORK_LAN and associate it there. For wireless, associate the WORK_LAN's VLAN to the SSID to be used to connect. 

 

What I am failing to understand is the usual Industry standards  here. For example - assuming I have 4 APs and they are connected to this switch: are they / should they be in the DEFAULT VLAN or in its own VLAN? 

 

Finally, I believe USG offering the option to create JUST A VLAN vs. a new network with VLAN support is more for compatibility with non UniFi switches perhaps? Ideally, in my case I should instead leverage that option as by doing so I can keep things simple... i.e. same IP range across devices but segregated in the switch via VLANs? If yes - how do I achieve security?

 

Sorry - I am a bit confused. So asking.

Did the answer helped you ? if yes, i would love your kudos on it
Member
Posts: 177
Registered: ‎10-24-2017
Kudos: 86
Solutions: 9

Re: Yaaaaayy!! Got a new US-8-150W but now what?

topic - closed.

Did the answer helped you ? if yes, i would love your kudos on it
Reply