UBNT EdgeRouter LAN Config Issue
-
Looking back at the config in the first post - it appears that whoever set this up felt that they needed more than /22 on the single network, so they tossed on the 10.10.4.0/24 to give 256 more addresses to that space - why they didn't just go to 10.10.0.0/21 I don't understand.
-
Deleted.
-
@dashrender Because that would take it to 10.10.7.255
-
@dashrender said in UBNT EdgeRouter LAN Config Issue:
@jaredbusch said in UBNT EdgeRouter LAN Config Issue:
@dashrender said in UBNT EdgeRouter LAN Config Issue:
@dbeato said in UBNT EdgeRouter LAN Config Issue:
@krisleslie You need to reconfigure this network right now because you are overlapping networks which are included in the first network.
I didn't do the math.. I was assuming 10.10.0.0 and 10.10.4.0 when in /22 overlaped, but they don't.
I posted pictures of it earlier, no need for maths..
https://i.imgur.com/QzDJIga.pngSure you did, but it doesn't actually show you the full size of the network... i.e. 10.10.0.0-10.0.3.254
...............
look at the picture again....
-
@jaredbusch said in UBNT EdgeRouter LAN Config Issue:
@dashrender said in UBNT EdgeRouter LAN Config Issue:
@jaredbusch said in UBNT EdgeRouter LAN Config Issue:
@dashrender said in UBNT EdgeRouter LAN Config Issue:
@dbeato said in UBNT EdgeRouter LAN Config Issue:
@krisleslie You need to reconfigure this network right now because you are overlapping networks which are included in the first network.
I didn't do the math.. I was assuming 10.10.0.0 and 10.10.4.0 when in /22 overlaped, but they don't.
I posted pictures of it earlier, no need for maths..
https://i.imgur.com/QzDJIga.pngSure you did, but it doesn't actually show you the full size of the network... i.e. 10.10.0.0-10.0.3.254
...............
look at the picture again....
yeah, I just noticed that last line.
-
@jaredbusch said in UBNT EdgeRouter LAN Config Issue:
@dashrender said in UBNT EdgeRouter LAN Config Issue:
@dbeato said in UBNT EdgeRouter LAN Config Issue:
@krisleslie You need to reconfigure this network right now because you are overlapping networks which are included in the first network.
I didn't do the math.. I was assuming 10.10.0.0 and 10.10.4.0 when in /22 overlaped, but they don't.
I posted pictures of it earlier, no need for maths..
https://i.imgur.com/QzDJIga.pngThat makes more sense. So is just bad DHCP configuration.
-
Ok so this makes a lot more sense. Heads up guys im not the network specialist so its really outside of my thought processes. Thats a weak point of mine and I am studying to get the network +.
With that said, so I can make sure I understand is first the router was incorrectly setup on that one interface. To fix that, I will need to remove the other gateways and ultimately have just 10.10.0.1/21 instead of 10.10.2.1/22. If i were to remove it during business hours, some wireless devices eventually didnt have a gateway and thus no connection to the internet. But removing them will cleanse that problem after clean up the Windows Server DHCP service.
So to fix the DHCP server, we need to remove each scope and super-scope and recreate only one scope as 10.10.0.0/21 which negates whatever way this was setup originally. The static ips we had assigned should still work and I just need to make sure we are excluding them from the scope.
Lastly reboot and pray and possibly with adult bevarages.
-
The biggest issue i have is i normally have a well defined sheet that i structure for the entire network. Its not as good as ive seen some folks on here or spiceworks but it was easy enough to read and have a sense of knowing everything had a place.
The way my associate setup this network, hell i cant even make heads or tails of it. Truth be told he cant either its just wrote down in a notepad in scribble last time we discussed this.
-
I disabled the guest wifi to reduce the suck until the issue is resolved. I’ll reenable it soon and put it on its on network.
-
Sounds good. Though I would add 10.10.0.1/21 now and leave the firewall alone until you make the other changes. This will enable everything to keep working until the other changes are made.
Also, look at the lease time on your DHCP server. Set it to something like 4 hours for now. Assuming it's the default 8 days or whatever MS sets things to, changing it to 4 hours (or less) will allow you to make changes and have clients pick those changes up quickly. But once you make this change, you'll need to wait 8 days before starting anything to make sure all DHCP clients have the new shorter lease time. After things are stable, you can increase the lease time back to whatever you're happy with.
-
Question - what is the 10.10.4.x network? Do you really need more than 1022 (i.e. /22) devices on your network?
If 10.10.4.x is a guest network, you probably want to leave that as a separate VLAN to protect against your production network. -
Now that I see how this was improperly done I will more than likely have to go to our second site and do the same thing there as well
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
Now that I see how this was improperly done I will more than likely have to go to our second site and do the same thing there as well
How are the two sites connected?
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
The static ips we had assigned should still work and I just need to make sure we are excluding them from the scope.
The going the way you originally posted, removing 10.10.2.1 might break your statically assigned devices.
Also, @JaredBusch has been suggesting that people move away from statically assigned devices with very few exceptions (firewall, VM hosts, DHCP server, etc). Instead use DHCP reservations. This saves you the hassle of changing device settings on those devices if the need (like now) arises in the future.
-
@dashrender at one point they were connected and had to be disconnected. The assistant never gave a reason to why. In hindsight prolly due to improper setup.
Problem I have is he took it upon himself to make a lot of the decisions vs consulting me. I had bigger fish to fry but its all coming back to haunt me. Very suck at this point.
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
@dashrender at one point they were connected and had to be disconnected. The assistant never gave a reason to why. In hindsight prolly due to improper setup.
Problem I have is he took it upon himself to make a lot of the decisions vs consulting me. I had bigger fish to fry but its all coming back to haunt me. Very suck at this point.
Does this mean the sites don't really need to be connected then?
-
@krisleslie keep all of the IP addresses on the ER L for now just fix your DHCP add 10.10.0.1/22 If that address is not currently used. That will be your new gateway but you need to keep all the other ones until everything else is fixed so that everything will work to the Internet. you want to keep the/22. You do not want to/21 unless that.4 was part of your main network. All of us believe that that was your guest Wi-Fi so that has nothing to do with your/22.
-
Site 1 which is the headquarters is where I am at. Our site is huge for us but tiny when I compare it to my enterprise offices Ive worked at. We have two virtual hosts on XenServer at this site with about 20 guest vms. We have 6 switches all ubiquiti except 3. We have a security system with ubiquiti with roughly 25 or 30 cameras. 5 uniquiti WAPs. We have voip, hosted with NTG, last i checked about 30 phones. About 50 staff not including contractors and other partners. Then we have students anywhere from 10-75 at a time.
The explosion of ip devices came when people started brining byod devices, so im seeing tablets, phones watches and God knows what else.
Then we have Site 2 is a ROBO. Literally same equipment except only one ubiquiti switch, no nvr or cameras. 2 WAPs. Slower internet but its only 10 staff or less and up to 15 students.
Site 3 is done by another company so no involvement for me
Site 4 is also being managed by another company. 5 staff. No students or up to 5. Tiny office little work being done.
Site 3 will never vpn into us ever.
Site 4 in theory will.
-
Site 2 is roughly a 45 min drive. Site 4 is almost 4 hours. So im strongly considering never to put equipment there. In fact I want to take their systems and swap them for Chromebooks. The staff there 80% of their work is done online.
-
So it sounds like your main network has around (2 VM Hosts, 20 VMs, 6 switches, 30 cameras, 5 WAP, 30 phones, 50 PCs, 75 students) 218 IPs call it 240 when you toss in the firewall and printers.
You're close to the typical /24, but I don't see where you've breached it yet, until BYOD.
Do those BYOD devices need to be on the production network? If not, move them to something like 10.20.0.x/23.
Assuming our early mentioned belief that 10.10.4.x was for guest access, this means you can make your production network 10.10.0.x/22 and be fine. No need to go to 10.10.0.x/21.
