UBNT EdgeRouter LAN Config Issue
-
I disabled the guest wifi to reduce the suck until the issue is resolved. I’ll reenable it soon and put it on its on network.
-
Sounds good. Though I would add 10.10.0.1/21 now and leave the firewall alone until you make the other changes. This will enable everything to keep working until the other changes are made.
Also, look at the lease time on your DHCP server. Set it to something like 4 hours for now. Assuming it's the default 8 days or whatever MS sets things to, changing it to 4 hours (or less) will allow you to make changes and have clients pick those changes up quickly. But once you make this change, you'll need to wait 8 days before starting anything to make sure all DHCP clients have the new shorter lease time. After things are stable, you can increase the lease time back to whatever you're happy with.
-
Question - what is the 10.10.4.x network? Do you really need more than 1022 (i.e. /22) devices on your network?
If 10.10.4.x is a guest network, you probably want to leave that as a separate VLAN to protect against your production network. -
Now that I see how this was improperly done I will more than likely have to go to our second site and do the same thing there as well
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
Now that I see how this was improperly done I will more than likely have to go to our second site and do the same thing there as well
How are the two sites connected?
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
The static ips we had assigned should still work and I just need to make sure we are excluding them from the scope.
The going the way you originally posted, removing 10.10.2.1 might break your statically assigned devices.
Also, @JaredBusch has been suggesting that people move away from statically assigned devices with very few exceptions (firewall, VM hosts, DHCP server, etc). Instead use DHCP reservations. This saves you the hassle of changing device settings on those devices if the need (like now) arises in the future.
-
@dashrender at one point they were connected and had to be disconnected. The assistant never gave a reason to why. In hindsight prolly due to improper setup.
Problem I have is he took it upon himself to make a lot of the decisions vs consulting me. I had bigger fish to fry but its all coming back to haunt me. Very suck at this point.
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
@dashrender at one point they were connected and had to be disconnected. The assistant never gave a reason to why. In hindsight prolly due to improper setup.
Problem I have is he took it upon himself to make a lot of the decisions vs consulting me. I had bigger fish to fry but its all coming back to haunt me. Very suck at this point.
Does this mean the sites don't really need to be connected then?
-
@krisleslie keep all of the IP addresses on the ER L for now just fix your DHCP add 10.10.0.1/22 If that address is not currently used. That will be your new gateway but you need to keep all the other ones until everything else is fixed so that everything will work to the Internet. you want to keep the/22. You do not want to/21 unless that.4 was part of your main network. All of us believe that that was your guest Wi-Fi so that has nothing to do with your/22.
-
Site 1 which is the headquarters is where I am at. Our site is huge for us but tiny when I compare it to my enterprise offices Ive worked at. We have two virtual hosts on XenServer at this site with about 20 guest vms. We have 6 switches all ubiquiti except 3. We have a security system with ubiquiti with roughly 25 or 30 cameras. 5 uniquiti WAPs. We have voip, hosted with NTG, last i checked about 30 phones. About 50 staff not including contractors and other partners. Then we have students anywhere from 10-75 at a time.
The explosion of ip devices came when people started brining byod devices, so im seeing tablets, phones watches and God knows what else.
Then we have Site 2 is a ROBO. Literally same equipment except only one ubiquiti switch, no nvr or cameras. 2 WAPs. Slower internet but its only 10 staff or less and up to 15 students.
Site 3 is done by another company so no involvement for me
Site 4 is also being managed by another company. 5 staff. No students or up to 5. Tiny office little work being done.
Site 3 will never vpn into us ever.
Site 4 in theory will.
-
Site 2 is roughly a 45 min drive. Site 4 is almost 4 hours. So im strongly considering never to put equipment there. In fact I want to take their systems and swap them for Chromebooks. The staff there 80% of their work is done online.
-
So it sounds like your main network has around (2 VM Hosts, 20 VMs, 6 switches, 30 cameras, 5 WAP, 30 phones, 50 PCs, 75 students) 218 IPs call it 240 when you toss in the firewall and printers.
You're close to the typical /24, but I don't see where you've breached it yet, until BYOD.
Do those BYOD devices need to be on the production network? If not, move them to something like 10.20.0.x/23.
Assuming our early mentioned belief that 10.10.4.x was for guest access, this means you can make your production network 10.10.0.x/22 and be fine. No need to go to 10.10.0.x/21.
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
Site 2 is roughly a 45 min drive. Site 4 is almost 4 hours. So im strongly considering never to put equipment there. In fact I want to take their systems and swap them for Chromebooks. The staff there 80% of their work is done online.
It's that other 20% that kills ya.
-
At one point I wanted site 4 to be a point to back up to, but I keep seeing how people strongly suggest azure for that.
I guess to stay focused, once I can clear the office, Ill start making the changes to the scope.
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
At one point I wanted site 4 to be a point to back up to, but I keep seeing how people strongly suggest azure for that.
Who do you see suggestion Azure? No one around here on ML.
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
I guess to stay focused, once I can clear the office, Ill start making the changes to the scope.
If you can kick all those BYOD devices off now until you get things fixed.. that might help you a lot. You can also do the DHCP reservations changes now @JaredBusch recommends, and change the DHCP lease time now.
-
@dashrender not on here. But in the non profit world we get a yearly allotment especially for Azure. I have used Azure only to spin up a vm or two but mainly just to test how feasible it was.
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
@dashrender not on here. But in the non profit world we get a yearly allotment especially for Azure. I have used Azure only to spin up a vm or two but mainly just to test how feasible it was.
Would that yearly allotment include enough space to store your backups?
-
@dashrender last night i dropped all leases lol.
-
@krisleslie said in UBNT EdgeRouter LAN Config Issue:
@dashrender not on here. But in the non profit world we get a yearly allotment especially for Azure. I have used Azure only to spin up a vm or two but mainly just to test how feasible it was.
How about starting a new thread to talk about backups for your situation? Help you keep things separated.