ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    UBNT EdgeRouter LAN Config Issue

    Scheduled Pinned Locked Moved IT Discussion
    105 Posts 7 Posters 13.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @krisleslie
      last edited by

      @krisleslie said in UBNT EdgeRouter LAN Config Issue:

      Stepping back to take another stab at this issue.

      @Dashrender from the Edge Router, how should the interface be set up for my LAN?

      ug way back machine here...

      you still have devices pointing at multiple /22 IPs for default gateways?

      1 Reply Last reply Reply Quote 0
      • K
        krisleslie
        last edited by

        Yes and I apologize brother.

        I guess for me, I need to break this down into chunks and accomplish specific things first. I'm still a bit "noob".

        From the Ubiquiti router, of course, it's been wiped and re-setup. I have one interface still set up with the 10.10.2.x through 4.x from the router.

        I'm not clear if moving forward starting from the router, what has to be accomplished.

        DashrenderD 1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender @krisleslie
          last edited by

          @krisleslie said in UBNT EdgeRouter LAN Config Issue:

          Yes and I apologize brother.

          I guess for me, I need to break this down into chunks and accomplish specific things first. I'm still a bit "noob".

          From the Ubiquiti router, of course, it's been wiped and re-setup. I have one interface still set up with the 10.10.2.x through 4.x from the router.

          I'm not clear if moving forward starting from the router, what has to be accomplished.

          Got it.
          I think from a router standpoint, as long as you have the normal NAT features enabled, you're good to go. Nothing more on the router should be needed.

          1 Reply Last reply Reply Quote 0
          • K
            krisleslie
            last edited by

            So from the router we still have 3 different lans set up. There is 2.x, 3.x and 4.x

            I assume the 0.x and 1.x were originally intended to be reserved for the ROBO (kinda backwards). However, because that is an issue in itself for another post Ill let that one go lol

            DashrenderD 1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @krisleslie
              last edited by

              @krisleslie said in UBNT EdgeRouter LAN Config Issue:

              So from the router we still have 3 different lans set up. There is 2.x, 3.x and 4.x

              I assume the 0.x and 1.x were originally intended to be reserved for the ROBO (kinda backwards). However, because that is an issue in itself for another post Ill let that one go lol

              Once you start using a /22 on the 2.x network, you'll have instant access to 0.x and 1.x networks.

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by

                In your final design, what do you want your LAN gateway to be and what do you want your public WiFi gateway to be?

                I would use this setup.

                Plan your LAN to be 10.10.0.0/22. This means LAN computers will function on 10.10.0.1 - 10.10.3.254.
                Plan your Public WiFi on 10.10.4.0/24. This mean you will use 10.10.4.1 - 10.10.4.254. It also means if you need a larger Public WiFi space, you ca expand it so a /23 or even /22 without overlapping you LAN.

                On your ERL
                eth0 setup for your WAN

                eth1 setup for your LAN with IP addresses:
                10.10.0.1/22 - New permanent LAN Gateway (use this one when you run the setup wizard)
                10.10.2.1/22 - one of the existing gateways
                10.10.3.1/22 - one of the existing gateways

                eth2 setup for your WiFi with IP address:
                10.10.4.1/24

                If your Public WiFi is a VLAN on a shared UAP with the private WiFi (very common) then instead of eth2, you set up a VLAN on eth1 with the 10.10.4.1/24 address.

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch
                  last edited by

                  Then you verify everything works as is.

                  Once you have this setup, you can add a firewall rule to block access form the 10.10.4.0/24 subnet to the LAN subnet and ensure everything works as intended.

                  Now, you can begin to change your stuff.

                  First, go to all static devices and change their subnet mask from whatever they are to 255.255.252.0 but do not change their current IP address or their current gateway as that would be potentially disruptive to the working environment.

                  Change your VPN tunnels to use the new subnet.

                  Next change your DHCP scope to hand out the 10.10.0.0/22 scope and the new gateway IP of 10.10.0.1/21

                  Once all the dynamic stuff has a new IP address, change the default gateway in the static devices.

                  You can also now change the IP address of the static devices if you want to reorganize them. But that is just a normal management task, not critical to the functionality.

                  1 Reply Last reply Reply Quote 1
                  • K
                    krisleslie
                    last edited by

                    Thanks guys!

                    So for my interface on eth1 include the following:
                    10.10.0.1
                    10.10.1.1
                    10.10.2.1
                    10.10.3.1

                    I use Ubiquiti for the wireless also and the company wifi is using whatever is free from the dhcp server scope (the windows 2012 r2 box). So when I reset the Guest Wifi just only include 10.10.4.1 and when I need more space, just switch from /24 to /22 as need permits.

                    DashrenderD 2 Replies Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      @jaredbusch said in UBNT EdgeRouter LAN Config Issue:

                      a larger Public WiFi space, you ca expand it so a /23 or even /22 without overlapping you LAN.

                      lastly after everything is moved to using 10.10.0.1/22 as the gateway, you can remove the other IPs from the ERL

                      1 Reply Last reply Reply Quote 1
                      • DashrenderD
                        Dashrender @krisleslie
                        last edited by Dashrender

                        @krisleslie said in UBNT EdgeRouter LAN Config Issue:

                        Thanks guys!

                        So for my interface on eth1 include the following:
                        10.10.0.1
                        10.10.1.1
                        10.10.2.1
                        10.10.3.1

                        If you aren't using 10.10.1.1 right now, you can skip it.

                        K 1 Reply Last reply Reply Quote 0
                        • K
                          krisleslie
                          last edited by

                          I guess the confusing part for me, is from my point of view, I'm trying to figure out why would I need all 4 of the LANS there on the router? I assume this is so the router can see between each network and route.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @krisleslie
                            last edited by Dashrender

                            @krisleslie said in UBNT EdgeRouter LAN Config Issue:

                            So when I reset the Guest Wifi just only include 10.10.4.1 and when I need more space, just switch from /24 to /22 as need permits.

                            Correct.
                            Depending on how you setup the guest network, you'll need to have it set to use the correct VLAN. This can be one at the SSID level on the controller.

                            1 Reply Last reply Reply Quote 1
                            • K
                              krisleslie @Dashrender
                              last edited by

                              Not using it but if this would lessen the burden, I would go ahead and get it done now vs waiting for it to fall in my pants months down the road lol.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @krisleslie
                                last edited by

                                @krisleslie said in UBNT EdgeRouter LAN Config Issue:

                                I guess the confusing part for me, is from my point of view, I'm trying to figure out why would I need all 4 of the LANS there on the router? I assume this is so the router can see between each network and route.

                                It's because you don't want to break what you have today.

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • K
                                  krisleslie
                                  last edited by

                                  GOTCHA!

                                  So what should have occured originally was, when the router was configured, it should have only included the 10.10.0.1 gateway for the eth1 interface. Then from the Windows Server, when setting up the scope, each scope should have been spelled out as 10.10.0.1 - 10.10.3.254 then I could have came back and made one more scope to only be 10.10.4.1 through 10.10.4.254 (just for guest wifi).

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @Dashrender
                                    last edited by

                                    @dashrender said in UBNT EdgeRouter LAN Config Issue:

                                    @krisleslie said in UBNT EdgeRouter LAN Config Issue:

                                    I guess the confusing part for me, is from my point of view, I'm trying to figure out why would I need all 4 of the LANS there on the router? I assume this is so the router can see between each network and route.

                                    It's because you don't want to break what you have today.

                                    Correct. This design I laid out is a swing migration design.

                                    It lets everything work as it currently functions throughout the entire process.

                                    1 Reply Last reply Reply Quote 2
                                    • DashrenderD
                                      Dashrender @krisleslie
                                      last edited by

                                      @krisleslie said in UBNT EdgeRouter LAN Config Issue:

                                      GOTCHA!

                                      So what should have occured originally was, when the router was configured, it should have only included the 10.10.0.1 gateway for the eth1 interface. Then from the Windows Server, when setting up the scope, each scope should have been spelled out as 10.10.0.1 - 10.10.3.254 then I could have came back and made one more scope to only be 10.10.4.1 through 10.10.4.254 (just for guest wifi).

                                      Correct, but that said - I wouldn't use Windows to give DHCP to your Guest network for a few reasons:

                                      1. you'd have to allow traffic from the guest network onto the production network so the Windows Server could answer those requests, or you'd have to dual zone the Windows server into both networks.
                                      2. Any device you provide DHCP or DNS services to, you have to have a CAL for. This gets expensive fast.

                                      Instead, I'd enable DHCP on the ER for that network. No licenses required, everything stays completely separate.

                                      K 1 Reply Last reply Reply Quote 2
                                      • K
                                        krisleslie @Dashrender
                                        last edited by krisleslie

                                        @dashrender said in UBNT EdgeRouter LAN Config Issue:

                                        ired, everything stays completely separa

                                        I wouldn't have a license issue either way, I have DC 🙂 but your right that would mean I would have fun to deal with. I wasn't intending for the guest WIFi to be on windows anyways, I use the same wifi at home it's just easier to keep up with it on the ubiquiti.

                                        DashrenderD travisdh1T 3 Replies Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @krisleslie
                                          last edited by

                                          @krisleslie said in UBNT EdgeRouter LAN Config Issue:

                                          @dashrender said in UBNT EdgeRouter LAN Config Issue:

                                          ired, everything stays completely separa

                                          I wouldn't have a license issue either way, I have DC 🙂

                                          Huh? What does DC mean or have to do with licensing? If you're talking about Windows Server DataCenter edition - that only covers the VMs on that host, it does not cover user CALs.

                                          1 Reply Last reply Reply Quote 0
                                          • travisdh1T
                                            travisdh1 @krisleslie
                                            last edited by

                                            @krisleslie said in UBNT EdgeRouter LAN Config Issue:

                                            @dashrender said in UBNT EdgeRouter LAN Config Issue:

                                            ired, everything stays completely separa

                                            I wouldn't have a license issue either way, I have DC 🙂

                                            What does DC have to do with CALs? It doesn't.

                                            but your right that would mean I would have fun to deal with. I wasn't intending for the guest WIFi to be on windows anyways, I use the same wifi at home it's just easier to keep up with it on the ubiquiti.

                                            Unless you're rolling your own guest network, it's literally just a check box in the management software.

                                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 2 / 6
                                            • First post
                                              Last post