I found this forum because Lawrence systems came up in suggestions watching YouTube. I am researching VLAN’s and Unifi products.
I currently share my internet with a small business about 3/4 of a mile from me. Not direct line of site. I was using two LiteBeam AC gen2 for a while then the trees grew to tall and had to switch to PowerBeam 2.4ghz units that perform “okay” Problem is the 2.4ghz band.
I have acquired a new hosting location (waiting on the connection to be completed)
Another small seasonal business that I will have access to all the time. The equipment I will be using is NanoBeams mixed with unifii & TP-Link equipment that I have already purchased.
I will also be sharing the connection with one of my neighbors.
I know I need to set up VLAN’s. I have attached a picture of my setup.
I am open to any and all suggestions. Will the map I have laid out work?
My hosting location I will just be providing and AP for wireless so they can do their “point of sale” purchases.
Before anyone starts with negativity, I am aware of the risks of what others do on the internet. I have laid down ground rules and if anything illegal is done with their connection I will terminate their service. I a m not worried about the hosting site. This network will be hidden with a 10/5mbps connection. It’s only for transactions.
Thank you in advance!!
Not too much negativity here, maybe think of it as warnings not negativity!
I’m not totally clear on what you are trying to achieve and am not up on the kit you mentionbut here’s my 2c worth.
(I have used the ERX’s but not for a while)
If you are looking to make it work with what you have then you can probably do it but it will be far from ideal. The ERX is a good bit of kit but they seem to struggle with throughput sometimes. It may be fine but keep that in mind.
You probably want to setup a vlan for backhaul / management that all of your kit is on back to the ERX
Then create a separate vlan for each customer/site/user and untag the uplinks on the TP Link Routers and maybe the EAP?
That way, when the customers connect things to the Routers / EAP they will get a vlan “tunnel” that is just for them all the way out to the ERX where it will be handed off to the WAN.
Generally the point to point kit is L2 so you don’t need to do anything complicated with the vlans on them, it will all just flow. (although again I do not have specific knowledge of the devices you have)
Thank you for the reply!
I was talking about negatively when posting on open forums. Someone always has something negative to say. The risks in sharing a connection.
With that being said, I was reading about the Edgerouter’s and they are a decent setup. Not really business class per say.
I am only doing this because I want reliable internet that I can manage. My current site I don’t have full access to my connection. Comcast is horrible but it’s the only thing available. They need a modem reboot at least once a month as where Fios can go 2-3 months without a reboot.
I am having difficulty with configuring the back bone of the system. I am in an area of expertise that I don’t have. I am trying to learn. The more I tinker the more I will figure out. Lots of reading and YouTube videos.
Every time I do something I can never find the perfect example of a setup. Only bits and pieces.
The layout I posted was one of many I tried to come up with. It is the most simple but I should be able to deploy it when I get all the configuration correct.
VLAN’s ,sub networks. I was just trying to fill my head with step A B C D, trying to start at step D without completing step A.
→ Start with a plan
What numbers are you going to use for your vlans and what ranges are you using for your subnets. For example;
vlan 11 = WAN1 / existing Internet = 192.168.201.0/24 (might not be required depending on ISP)
vlan 101 = backhaul / management = 192.168.255.0/24
vlan 1001 = client1 = 192.168.1.0/24
vlan 1002 = client2 = 192.168.2.0/24
etc
Write it all out so you have the information when you need it, google sheets are good for this (simple but good)
→ then head to the cable modem and start working back
Plug the cable modem and a laptop into the ERX
get the ERX talking to the cable modem and able to ping the net.
on the ERX configure a vlan, tag the vlan on one of the unused ports(2 maybe), untag it on another port (3) (it has 5 ports right 0-4?)
give it an IP on backhaul vlan on your backhaul subnet
connect the laptop to the untagged port (3), check you can see the router ip
connect the laptop back to the original port, change the management vlan to the one you just created
connect the laptop back to untagged port (3) you should now be able to re-configure from this vlan
check internet connectivity, fix as required
→ Work back
connect each device to an untagged port
on the “new” device, configure the vlan, tag the vlan on an unused port, configure an IP, connect the tagged port to a tagged port on the existing setup, if you can see the IP, connect back and change the management vlan
Once you have got all the kit talking end to end create the customer vlans, tag them on the correct ports on the required devices to get them to where they need to be.
There is probably a cleaner way to do this with two vlans out to the TP link routers, one for management the other for backhaul and just untag the WAN’s on the TP’s and leave NAT enabled on them but that doesn’t quite seem like the right solution somehow. (someone else might disagree?)
Wow! Thank you for taking the time to lay that out!
I have been watching the YouTube channel
Crosstalk Solutions. The guy Kevin Houser has series on there starting with basic networking and moves up to more advanced networking using Ubiquiti products.
All the rules still apply with other brand systems.
It’s giving me a good foundation to get this going.
I just tried a layout. Its a bit cramped on the picture. When you get a second could you take a look and let me know if you think I am on the right track?
I think you might need to get a better understanding of how vlans / subnets work and I’m not honestly sure if this is the right place.
As a quick observation, It looks like you are mixing up physical interfaces, devices and vlans.
Each router / switch only needs 1 IP and that IP needs to be assigned to the management vlan (you have as vlan 1 I think) not to a physical port.
I would caution against using vlan 1 for anything as well. Start at 10 or 100. Some devices really don’t like it if you use vlan 1.
If you are doing this commercially I would suggest you talk to someone who understands this a little bit better (where are you based?) if it’s for your own personal use then you need to start much much simpler and get the basics in first.
