Edgeswitch-24-250 (Already bought)
Edgerouter-X (Planning on buying)
Unifi AP AC-Lite (Planning on buying)
I’ve been looking at the official Edgeswitch - Inter-VLAN Routing guide and although I think I understand it, my setup is a little different than the one illustrated in that guide. Due to contraints that I won’t bore you with I have to plug the AP in to a Router port instead of the Switch Port. Also, due to my circumstances, I have to plug one IOT device in to one of the router’s ports. I would still like the switch to handle routing where possible. Can I do the above following that guide or would I have to move some of the VLANS to the router? I’d like the AP to have three seperate SSIDS on 3 seperate VLANS. My aim is to create 1 IOT VLAN on the router and one private on the switch and also have a guest VLAN on the router. Would I need a trunk port between router and switch as well the routed port? Will the Switches ACL config carry over to the rest of the network? Any insight would be appreciaited. I have attached a diagram of my physical layout and how I think it would be configured.
With the edge line of products programming does not “Carry Over” to the other devices. I don’t do a lot of config for edge switches, but you should have the “Trunk Port” that carries all the VLAN traffic between any devices that you want to carry over the traffic. So eth4 needs to have all the traffic and so does eth1 if you ware going to do the inter VLAN routing.
If you configure Eth1 to eth4 on the ER-X as a VLAN-aware switch (look at the ER-X as a switch documentation, and make sure to exclude eth0 from the switch) then the packets from your two devices will be able to get to the Edgeswitch.
The VLANs 66, 77, 10, etc should not be added as interfaces on the ER-X. It should only have the VLANs in the switch part of the config. The default gateway IP on those VLANs will be on the Edgeswitch.
You will need another VLAN/subnet that is just for traffic between the ER-X and the edgeswitch. The Edgeswitch’s default gateway will be the ER-X’s IP in this VLAN, and on the ER-X you need to create static routes for each of the subnets (VLANs 77, 66, 10) pointed at the Edgeswitch’s IP.
Basically, what you want is possible, you just need to break it down into parts (get traffic to the Edgeswitch, have the Edgeswitch as the default gateway, and make traffic to/from the internet work) and handle them one by one.
If all traffic is not physically going through the switch why do you routing there? Is there a reason you are not just doing the routing on the router? With an environment this size you could get away with it however from a design principle you are adding extra hops, for what appears to me to be no extra value.
I am assuming you when you say default LAN you are referring to VLAN 1, don’t do it. If you have to use VLAN 1 it is because you are running something really old and it should be upgraded/replaced for other reasons.
There is rarely ever a good reason to run the same VLAN on both on the wired and the wireless, it also makes it a lot harder to trouble shoot things and you can run into routing related issue especially if you ever expand the design. ssid1 and ssid2 should have its own separate VLANs.
This way eth1,eth2, and eth 3 don’t need VLAN set the network interfaces. The only place where you would need a “Trunk” would be on eth4 for the 3 ssids.
This would be the simplest and most efficient design.
That was my first take too, but then a “powerline” adapter link between the ER-X and ES-24 was disclosed in the thread on the Ubiquiti forums. And those are usually well under 1Gb/s (and may not be full duplex).
With the ER-X, there is only a single 1 Gb/s link between the switch and the “routing engine/CPU”. See Re-visit the Switch in Edgerouter X thus the 1 Gb/s aggregate routing throughput on the ER-X. That includes inter-vlan routing.
The point is, either way devices connected to the ER-X switch-ports that are not in the same vlan will have to be routed by some “router on a stick”, whether that’s the CPU in the ER-X or the CPU or L3 switch (I really don’t know what the ES-24 uses to route, I don’t have one).
It really depends on where and the volume of traffic that is being routed whether the ER-X or the ES-24 is better. If he wants to use mulitple networks on his proxmox in his room, then keeping that traffic off the powerline link would probably be good.
This is a good example of why posting the same question in two places is bad. Few people will know the whole background.
