I’m officially selling and installing my first ever Netgate/Unifi stack next week at a local business. They currently have just a cable gateway and netgear switch - all haphazardly rigged up. Their needs are very basic. I’m going to be setting up about 8 wired workstations and a couple wireless printers. My plan is:
Create the wired LAN
Create (2) wireless networks - one for the printers on its own VLAN and the other connected to the main LAN for everything else
Create a VPN to which I can connect remotely in order to admin the network
- Netgate SG2100
- Unifi 24P switch (non-PoE model)
- Unifi AC-LR Access Point
I want minimal down time for their network so I was hoping to set up most of this ahead of time but I’ve never done that before. What I’d like is to have the 2100 and the switch already set up so that I can go in, set their cable gateway to bridge mode, plug in the 2100 and switch and be back up and running right that very moment. From there I can configure the AP, connect the printers, etc…
Is this possible/practical? What suggestions would you have for me?
Lastly, although this is my first Netgate box, I’m pretty comfortable in pfSense as I’ve run it for years at home with a homebrew box.
It’s not only practical, it’s recommended. We prebuild and get as much done at the office as we can prior to delivery and install. When doing a replacement of other equipment, provided it’s still practical to do so we match the IP ranges and reservations of the clients existing network to simplify things.
Well… Crap. I knew I forgot something Tom - the cloud key! I appreciate your response btw. Can’t I just set up my lap top as the controller to configure everything? I’ve never tried this with my stuff at home because one of my always-on PC’s is the controller. Do the unifi devices need to be able to communicate with the controller 24/7?
Once configured the UniFi devices don’t need a controller except for captive portal if you are using that.
That’s an interesting setup you are configuring.
As much as I appreciate @LTS_Tom, I’m going to gently disagree here. The use of a controller is critical to being able to provide firmware and functionality updates to the APs. You might question the value of those updates, but they sometimes are important.
That said, you could absolutely set up your PC-based controller to manage both locations (Sites in the UniFi parlance). That also removes the need for a cloud key (or reliance on the Ubiquiti cloud). You’ll have to open a couple of ports on your firewall, but given that you have a pfSense device on the far end, you should easily be able to set up Dynamic DNS at the remote site, set up an alias on your firewall, and limit the UniFi traffic to that location.
Warning, though, this is how I started, and now I manage over 40 sites.
I am not implying it’s a good idea not to have a controller, just that it will work. Everything that @jvedman is correct and should be considered.
Thank you, @LTS_Tom. I probably should have also acknowledged that you were not incorrect. Once APs are configured they absolutely can operate without a controller. I still have a few out in the wild that aren’t. It just makes me crazy.
[Have I mentioned that I’m a little OCD and crave control?]
Might as well setup the AP before you’re on site as well. That way you can be sure you’re VLANS are working.