Hi all,
got a little trobule to sort through, I know this is a dumb setup, but it is what it is, plz dont give me lectures that it should be done differently, it's been a s**t show from the very start of the project,
too much different people involved, not enough info, and it is what it is, a frankestein which has to live - somehow...
Picture attached on imgur for more clarification https://imgur.com/a/62Ea5ZK
Anyway,
I got a Mikrotik behind ISP's router, and UDMSE behind MT.
UDMSE is only for guest network (that was the idea at the begining) separate from the rest of the network (security, alot of users, blah blah blah).
And all of a sudden "we need a Corp Wifi on Unifi AP's, not all selected few)
The only problem is that Corp LAN is on the MT side not the UDMSE side.
I was thinking that on the MT side eth2 that goes towards UDMSE is made as a trunk port (mgmt VLAN - which gives access to the internet, and corp VLAN - which will give the IP pool of MT to the unifi AP's), then on the UDMSE side I make a VLAN only network (Corp LAN) and setup IP as is on the MT side.
Do the rest config for making WiFi on UDMSE side. So when someone connects to Corp Wifi he gets the IP from MT pool of Corp LAN, and has access to stuff thats gonna be there (printers,NAS and god knows what else they plan on putting there later on)
The only issue is that it seems all to simple, I think im missing something crucial.
Thx for any input
Re: MT to UDM VLAN's
Doctor Frankenstein would be appalled at the comparison! As for resolving your problem, that is going to take some work. You will need to do the following at the very least:
After you have done the above things, you will need to define the necessary routing and firewall rules on both sets of equipment to handle network traffic flows properly. I don't have access to any Ubiquiti equipment at the moment so can only give general advice but, when you define the networks, you can specify their VLAN ID and, depending on the network type (i.e.: Corporate, Guest, WAN, VLAN Only, etc.) various other settings like DHCP server or relay, DHCP guarding etc. You will need to experiment to find out the best arrangement for your situation. You can also take a look at the Ubiquiti Forums for help and hints.
I hope this can at least get you started with what you're trying to do.
- Define the VLAN tags on both the MikroTik and Ubiquiti equipment (it doesn't hurt to define them all but you can limit it to just the ones you want to use).
- On the MikroTik router, define the tagged and untagged VLAN IDs on the port connected to the UDMSE.
- On the UDMSE WAN port, define the same tagged and untagged VLAN IDs that you did on the MikroTik router.
- Define a wirless network on the UniFi AP with the VLAN tag that matches the Corp LAN.
After you have done the above things, you will need to define the necessary routing and firewall rules on both sets of equipment to handle network traffic flows properly. I don't have access to any Ubiquiti equipment at the moment so can only give general advice but, when you define the networks, you can specify their VLAN ID and, depending on the network type (i.e.: Corporate, Guest, WAN, VLAN Only, etc.) various other settings like DHCP server or relay, DHCP guarding etc. You will need to experiment to find out the best arrangement for your situation. You can also take a look at the Ubiquiti Forums for help and hints.
I hope this can at least get you started with what you're trying to do.
Re: MT to UDM VLAN's
You can't. On Ubiquiti gateway devices the WAN port is just a WAN port, you can't bridge other VLANs to the LAN ports. In a case where I needed to get an incoming WAN to a port on a Ubiquiti switch due to a lack of sufficient cables between a couple of locations I resorted to configuring a port profile, assigning it to a couple of the inbuilt UDM LAN switch ports, connecting the incoming WAN to one of these ports and the other port to the UDM WAN port.On the UDMSE WAN port, define the same tagged and untagged VLAN IDs that you did on the MikroTik router.
In this case connecting the WAN port plus one of the LAN ports to the Mikrotik and using VLAN-only networks for any non-UDM networks on the APs would work, but it is a hack. Dumping the UDM for a Cloud Key 2 or self-hosted UniFi controller would be better so the Mikrotiks do all of the routing & firewalling, and the UniFi APs do the WiFi.
Re: MT to UDM VLAN's
Ty both for your inputs, I was thinking that I'm gonna need to do it someway as you both described, I just wasnt sure if that was the way to go.
But.. This is the way...
Currently it looks like I will be going only with Unifi, and if UDMSE will not be enough to chew on the traffic I will throw in the Mikrotik aswell.
I had doubts that the UDMSE could handle all the traffic, and a network engi told me where he deployed it and it was working with no hitch, so I was like
if it could chew all that, then it will definatly chew through this, and put aside Mikrotik for now
But thx to both of you for your help :*
But.. This is the way...
Currently it looks like I will be going only with Unifi, and if UDMSE will not be enough to chew on the traffic I will throw in the Mikrotik aswell.
I had doubts that the UDMSE could handle all the traffic, and a network engi told me where he deployed it and it was working with no hitch, so I was like
if it could chew all that, then it will definatly chew through this, and put aside Mikrotik for now
But thx to both of you for your help :*
Who is online
Users browsing this forum: Bing [Bot], ChadRT and 142 guests