*** Official Ubiquiti Discussion Thread ***

Got you. OK, so basically my option is if I want to slim down on plugs, buy some new APs.

Or, the easiest is just to forget about any of that, buy the US8 and continue using using my network 'as-is' but at least have more control over my switch.

I would like another Lite though for greater coverage down the bottom end of the house/into the garden but for the sake of a plug being taken up no point in replacing all my APs.
 
Ev0 said:
Well it’s kind of obvious you wouldn’t manage 250 stand alone devices, unless some sort of sadist.

I’m not doubting they are are good bits of kit that scale, just pondering what to do for a home environment that has around 10 devices connecting, not all at same time.

Would quite like something that has a few more config options though, have some security kit that I could make use of then to tinker with :)
Click to expand...

You might be surprised how few configuration options there are on just the access point. Even when you have all the bells and whistles with the controller running the USG and switches you get fewer options than on many ‘prosumer’ routers. That’s why a lot of people just leave it with pfSense running as the UTM and the Unifi just running the Access Points.
 
Why I was looking at the Drayteks to be honest, they did everything I needed in one box, shame the wireless sucked!

The tinkering options are more around the router/switching than the AP, just some decent logging and port mirroring is all I really could do with.
 
Has anyone created a second VLAN? Is it just a case of creating the network on the settings page and assigning that new network to a switch port? I can ping the second network gateway from the original VLAN but not beyond, and traffic from the new VLAN can't get anywhere. Do I need to open up any firewall rules?

Also, what's the correct way of putting in static DNS entries onto the USG?
 
Yep, I'm running 3 VLANs at home and can happily route between them.

It was just a case of create the network, give it a VLAN ID and put the appropriate switch ports into the correct VLAN. If you've got multiple switches then remember to set the uplink/downlink ports to be tagged in all the VLANs if you want to be able to present the non-native VLAN on the downstream switch.
 
Hmm, still not working, I must be having a bad day or I've missed something blindingly obvious.

Home Lab is the new VLAN (2).

image.png

Switch profile:

image.png

This is the switch port:

image.png

From the device it's connected to (ESXi 6.7) I can't ping anything.
From my PC, I can ping the 10.0.0.254 gateway but not further.

Any ideas? If this was Cisco kit I wouldn't be posting this message. :)
 
Last edited:
So the ESXi box can't even ping the gateway on 10.0.0.254? Your PC can ping 10.0.0.254 when it's in 192.168.1.0/24? Double check if the ESXi box has a gateway on the VMkernel interface.

I'll post my setup for comparison though I can't immediately see anything wrong. Since posted I've deleted a VLAN so there's only 2 but I can still route between them just fine.
MsmylIB.jpg

k1RTSQ4.jpg

GwpvJrf.jpg

HziVZrM.jpg
 
Yes correct, ESXi is configured as 10.0.0.1/24 with a gateway of 10.0.0.254. I may try another device on the 10 network, as perhaps it's ESXi having a bit of a fit as it's been changed from the 192 network (I built it initially on the 192 network but I want to keep the lab separate from my regular home stuff). Good shout on the VMkernel interface though.

Once I get it working I'll be creating more VLANs in order to run VSAN etc. How I wish 10Gbit switches were more affordable!
 
Ha, I've seen ESXi/vCSA get grumpy over the smallest things! A quick check I may do tonight is to move the IPMI interface on the Supermicro to the 10 network as it's currently on 192. That should tell me where the issue is and won't take too long to do.
 
Hmm, I've rebuilt ESXi and it's still not working. Guess I'll have a look on the forums and see if I can spot anything.

Edited to say that I've restored a previous configuration from well before the weekend when I was mucking around with the json file, connectivity through to 192.168.2.1 (my Draytek) works again, it didn't earlier, but still having issues on the 10. range.

Here's my json file in case it's screwing something up.

Code: 
{
    "ethernet": {
        "eth0": {
            "address": [
                "192.168.2.2/24"
            ],
            "duplex": "auto",
            "firewall": {
                "in": {
                    "name": "WAN_IN"
                },
                "local": {
                    "name": "WAN_LOCAL"
                }
            },
            "pppoe": {
                "0": {
                    "default-route": "none",
                    "firewall": {
                        "in": {
                            "name": "WAN_IN"
                        },
                        "local": {
                            "name": "WAN_LOCAL"
                        }
                    },
                    "mtu": "1492",
                    "name-server": "none",
                    "password": "blahblah",
                    "user-id": "[email protected]"
                }
            },
            "speed": "auto"
        },
        "eth1": {
            "address": [
                "192.168.1.254/24"
            ],
            "duplex": "auto",
            "firewall": {
                "in": {
                    "name": "LAN_IN"
                },
                "local": {
                    "name": "LAN_LOCAL"
                },
                "out": {
                    "name": "LAN_OUT"
                }
            },
            "speed": "auto"
        },
        "eth2": {
            "disable": "''",
            "duplex": "auto",
            "speed": "auto"
        }
    },
    "loopback": {
        "lo": "''"
    }
}

Edit again. I feel like an idiot - I had a switch port profile specifically default VLAN on the uplink to the USG. Doh! Now changed to all (thus tagging the VLAN) and it's dropped in.

Now to sort out all the profiles as they are far from ideal, no idea what I was thinking when I set it all up.
 
Last edited:
the-evaluator said:
D'oh. I may have dome similar in the past actually now that I come to think about it.
Click to expand...
Do you use a USG? If so, do you find that any large network traffic between VLANs causes high CPU usage? To the point that sometimes the internet drops:

Code: 
top - 18:20:13 up 23:58,  1 user,  load average: 4.76, 5.28, 3.08
Tasks:  89 total,   7 running,  82 sleeping,   0 stopped,   0 zombie
%Cpu(s): 13.1 us,  7.9 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi, 79.0 si,  0.0 st
KiB Mem:    495516 total,   292592 used,   202924 free,    30552 buffers
KiB Swap:        0 total,        0 used,        0 free,   130172 cached

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND
20485 root      20   0  131m 1204  900 R 105.6  0.2   0:05.70 utmdaemon
20132 root      20   0 20216 4392 2108 R  21.5  0.9   0:21.36 ubnt-cfgd
20263 root      20   0 29284  23m 1420 R  20.8  4.9   0:11.92 Suricata-Main
20208 root      20   0  9376 7600 1080 R  17.5  1.5   0:15.13 ips-service-ali
  631 root      20   0  125m 7104 3552 S  10.7  1.4  23:14.56 ubnt-util

Am I right in saying that the UniFi Switch 16 POE-150W doesn't support Layer 3 switching yet?

I may have to dig out my Cisco SG300, or find a way of pfsense playing with the USG without double NAT.
 
You must log in or register to reply here.
Back
Top Bottom