*** Official Ubiquiti Discussion Thread ***

[wonder_lander]

Can anyone help me with my configuration.

I've just moved over to Vodafone fibre this week so I have 2 LAN cables in the router. 1 to the network switch for all other wired devices and 1 to a Unifi LR AP.

I've bought a Ubiquiti USG to add in to the mix but I'm struggling to migrate it into my network.

1) The default IP is the same as my core home server so I've isolated the USG and changed its IP to 192.168.1.253
2) My vodafone router is on 192.168.1.254
3) 192.168.1.1 is used by my main home server.

With the USG adopted I disabled DHCP on the vodafone router and then plugged LAN1 from the router into WAN1 on the USG
LAN1 on the USG is connected to the network switch
LAN2 on the USG is connected to the LR AP

Once restarted I lose all internal and external network connectivity!

I can access the USG and get the message that there isn't an internet gateway present and I'm prompted to complete some details but nothing I've tried works.

Do I need to ditch the router for a pure modem instead of scaling back the routers functionality by disabling DHCP?

 

[the-evaluator]

Easy answer - Yes, you should replace the Vodafone router with a VDSL modem. When you have two things doing the routing you can find things like port forwarding get complicated as you have double NAT. Double NAT is not recommended.

It can work with the Vodafone router in place but it complicates things. The difficulty here is that you've got the LAN interface on the USG in the same address space as the LAN of the Vodafone router, that's not going to work. If you leave the WAN interface of the USG set to DHCP then it'll try to grab an IP address from the DHCP server on the Vodafone router and it'll get the same subnet on the WAN side as it has on the LAN side which will confuse it hence your lack of connectivity.

To save having to change the IP address on your server I'd suggest changing the LAN address on the Vodafone router to a different subnet, 192.168.2.254/24 for example. Disable DHCP on the Vodafone router than set the WAN address on the USG to 192.168.2.1/24 with a default gateway of 192.168.2.254. That should get connectivity for things connected to the LAN1 interface of the USG.

Now, as for the AC-LR. LAN1 and LAN2 on the USG aren't the same thing, they'll be on different networks so you may have troubles getting wireless clients to reach the server. Connect a switch to LAN1 and then connect the server and AC-LR to the switch. You should then have full connectivity.

You could keep the AC-LR connected to LAN2 but you would need to create a new network in the Unifi controller with LAN2 as the parent port. It's unecessary complication I would say. Much easier to run a flat network and keep everything hanging off LAN1.

 

[wonder_lander]

Brilliant, thanks for the comprehensive reply.

Currently the server has the gateway set as 192.168.1.254 so do I need to amend that or do I set the LAN IP of the USG as 192.168.1.254 and then enable DHCP on there starting from say 192.168.1.20 to skip over the fixed IP's that I've dished out?

Easy answer - Yes, you should replace the Vodafone router with a VDSL modem. When you have two things doing the routing you can find things like port forwarding get complicated as you have double NAT. Double NAT is not recommended.

It can work with the Vodafone router in place but it complicates things. The difficulty here is that you've got the LAN interface on the USG in the same address space as the LAN of the Vodafone router, that's not going to work. If you leave the WAN interface of the USG set to DHCP then it'll try to grab an IP address from the DHCP server on the Vodafone router and it'll get the same subnet on the WAN side as it has on the LAN side which will confuse it hence your lack of connectivity.

To save having to change the IP address on your server I'd suggest changing the LAN address on the Vodafone router to a different subnet, 192.168.2.254/24 for example. Disable DHCP on the Vodafone router than set the WAN address on the USG to 192.168.2.1/24 with a default gateway of 192.168.2.254. That should get connectivity for things connected to the LAN1 interface of the USG.

Now, as for the AC-LR. LAN1 and LAN2 on the USG aren't the same thing, they'll be on different networks so you may have troubles getting wireless clients to reach the server. Connect a switch to LAN1 and then connect the server and AC-LR to the switch. You should then have full connectivity.

You could keep the AC-LR connected to LAN2 but you would need to create a new network in the Unifi controller with LAN2 as the parent port. It's unecessary complication I would say. Much easier to run a flat network and keep everything hanging off LAN1.

 

[the-evaluator]

You could do it either way but personally I'd change the LAN address on the USG to 192.168.1.254, that way the server and anything else that may have a static IP address set will continue to work without you having to do anything to them.

Definitely set your DHCP range so that it doesn't overlap with any static IP addresses you've got set.

 

[platypus]

I

I take it you've tried this and it isn't working because of the reset button?
https://help.ubnt.com/hc/en-us/articles/220334168-UniFi-Cloud-Key-Emergency-Recovery-UI

Ja.

Ubiquiti have told me to RMA it .

 

[pcfarrar]

Ja.
Ubiquiti have told me to RMA it .

I've had to send back loads of Cloudkeys at work to the USA under warranty. The early models were definitely dodgy, the newer models seem to be fine though.

 

[wonder_lander]

You could do it either way but personally I'd change the LAN address on the USG to 192.168.1.254, that way the server and anything else that may have a static IP address set will continue to work without you having to do anything to them.

Definitely set your DHCP range so that it doesn't overlap with any static IP addresses you've got set.

Thanks, will have another crack tonight, if that fails I'll try and grab a VDSL modem. I'm on an ECI chipset cabinet, is the ECI openreach modem as good as any to get or should I be looking for something newer?

 

[the-evaluator]

I'd probably grab a BT Openreach modem from eBay and use that.

 

[wonder_lander]

I'd probably grab a BT Openreach modem from eBay and use that.

Ordered

 

[Blinkz]

Hey guys, as per my other thread regarding my new network install which is going ahead at the beginning of December I'm now looking at getting the kit to go with it. After some recommendations from you in the other thread and having done a little research I'm leaning towards getting everything from Ubiquiti. I'll get the US-24 as the main switch, connected to a USG which will be supplied by a Virgin Superhub in modem mode. I'll then get 2 or 3 AP-PROs or possibly LITEs. Do you all recommend any particular model of AP? Is the PRO worth the extra cash?

At some point in the future I'll add a US-8-60W to run some POE IP cameras but thats a project for another day. Is it worth getting the Cloudkey? Is it needed?

Anything else I'm missing?

Thanks!

 

[the-evaluator]

You'll need something to run the Unifi controller on. That could be a Cloud Key, Windows PC, Linux VM, Raspberry Pi.. there's lots of choice and it doesn't have to be something that's running 24/7. You could boot it only when you want to make changes but if you're going for Unifi AP, switch and USG then having the controller running all the time is nice as you can get statistics about the traffic.

Personally I use a Linux VM because I already have the hardware but if I didn't then I would have probably gone for a Cloud Key.

As far as access points go I've got a couple of AC-LR's an an AC-Lite. It's hard to say which will be best for you without knowing where you're planning to install them and what the construction of your house is. As you're planning to have multiple access points I would probably go the AC-Lite. The potential throughout isn't as high as the AC-Pro but I find them absolutely fine.

 

[WJA96]

Yes, but that's of no help with the AC-Lite or AC-LR's as they use passive 24v PoE not proper 802.3af PoE so if you have a PoE switch you'll still need to use the injector that comes with the AP.

The AC-Pro can run on either 24v passive PoE or 802.3af.

You can get adapters that'll let you run the AC-Lite and AC-LR on 802.3af but they only have 10/100 interfaces compared to the gigabit interfaces on the bundles 24v passive injectors.

If you have a UniFi PoE switch then they'll do 802.3af and 24v passive PoE so they can power all the APs.

All the AP-AC-Lite and AP-AC-LR models made since about June 2016 run both 24V and 48V PoE so it's fine to use any PoE switch with them. The boxes have a blue and silver flash sticker in the top left corner that states it supports 802.3af/A.

 

[wonder_lander]

Easy answer - Yes, you should replace the Vodafone router with a VDSL modem. When you have two things doing the routing you can find things like port forwarding get complicated as you have double NAT. Double NAT is not recommended.

It can work with the Vodafone router in place but it complicates things. The difficulty here is that you've got the LAN interface on the USG in the same address space as the LAN of the Vodafone router, that's not going to work. If you leave the WAN interface of the USG set to DHCP then it'll try to grab an IP address from the DHCP server on the Vodafone router and it'll get the same subnet on the WAN side as it has on the LAN side which will confuse it hence your lack of connectivity.

To save having to change the IP address on your server I'd suggest changing the LAN address on the Vodafone router to a different subnet, 192.168.2.254/24 for example. Disable DHCP on the Vodafone router than set the WAN address on the USG to 192.168.2.1/24 with a default gateway of 192.168.2.254. That should get connectivity for things connected to the LAN1 interface of the USG.

Now, as for the AC-LR. LAN1 and LAN2 on the USG aren't the same thing, they'll be on different networks so you may have troubles getting wireless clients to reach the server. Connect a switch to LAN1 and then connect the server and AC-LR to the switch. You should then have full connectivity.

You could keep the AC-LR connected to LAN2 but you would need to create a new network in the Unifi controller with LAN2 as the parent port. It's unecessary complication I would say. Much easier to run a flat network and keep everything hanging off LAN1.

Still waiting for the openreach modem to arrive but got it hooked up using the Vodafone router using your instructions.

I did have one problem though. Factory reset the USG, logged directly on to 192.168.1.1 and set the LAN IP to 192.168.1.254 and DHCP ranges.
Logged on to my core server which runs the controller (which is on 192.168.1.1) and everytime I tried to adopt the USG the provisioning process seemed to reset its IP back to 192.168.1.1 which conflicted with the core server!

In the end I moved the core server to DHCP, adopted the USG, set it's IP to 192.168.1.254 and then resetup the static IP on the core server to 192.168.1.1

 

[WJA96]

The USG can’t be on the same Subnet as the Vodafone router as they are both trying to issue IP addresses on the same range. So you get a conflict.

With modems it’s not just so easy.

Out of the box the Draytek Vigor 130 comes configured to 192.168.2.1 so it’s on a different subnet to the USG which defaults to 192.168.1.1 so they work together perfectly.

Set the IP of the Vodafone router to 192.168.2.1 and then set the USG to DHCP and it will work straight away.

When you get your new modem just check it’s not on the same subnet as your USG. Anything other than 192.168.1.x is fine. Make sure your USG is on the latest firmware. Go to the USG directly by typing 192.168.1.1 into a web browser. Log in using your UBNT account credentials. Then set the mode to PPPoE, enter your Username and Password and click apply changes at the bottom of the screen. Restart the USG and wait for the Line to come up. It can take 10 minutes or so.

 

[wonder_lander]

The USG can’t be on the same Subnet as the Vodafone router as they are both trying to issue IP addresses on the same range. So you get a conflict.

With modems it’s not just so easy.

Out of the box the Draytek Vigor 130 comes configured to 192.168.2.1 so it’s on a different subnet to the USG which defaults to 192.168.1.1 so they work together perfectly.

Set the IP of the Vodafone router to 192.168.2.1 and then set the USG to DHCP and it will work straight away.

When you get your new modem just check it’s not on the same subnet as your USG. Anything other than 192.168.1.x is fine. Make sure your USG is on the latest firmware. Go to the USG directly by typing 192.168.1.1 into a web browser. Log in using your UBNT account credentials. Then set the mode to PPPoE, enter your Username and Password and click apply changes at the bottom of the screen. Restart the USG and wait for the Line to come up. It can take 10 minutes or so.

Cheers WJA96, as er the advice I was given I did move the vodafone router over to the 192.168.2.x subnet but as I say when I connected to changed the IP on the USG to 192.168.1.254 it was being reset in the adoption/provisioning process back to 192.168.1.1 which then caused an IP conflict on the servers static IP.

Anyway it's all up and running now and I'll evaluate if it's worth swapping out the router for the BT openreach modem when it comes.

 

[Blinkz]

Is the USG a decent piece of kit? I’ve read a few reviews that says it can be hard to set up with lots of CLI needed? As above I’m looking to get a US-24 and some AP-LITE and thought the usg might be a good addition, if not I could always try and see how the current Virgin SH3 deals with it?

 

[WJA96]

Is the USG a decent piece of kit? I’ve read a few reviews that says it can be hard to set up with lots of CLI needed? As above I’m looking to get a US-24 and some AP-LITE and thought the usg might be a good addition, if not I could always try and see how the current Virgin SH3 deals with it?

Out of the box the USG is a perfectly adequate router. The firewall is also locked down by default. VPN is now configurable in the GUI and it makes all the bits of the dashboard light up if you have the switch and AP as well.

It still doesn’t do things like white/blacklists very well even though it theoretically has SquidGuard built in. Blocking countries is a pain apparently and it’s not as good as PfSense apparently. UBNT were apparently fully aware that they lagged behind in this area so they hired Chris Buechler (one of the Co-founders Of PfSense) and he’s sorting it out so that it’s the Best Security Appliance $100 can buy apparently. Certainly, it has improved leaps and bounds in the last 9 months.

Is there a particular reason you are going for the US-24 (I’m assuming one of the PoE versions) over the US-16-150W? The only reason I ask is that the US-16-150W is effectively silent whereas the US-24-250W sounds like a jet engine ALL THE TIME and the US-24-500W is even worse. So if noise is an issue, the smaller PoE switches are better.

 

[bledd]

USG is perfect for me, the only other thing I want on there is native OpenVPN GUI.

 

[Deleted member 138126]

Man I keep getting tempted to get a USG. I have an Edgerouter Lite which has served me incredibly well for the past few years, but I have all Unifi switches and APs, and the temptation to have that console all lit up is strong. The problem is I just. don't. need. it... I also have (as backups, so I can't use that as an excuse either), a Draytek 2820 (pretty useless these days, but would still do in a pinch), an Apple Airport Extreme (used solely for backups), and the Fritz box I got from Zen. So many routers!!

 

[bledd]

Sell the other stuff, all worth a fair whack!