*** Official Ubiquiti Discussion Thread ***
- Thread starter RoyMi6
- Start date
-
- Tags
- home network rewire ubiquiti wifi
Associate
Sorry, you have to login to Unifi forum using your unifi login and password and then you can access all the downloads from the forum links.
Associate
are you using username ubnt /root and password ubnt to login to controller?
Associate
Does your Cloudkey login page look like this?
More of a work question, as we are having issue with the current Ruckus equipment.
Could we install multiple APs across our 4 offices (different areas of the country, connected via MPLS) and share SSIDs and devices across the sites? What we have now is several SSIDs for different types of user, such as contractors, guests, permanent staff etc which grant different access to areas of our internal network or none at all, all via different VLANs etc. Currently if you're on the network in say Office A and walk into Office B the transition is seamless. Could Ubiquiti kit be used for this? I think our current APs cost the company around £400 each and we've never been happy with them. A recent firmware update has also caused chaos as they've removed some features which we relied on.
Could we install multiple APs across our 4 offices (different areas of the country, connected via MPLS) and share SSIDs and devices across the sites? What we have now is several SSIDs for different types of user, such as contractors, guests, permanent staff etc which grant different access to areas of our internal network or none at all, all via different VLANs etc. Currently if you're on the network in say Office A and walk into Office B the transition is seamless. Could Ubiquiti kit be used for this? I think our current APs cost the company around £400 each and we've never been happy with them. A recent firmware update has also caused chaos as they've removed some features which we relied on.
Last edited:
Soldato
- Joined
- 24 Sep 2015
- Posts
- 3,696
Yep, I don't see why not Run a central Unifi controller and use layer 3 adoption to get the APs on remote sites to be managed by that controller. You can then create different sites in the controller for each office and setup the SSIDs as you wish.
We do similar we have a controller in NL that controls the APs in NL, BE and IT.
We do similar we have a controller in NL that controls the APs in NL, BE and IT.
Don
You can host your controller on AWS, not done it myself.
Soldato
- Joined
- 24 Sep 2015
- Posts
- 3,696
We pulled all our Meraki kit out. I got grumbly about the ongoing license costs and the ball ache of buying new licenses. It was such a pain that overnight we ripped out all the Meraki kit in the UK.
Unfortunately where I work, the architect is very set in his ways as is the manager. There's only so much I can advise on, whether they listen or not is up to them. We've had plenty of 'I told you so' situations. But then again I'm a contractor, they're permanent so I guess my say is very little! I try to stay out of the politics and just do my job.
It also appears that my Cloud Key has gone down, not sure why. I think it's the crummy USB cable I found to power it. I will connect it to my PoE switch tonight and see if it stays stable. I didn't realise that PoE was an option hence plugging it into my Cisco switch as it's easier to get to the ports.
I must admit that I am sorely tempted to buy a couple of 8 port Ubiquiti PoE switches over time and replace my pfSense box with a USB, while I realise that the USG isn't as good as the pfSense box, the little graphs etc are extremely appealing.
I must admit that I am sorely tempted to buy a couple of 8 port Ubiquiti PoE switches over time and replace my pfSense box with a USB, while I realise that the USG isn't as good as the pfSense box, the little graphs etc are extremely appealing.
How good is the USG now? Does it still require configuration via JSON?
All I run really on my pfSense box is port forwarding/NAT rules for some internal services. I never got around to setting up OpenVPN server.
I'd be looking to do the same on the USG, plus either run OpenVPN on it or on an internal device.
Then I'd get one Unifi 8 port switch with PoE and one 8 port without. Would both switches show up on the graphs?
All I run really on my pfSense box is port forwarding/NAT rules for some internal services. I never got around to setting up OpenVPN server.
I'd be looking to do the same on the USG, plus either run OpenVPN on it or on an internal device.
Then I'd get one Unifi 8 port switch with PoE and one 8 port without. Would both switches show up on the graphs?
Soldato
- Joined
- 24 Sep 2015
- Posts
- 3,696
It depends what you want to do with it. If you just want it to do NAT, PAT and so on then it's absolutely fine. I believe they can run OpenVPN but I've not tried, I have a VM for that. I do have the L2TP VPN setup which works well (it was also more reliable for me in China than OpenVPN was).
My setup does need a JSON file as I want to access the web interface on my Draytek 130 so need the JSON file to set an IP address on the WAN interface of the USG that's in the same address space as the management interface of the 130. Chances are though that unless you're doing something unusual you won't need the JSON file. Ubnt are adding new features all teh time, when I got my USG you had to use a JSOn file to even set a static route but that's been in the GUI for quite some time.
Yes, both switches will show up in the controller.
I've got my USG powered by PoE from the US-8-150W. One less power brick cluttering up the place.
My setup does need a JSON file as I want to access the web interface on my Draytek 130 so need the JSON file to set an IP address on the WAN interface of the USG that's in the same address space as the management interface of the 130. Chances are though that unless you're doing something unusual you won't need the JSON file. Ubnt are adding new features all teh time, when I got my USG you had to use a JSOn file to even set a static route but that's been in the GUI for quite some time.
Yes, both switches will show up in the controller.
I've got my USG powered by PoE from the US-8-150W. One less power brick cluttering up the place.
Don
Yes, both switches would show up.
List the things that you configure on your pfsense, I'll tell you if you can do it in the GUI.
Port forwarding & NAT rules are certainly in there. It's come a long way since the earlier reviews.
For me, the two things missing from the GUI are OpenVPN server, Wake-on-Lan magic packet sender.
I just use my Synology as my OpenVPN server for now, although you can configure L2TP VPN on the USG.
List the things that you configure on your pfsense, I'll tell you if you can do it in the GUI.
Port forwarding & NAT rules are certainly in there. It's come a long way since the earlier reviews.
For me, the two things missing from the GUI are OpenVPN server, Wake-on-Lan magic packet sender.
I just use my Synology as my OpenVPN server for now, although you can configure L2TP VPN on the USG.
I can use my QNAP NAS as an OpenVPN server. I do however access my Draytek 130 from my internal LAN so I guess I would need JSON for that. Apart from that, port forwarding/NAT, WAN ping there's nothing special that I do.
I don't really want to move away from my pfSense box, but pretty graphs are pretty graphs.
I don't really want to move away from my pfSense box, but pretty graphs are pretty graphs.
Last edited:
Soldato
- Joined
- 24 Sep 2015
- Posts
- 3,696
I can give you my JSON file if you want.
Soldato
- Joined
- 24 Sep 2015
- Posts
- 3,696
So the steps I went through to get access to the web interface on my 130 are as follows.
Firstly I had to change the management address of the 130 as 192.168.2.0/24 conflicts with another range. I set the 130 to 192.168.3.1/24.
Then you need to tell the 130 how to route back to your LAN address space. My LAN is 192.168.8.0/24. Telnet into the 130 and do this:
It needs to be a route to the specific /24 (or whatever) of your LAN address space. IF you use 0.0.0.0 then you'll be able to ping the 130 but the web interface won't load. No idea why.
Then check the route is there:
Before adding the JSON file you can do a quick test to make sure the 130 is setup properly. Start a ping from something on your LAN to the management address of the 130. SSH into the USG and issue these commands:
You should get pings back from the 130 and be able to access the management interface. It won't last for long though, the IP address on eth0 will be removed the next time the USG checks in with the controller.
So assuming that worked you'll need to add your config.gateway.json file. My Unifi controller is on an Ubuntu VM so I put my file in /var/lib/unifi/sites/default. The contents of my file are:
Adjust the IP address of eth1 to match your setup. Save the file and force the USG to provision. Done.
It should be possible to add just the config for eth0 into the file rather than the entire interfaces section but I haven't bothered to look into that. I'm not planning to change the LAN IP on the USG so it;s not a problem having all the interfaces there.
If you're letting the USG get DNS servers by PPPoE then you will probably find that the controller starts to report the internet connection is offline and is shown in amber. The fix for that is to specify DNS servers for the USG within the controller.
Firstly I had to change the management address of the 130 as 192.168.2.0/24 conflicts with another range. I set the 130 to 192.168.3.1/24.
Then you need to tell the 130 how to route back to your LAN address space. My LAN is 192.168.8.0/24. Telnet into the 130 and do this:
Code:
ip route add 192.168.8.0 255.255.255.0 192.168.3.2 0 staticIt needs to be a route to the specific /24 (or whatever) of your LAN address space. IF you use 0.0.0.0 then you'll be able to ping the 130 but the web interface won't load. No idea why.
Then check the route is there:
Code:
> ip route status
Codes: C - connected, S - static, R - RIP, * - default, ~ - private
S~ 192.168.8.0/ 255.255.255.0 via 192.168.3.2, IF0
C~ 192.168.3.0/ 255.255.255.0 is directly connected, IF0Before adding the JSON file you can do a quick test to make sure the 130 is setup properly. Start a ping from something on your LAN to the management address of the 130. SSH into the USG and issue these commands:
Code:
configure
set interfaces ethernet eth0 address 192.168.3.2/24
commitYou should get pings back from the 130 and be able to access the management interface. It won't last for long though, the IP address on eth0 will be removed the next time the USG checks in with the controller.
So assuming that worked you'll need to add your config.gateway.json file. My Unifi controller is on an Ubuntu VM so I put my file in /var/lib/unifi/sites/default. The contents of my file are:
Code:
{
"interfaces": {
"ethernet": {
"eth0": {
"address": [
"192.168.3.2/24"
],
"duplex": "auto",
"firewall": {
"in": {
"name": "WAN_IN"
},
"local": {
"name": "WAN_LOCAL"
}
},
"pppoe": {
"0": {
"default-route": "none",
"firewall": {
"in": {
"name": "WAN_IN"
},
"local": {
"name": "WAN_LOCAL"
}
},
"mtu": "1492",
"name-server": "none",
"password": "internet",
"user-id": "[email protected]"
}
},
"speed": "auto"
},
"eth1": {
"address": [
"192.168.8.1/24"
],
"duplex": "auto",
"firewall": {
"in": {
"name": "LAN_IN"
},
"local": {
"name": "LAN_LOCAL"
},
"out": {
"name": "LAN_OUT"
}
},
"speed": "auto"
},
"eth2": {
"disable": "''",
"duplex": "auto",
"speed": "auto"
}
},
"loopback": {
"lo": "''"
}
}
}Adjust the IP address of eth1 to match your setup. Save the file and force the USG to provision. Done.
It should be possible to add just the config for eth0 into the file rather than the entire interfaces section but I haven't bothered to look into that. I'm not planning to change the LAN IP on the USG so it;s not a problem having all the interfaces there.
If you're letting the USG get DNS servers by PPPoE then you will probably find that the controller starts to report the internet connection is offline and is shown in amber. The fix for that is to specify DNS servers for the USG within the controller.