Unifi - compatibility check for upgrade

RedvGreen

RedvGreen

RedvGreen

Soldato
Joined
2 Dec 2009
Posts
4,018
Location
Midlands
Hello everyone, I'm about to upgrade the network infrastructure in the office now, and just wanted a critical set of eyes over the proposed solution before I splash the cash.




My assumptions here are that it will deprecate my Cloud Key (older model), and, provided I can get the Smart Hub 2 to work merely as a gateway, should allow all DHCP to flow via the Dream Machine, allowing the LTE device to provide back-up connectivity as/when required.

Please could you let me know any issues, or if you think this should work?
 
Yeah UDM-Pro has built in controller.

Can't comment on the BT but the VM can set their routers into home mode, if you can't you are double NAT'd/Firewalled. Problems if you want to run services on the LAN.

UDM-Pro has WAN failover/weighted in the new settings.

If you can cable APs I would :)
 
How come you want to keep the BT router in the loop?

I've got pretty much the same network setup as you, except I've got a Zyxel 1920-48HP instead of a Unifi switch.
 
spoffle said:
How come you want to keep the BT router in the loop?

I've got pretty much the same network setup as you, except I've got a Zyxel 1920-48HP instead of a Unifi switch.
Click to expand...
My understanding is that the BT fibre won't function without the Smart Hub2 - not sure if this is the case?
 
RedvGreen said:
My understanding is that the BT fibre won't function without the Smart Hub2 - not sure if this is the case?
Click to expand...
I've got my UDM pro directly connected to the Openreach ONT. My BT hub is completely disconnected.

It's only a requirement with Virgin to use their supplied hubs.
 
spoffle said:
I've got my UDM pro directly connected to the Openreach ONT. My BT hub is completely disconnected.

It's only a requirement with Virgin to use their supplied hubs.
Click to expand...

Well that keeps things simple-ish...
Only issue is the server rack (patch panels etc) are in the office loft and we only have one hard wired cat6 cable that terminates in a rj45 jack at the ONT, yet there is kit at the ONT that needs to be on the same network.
As it all needs wiring in, I’m assuming we are going to need to lay another cat6 to the ONT to service the kit there?
 
RedvGreen said:
Well that keeps things simple-ish...
Only issue is the server rack (patch panels etc) are in the office loft and we only have one hard wired cat6 cable that terminates in a rj45 jack at the ONT, yet there is kit at the ONT that needs to be on the same network.
As it all needs wiring in, I’m assuming we are going to need to lay another cat6 to the ONT to service the kit there?
Click to expand...
Yeah it sounds like you'll need to run more cables.
 
The simplest solution to your cable issue would be to put a switch in at the ONT end. UniFi Flex Mini is £30-ish for a 4-port managed switch or the US-8 is £75-ish for an 8-port.

Can I ask why you’re going with the UDM Pro? It is STRONGLY rumoured they are about to discontinue it from early next year and to be frank, it’s a disaster of a thing. Why not just get a UDM (non-pro) and plug it in where the ONT is? That gets you your UniFi controller and a 4-port switch. And an access point as well. OK, it’s not in your rack, but on every other level it’s the better, more stable, more useful device.

And I don’t know if it’s just how you’ve drawn your diagram but the UniFi LTE and wired devices should be coming off the switch, not the UDM-Pro. The switching capacity of the UDM-Pro is very poor. Don’t use it as a switch. And do also bear in mind that if you lose the UDM-Pro, with the controller, EVERYTHING goes offline. So make sure you have off-device backups (by default it backs up to itself) so you can restore your controller if it goes down.
 
Last edited:
WJA96 said:
The simplest solution to your cable issue would be to put a switch in at the ONT end. UniFi Flex Mini is £30-ish for a 4-port managed switch or the US-8 is £75-ish for an 8-port.

Can I ask why you’re going with the UDM Pro? It is STRONGLY rumoured they are about to discontinue it from early next year and to be frank, it’s a disaster of a thing. Why not just get a UDM (non-pro) and plug it in where the ONT is? That gets you your UniFi controller and a 4-port switch. And an access point as well. OK, it’s not in your rack, but on every other level it’s the better, more stable, more useful device.

And I don’t know if it’s just how you’ve drawn your diagram but the UniFi LTE and wired devices should be coming off the switch, not the UDM-Pro. The switching capacity of the UDM-Pro is very poor. Don’t use it as a switch. And do also bear in mind that if you lose the UDM-Pro, with the controller, EVERYTHING goes offline. So make sure you have off-device backups (by default it backs up to itself) so you can restore your controller if it goes down.
Click to expand...

I'd agree with everything @WJA96 said. Personally I wouldn't buy a UDM Pro, it's been a bit of a pig of a product.
 
RedvGreen said:
Our concern is that the bandwidth is slower than Gigabit on the normal UDM versus the Pro ( believe limited via the IDS/IPS).
Click to expand...

I run Untangle on a Xeon router and I don't have any issue with horsepower but even then I only occasionally turn it on to just check that nothing on my network is doing anything it shouldn't be.

Other than that I have it switched off. It was one of the worst things UBNT ever did because until they added it, the USG range was plenty fast enough and after they added it, all anyone did was complain about how slow the USG's were with IPS/IDS switched on. It's worth researching what it does because most people, once they realize what it means, they're not that bothered. It's UBNT's implementation of Suricata (I think everyone just uses Suricata for this), so check that out and I'm 99.9% certain you won't want it running 100% of the time.

Even if you took a hit down to 850Mbps or whatever it is, I'd still have that with the UDM base over a UDM-Pro. Or wait for the XGM-Pro (currently in Beta) to go General Access.
 
WJA96 said:
The simplest solution to your cable issue would be to put a switch in at the ONT end. UniFi Flex Mini is £30-ish for a 4-port managed switch or the US-8 is £75-ish for an 8-port.
Click to expand...

Just to clarify this scenario:

ONT <--> USW-Flex <------> Router

This would provide the WAN link to the router and also supply LAN devices connected to the USW-Flex? What is the config for this, just separate VLANs for the WAN/LAN? I have been considering FTTP but I only have a single Cat5e running from the most likely location for the ONT back to my office where most of the other stuff is. I'd like to avoid running additional cabling.
 
BigChin1 said:
Just to clarify this scenario:

ONT <--> USW-Flex <------> Router

This would provide the WAN link to the router and also supply LAN devices connected to the USW-Flex? What is the config for this, just separate VLANs for the WAN/LAN? I have been considering FTTP but I only have a single Cat5e running from the most likely location for the ONT back to my office where most of the other stuff is. I'd like to avoid running additional cabling.
Click to expand...

Yes. That was what I suggested, and in hindsight it may not have been as great a work of genius as it first appeared.

Having thought about it anything plugged into the USW-Flex-Mini would be physically outside the firewall and directly connected to the ONT so there is potential for them to be attacked.

From a straight Ethernet point of view it works. The devices see the router as their gateway so they send all their data to the router to be sent to the network and the router sends the information to and from the ONT. The other devices connected to the switch wouldn’t even know the ONT was there' but from a security point of view it is poor option. You could configure it with VLANs and that would make the devices harder to see from the outside but they would still be there, physically outside the firewall.

Having had a think about it, it was a poor suggestion. The UDM in place of the BT SmartHub router would be a much better option.
 
You must log in or register to reply here.
Back
Top Bottom