Components:
- 20/20Mbps fibre Internet connection
- a new router in the the same metal cabinet (no WiFi)
- only few PC's, printers, WiFi devices,
- Yealink base station with 3 VoIP phones,
- 2x WiFi Ubiquiti Unify UAP-AC-IW or -LITE version one in the office (garage level), another one in the living room. It should cover the entire two-storey house (open space living area with bedrooms around on the first floor).
Currentlly the old router is used - Fast Ethernet and WiFi, but it seems struggling with 40Mbps link.The initial project included a new router and a managed Gigabit switch to give a wired connection in every room, but all cables are still not in the conduits and there is a rush for a temporary solution.
Router: Mikrotik hEX RB750GR3 or Ubiquiti EdgeMax ER-X. Both are dirty cheap, available locally from Uniterm Direct. They are built on similar hardware with all Gigabit hardware switched ports, capable serving 100Mbps connection with ease. I decided for the later one due to the fact I am unable to read Mikrotik Linux-style manuals (having allergic reaction) and there is no provision for offline reading.
Proposed connections:
eth0 - WAN port for Internet
eth1 - Connection to the old 5-port unmanaged Gigabit switch located in the office
eth2 - Ubiquiti Unify UAP-AC-IW located in the office (getting 2 extra Gigabit ports)
eth3 - Ubiquiti Unify UAP-AC-IW or -LITE located in the living room
eth4 - Yealink base station for VoIP phones located in the office
Easy part. I want traffic separation for the VoIP base station (no reason, but something tells me it will be better if working standalone), so I connect the cable not to the dumb office switch, but directly to the router and configure base station IP on a different subnet.
Difficult part. Both WiFi AP's must be on the office LAN, but I want TV connected to the WiFi to be separated from the office LAN. It is because of running odd apps on the TV Fire Stick.
In addition, for the TV it must be a provision for geolocation blocking (smart DNS proxy or VPN, or both). I know that Unify AP's have a guest network feature, VPN (whatever) so TV can be placed on guest network, VPN, theoretically no problem.
How this AP guest network isolation works in practice? A different LAN subnet or VLAN? Do it require configuring VLANs on the router? I have no idea. I read manual, Edge router OS can obviously do it all, but I would like to know details. Maybe I would have to give up on using 9K jumbo frames on the office LAN, due to the router's MTU limitation on VLAN. And due to the connecting a dumb switch to the same LAN, router would have to handle stripping and recreating VLAN tags as well. Untagged VLAN? Any thoughts?
There is no separate manual for Ubiquity WiFi access points. Reading manual for Unify Controller software is confusing, as they constantly mix referencing to the AP on one side and USG router or Unify switches on the other. By example there are various options for defining network type: Corporate, Guest and VPN variety, then they say these options are only for use with USG and VLAN-only type is only for use with Unify switches. There is nothing left for non-Unify router/switch. I guess everything is there, but must be done manually.
- 20/20Mbps fibre Internet connection
- a new router in the the same metal cabinet (no WiFi)
- only few PC's, printers, WiFi devices,
- Yealink base station with 3 VoIP phones,
- 2x WiFi Ubiquiti Unify UAP-AC-IW or -LITE version one in the office (garage level), another one in the living room. It should cover the entire two-storey house (open space living area with bedrooms around on the first floor).
Currentlly the old router is used - Fast Ethernet and WiFi, but it seems struggling with 40Mbps link.The initial project included a new router and a managed Gigabit switch to give a wired connection in every room, but all cables are still not in the conduits and there is a rush for a temporary solution.
Router: Mikrotik hEX RB750GR3 or Ubiquiti EdgeMax ER-X. Both are dirty cheap, available locally from Uniterm Direct. They are built on similar hardware with all Gigabit hardware switched ports, capable serving 100Mbps connection with ease. I decided for the later one due to the fact I am unable to read Mikrotik Linux-style manuals (having allergic reaction) and there is no provision for offline reading.
Proposed connections:
eth0 - WAN port for Internet
eth1 - Connection to the old 5-port unmanaged Gigabit switch located in the office
eth2 - Ubiquiti Unify UAP-AC-IW located in the office (getting 2 extra Gigabit ports)
eth3 - Ubiquiti Unify UAP-AC-IW or -LITE located in the living room
eth4 - Yealink base station for VoIP phones located in the office
Easy part. I want traffic separation for the VoIP base station (no reason, but something tells me it will be better if working standalone), so I connect the cable not to the dumb office switch, but directly to the router and configure base station IP on a different subnet.
Difficult part. Both WiFi AP's must be on the office LAN, but I want TV connected to the WiFi to be separated from the office LAN. It is because of running odd apps on the TV Fire Stick.
In addition, for the TV it must be a provision for geolocation blocking (smart DNS proxy or VPN, or both). I know that Unify AP's have a guest network feature, VPN (whatever) so TV can be placed on guest network, VPN, theoretically no problem.How this AP guest network isolation works in practice? A different LAN subnet or VLAN? Do it require configuring VLANs on the router? I have no idea. I read manual, Edge router OS can obviously do it all, but I would like to know details. Maybe I would have to give up on using 9K jumbo frames on the office LAN, due to the router's MTU limitation on VLAN. And due to the connecting a dumb switch to the same LAN, router would have to handle stripping and recreating VLAN tags as well. Untagged VLAN? Any thoughts?
There is no separate manual for Ubiquity WiFi access points. Reading manual for Unify Controller software is confusing, as they constantly mix referencing to the AP on one side and USG router or Unify switches on the other. By example there are various options for defining network type: Corporate, Guest and VPN variety, then they say these options are only for use with USG and VLAN-only type is only for use with Unify switches. There is nothing left for non-Unify router/switch. I guess everything is there, but must be done manually.
Last edited:
