UBNT EdgeRouter LAN Config Issue
- 
 Yes and I apologize brother. I guess for me, I need to break this down into chunks and accomplish specific things first. I'm still a bit "noob". From the Ubiquiti router, of course, it's been wiped and re-setup. I have one interface still set up with the 10.10.2.x through 4.x from the router. I'm not clear if moving forward starting from the router, what has to be accomplished. 
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: Yes and I apologize brother. I guess for me, I need to break this down into chunks and accomplish specific things first. I'm still a bit "noob". From the Ubiquiti router, of course, it's been wiped and re-setup. I have one interface still set up with the 10.10.2.x through 4.x from the router. I'm not clear if moving forward starting from the router, what has to be accomplished. Got it. 
 I think from a router standpoint, as long as you have the normal NAT features enabled, you're good to go. Nothing more on the router should be needed.
- 
 So from the router we still have 3 different lans set up. There is 2.x, 3.x and 4.x I assume the 0.x and 1.x were originally intended to be reserved for the ROBO (kinda backwards). However, because that is an issue in itself for another post Ill let that one go lol 
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: So from the router we still have 3 different lans set up. There is 2.x, 3.x and 4.x I assume the 0.x and 1.x were originally intended to be reserved for the ROBO (kinda backwards). However, because that is an issue in itself for another post Ill let that one go lol Once you start using a /22 on the 2.x network, you'll have instant access to 0.x and 1.x networks. 
- 
 In your final design, what do you want your LAN gateway to be and what do you want your public WiFi gateway to be? I would use this setup. Plan your LAN to be 10.10.0.0/22. This means LAN computers will function on10.10.0.1 - 10.10.3.254.
 Plan your Public WiFi on10.10.4.0/24. This mean you will use10.10.4.1 - 10.10.4.254. It also means if you need a larger Public WiFi space, you ca expand it so a/23or even/22without overlapping you LAN.On your ERL 
 eth0 setup for your WANeth1 setup for your LAN with IP addresses: 
 10.10.0.1/22 - New permanent LAN Gateway (use this one when you run the setup wizard)
 10.10.2.1/22 - one of the existing gateways
 10.10.3.1/22 - one of the existing gatewayseth2 setup for your WiFi with IP address: 
 10.10.4.1/24If your Public WiFi is a VLAN on a shared UAP with the private WiFi (very common) then instead of eth2, you set up a VLAN on eth1 with the 10.10.4.1/24address.
- 
 Then you verify everything works as is. Once you have this setup, you can add a firewall rule to block access form the 10.10.4.0/24 subnet to the LAN subnet and ensure everything works as intended. Now, you can begin to change your stuff. First, go to all static devices and change their subnet mask from whatever they are to 255.255.252.0but do not change their current IP address or their current gateway as that would be potentially disruptive to the working environment.Change your VPN tunnels to use the new subnet. Next change your DHCP scope to hand out the 10.10.0.0/22scope and the new gateway IP of10.10.0.1/21Once all the dynamic stuff has a new IP address, change the default gateway in the static devices. You can also now change the IP address of the static devices if you want to reorganize them. But that is just a normal management task, not critical to the functionality. 
- 
 Thanks guys! So for my interface on eth1 include the following: 
 10.10.0.1
 10.10.1.1
 10.10.2.1
 10.10.3.1I use Ubiquiti for the wireless also and the company wifi is using whatever is free from the dhcp server scope (the windows 2012 r2 box). So when I reset the Guest Wifi just only include 10.10.4.1 and when I need more space, just switch from /24 to /22 as need permits. 
- 
 @jaredbusch said in UBNT EdgeRouter LAN Config Issue: a larger Public WiFi space, you ca expand it so a /23 or even /22 without overlapping you LAN. lastly after everything is moved to using 10.10.0.1/22 as the gateway, you can remove the other IPs from the ERL 
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: Thanks guys! So for my interface on eth1 include the following: 
 10.10.0.1
 10.10.1.1
 10.10.2.1
 10.10.3.1If you aren't using 10.10.1.1 right now, you can skip it. 
- 
 I guess the confusing part for me, is from my point of view, I'm trying to figure out why would I need all 4 of the LANS there on the router? I assume this is so the router can see between each network and route. 
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: So when I reset the Guest Wifi just only include 10.10.4.1 and when I need more space, just switch from /24 to /22 as need permits. Correct. 
 Depending on how you setup the guest network, you'll need to have it set to use the correct VLAN. This can be one at the SSID level on the controller.
- 
 Not using it but if this would lessen the burden, I would go ahead and get it done now vs waiting for it to fall in my pants months down the road lol. 
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: I guess the confusing part for me, is from my point of view, I'm trying to figure out why would I need all 4 of the LANS there on the router? I assume this is so the router can see between each network and route. It's because you don't want to break what you have today. 
- 
 GOTCHA! So what should have occured originally was, when the router was configured, it should have only included the 10.10.0.1 gateway for the eth1 interface. Then from the Windows Server, when setting up the scope, each scope should have been spelled out as 10.10.0.1 - 10.10.3.254 then I could have came back and made one more scope to only be 10.10.4.1 through 10.10.4.254 (just for guest wifi). 
- 
 @dashrender said in UBNT EdgeRouter LAN Config Issue: @krisleslie said in UBNT EdgeRouter LAN Config Issue: I guess the confusing part for me, is from my point of view, I'm trying to figure out why would I need all 4 of the LANS there on the router? I assume this is so the router can see between each network and route. It's because you don't want to break what you have today. Correct. This design I laid out is a swing migration design. It lets everything work as it currently functions throughout the entire process. 
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: GOTCHA! So what should have occured originally was, when the router was configured, it should have only included the 10.10.0.1 gateway for the eth1 interface. Then from the Windows Server, when setting up the scope, each scope should have been spelled out as 10.10.0.1 - 10.10.3.254 then I could have came back and made one more scope to only be 10.10.4.1 through 10.10.4.254 (just for guest wifi). Correct, but that said - I wouldn't use Windows to give DHCP to your Guest network for a few reasons: - you'd have to allow traffic from the guest network onto the production network so the Windows Server could answer those requests, or you'd have to dual zone the Windows server into both networks.
- Any device you provide DHCP or DNS services to, you have to have a CAL for. This gets expensive fast.
 Instead, I'd enable DHCP on the ER for that network. No licenses required, everything stays completely separate. 
- 
 @dashrender said in UBNT EdgeRouter LAN Config Issue: ired, everything stays completely separa I wouldn't have a license issue either way, I have DC  but your right that would mean I would have fun to deal with. I wasn't intending for the guest WIFi to be on windows anyways, I use the same wifi at home it's just easier to keep up with it on the ubiquiti. but your right that would mean I would have fun to deal with. I wasn't intending for the guest WIFi to be on windows anyways, I use the same wifi at home it's just easier to keep up with it on the ubiquiti.
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: @dashrender said in UBNT EdgeRouter LAN Config Issue: ired, everything stays completely separa I wouldn't have a license issue either way, I have DC  Huh? What does DC mean or have to do with licensing? If you're talking about Windows Server DataCenter edition - that only covers the VMs on that host, it does not cover user CALs. 
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: @dashrender said in UBNT EdgeRouter LAN Config Issue: ired, everything stays completely separa I wouldn't have a license issue either way, I have DC  What does DC have to do with CALs? It doesn't. but your right that would mean I would have fun to deal with. I wasn't intending for the guest WIFi to be on windows anyways, I use the same wifi at home it's just easier to keep up with it on the ubiquiti. Unless you're rolling your own guest network, it's literally just a check box in the management software. 
- 
 @krisleslie said in UBNT EdgeRouter LAN Config Issue: I wasn't intending for the guest WIFi to be on windows anyways, I'm not sure what you mean? I use the same wifi at home it's just easier to keep up with it on the ubiquiti. 
 You can use the same APs (UAP AC whatevers in this case) for both the production network and the guest network. In this case, you'd have a VLAN for the guest network, so when someone joins the guest SSID, they are automatically assigned the guest VLAN, and get DHCP from the ER.Note you would NOT use the guest network option in Unifi controller for this network. 


