Ubiquiti EdgeRouter Lite

[wct097]

Configuring one now to deploy for a client tomorrow. I'm digging it. Will likely have one for my home network at some point in the future.

 

[themonk]

More info about your experience needed. What can you do/control etc? Ease of setup?

 

[wct097]

Initial setup was a bit complex compared to a normal consumer grade router. I played with it for a while, got it running, then decided to upgrade to the latest firmware (1.2 to 1.7) which gave me access to wizards that I used to reconfigure again.

Very granular level of control. More like a "real" router than something like DD-WRT offers.

Has three ethernet ports. Each can be configured independently. I *think* you can do load balancing between two WANs and one LAN, configure it to handle 3 LANS or 2 LANS and 1 WAN. Then you can configure firewall/NAT rules between the interfaces, routing, etc. Can configure VLANS, multiple DHCP servers, etc.

If you consider DD-WRT to be "prosumer" then it's really a lower end enterprise router. Unless you use the wizards you're going to need a basic level of networking route/switch knowledge. For example, you configure your DHCP servers as with a subnet of something like 192.168.1.0/24.

 

[CharlieP]

I love my Unifi AP's- great and easy set up for a house (central, unnoticeable, easy to set up)

 

[wct097]

Installed my second one at a friend's house today. Did a speedtest from his hardwired PC (50ft network drop that I terminated myself) and got 180mb down and 12mb up. His old router was getting something like 12mb up and 5mb down.

My only advice to anyone considering one is to make sure you update the firmware first. The wizard makes it incredibly easy to configure. Doing it without the wizard is a bit tedious if you're not an experienced networking person.

 

[themonk]

I may use one for my church. Does it offer POE?

 

[wct097]

I may use one for my church. Does it offer POE?

The Lite doesn't. They have one that does. How many POE ports do you need?

 

[themonk]

Probably 2, maybe 3.

 

[wct097]

Probably 2, maybe 3.

Amazon.com Ubiquiti Networks - ERPOE-5 - EdgeRouter POE 24VDr C 1.25A Power Adapter Computers Accessories

 

[wct097]

Ordered an EdgeRouter Lite for my personal use at home. Should be here tomorrow. Makes DD-WRT look like a clunky POS.

 

[themonk]

When you set it up, post up some screen shots of the interface. I'm curious about it.

 

[wct097]

When you set it up, post up some screen shots of the interface. I'm curious about it.

Will do. Should get here today. Not sure if I'll have time to set it up tonight or not. Maybe after the gym.

 

[themonk]

No hurry, not buying immediately.

 

[wct097]

Actually, I guess it's coming tomorrow. So maybe I can set it up tomorrow afternoon.

 

[wct097]

 

[wct097]

This thing absolutely destroys DD-WRT in every way I can think of. It makes my fairly expensive Buffalo router preloaded with DD-WRT look like Achmed's clock.

My switch can pass VLAN tagged packets. I just spun up a VLAN and tied it to its own DHCP server and WiFi network and every device on that SSID goes to that specific DHCP server. Easy stuff. Now I need to branch out a little and figure out how to prevent routing between the VLANs or at least firewall them.

 

[wct097]

....and I've figured out inner-vlan routing as well as how to force all traffic on a given interface onto a vlan. I'm not even remotely close to being a route-switch guy, so I'd say this is a pretty decent example of how easy it is for someone with a basic understanding of the subject matter.

 

[CharlieP]

I only pretend to be a networking guy for my church but think this may solve an issue. What exactly is a VLAN? I split our incoming network into a secure side and an open/guest side. The secure side is for church staff, printers, & a NAS. The guest side is for four open WAPs for anyone to use. I've had to pull separate wires from the central point to make it work and now am being asked for a secure connection at the end of the building where I already have a guest connection. Could a VLAN be configured that based on who or what device connected where it would be inside a secure side? This would save several hours of wire pulling and really simplify things. I basically don't want the NAS open to guest users.

 

[wct097]

I only pretend to be a networking guy for my church but think this may solve an issue. What exactly is a VLAN? I split our incoming network into a secure side and an open/guest side. The secure side is for church staff, printers, & a NAS. The guest side is for four open WAPs for anyone to use. I've had to pull separate wires from the central point to make it work and now am being asked for a secure connection at the end of the building where I already have a guest connection. Could a VLAN be configured that based on who or what device connected where it would be inside a secure side? This would save several hours of wire pulling and really simplify things. I basically don't want the NAS open to guest users.

I'm nowhere near an expert, so take my expertise for what it's worth.

A VLAN is simply a virtual LAN. From a practical standpoint, you can assign devices to different logical LANS that are part of the same physical network. For example, you may have VLAN10 which is 192.168.10.0/24 and VLAN20 which is 192.168.20.0/24. You can do routing between the VLANS or keep them separate. It's very common in an enterprise environment to use VLANS to segregate devices or users.

Will that solve your problem? Maybe. In normal use, your switch ports would be assigned to specific VLAN and would tag all packets coming though with the appropriate VLAN tag. This isn't a feature that most home switches have. Some home switches, like mine, will pass those packets while others will drop or ignore them.

I do know that most routers and even the Ubiquiti APs have a "guest" feature which I assume does a separate VLAN for guests behind the scenes, keeping their traffic separate from your secure VLAN.

I would go with a Ubiquiti solution where you deploy their APs around your church and have an Edgerouter Lite with a switch capable of passing the VLAN traffic. Their APs have the ability to run multiple SSIDs and even put certain SSIDs on different VLANS. You could have your NAS and secure clients on a VLAN that is firewalled from the VLAN with the guest users. Their APs hand off pretty smoothly between each other so that if one is out of range your client switches to another seamlessly.

 

[wct097]

I created the VLAN interfaces from the dashboard:

Then set up DHCP servers for their IP ranges:

Set up firewall groups to group the various router IPs and address ranges together:

...then set up rules to drop traffic coming into the various VLANS from the selected interfaces.