If you're a home networking enthusiast, chances are you use Ubiquiti gear. Last year, fed up with poor network performance, I upgraded my home network to go all-in with Ubiquiti equipment. If you want a semi-professional network setup, look no further! If you don't know anything about networking though, you might want to look for something else or have someone with the right technical abilities help you out. It's not Plug and Play - I would call it “prosumer” gear.
For the longest time, I was using a modem with a built-in router and access point provided by Telenet, my Belgian internet provider. It was never that great, and I tried to fix it by adding an even crappier access point from a brand that I already forgot. When the Ubiquiti stuff arrived, I immediately traded in my modem for another model that does only one thing - and does it right: being a modem. Every piece of the networking puzzle needs to be just right and have as few responsibilities as possible. You can call that neurotic. I call it attention to detail.
I bought a router/firewall, three switches, and two access points. When building our house, I made sure to have wired connections available in almost any room. I put the modem, the router and a switch in the garage, one switch in the living room and one in the office. Finally, one access point on every floor - nicely powered through PoE. Works brilliantly! Apart from one little annoying detail…
If you want to watch television, you need a set-top box. Telenet's set-top box is called a Digicorder. For some features, such as the program guide, the device requires a network connection - but not just any network connection: It assumes a direct link to the cable modem. The modem recognizes the Digicorder based on MAC address and provides it with two IP addresses in two different subnets, an internal one and an external one. When you put the Digicorder on the LAN (behind your router), that won't work, since there is no direct connection to the modem anymore. In that case, your Digicorder will get a single IP from the internal DHCP service. Not what we want.
The easiest solution
You can put a simple switch between your modem and the router and also connect your Digicorder to it - done. Both your router and the Digicorder would get the right IP addresses, and you could configure the rest of your network to sit behind the router.
I did not want to take this route myself, however. My Digicorder connects to the switch in my living room, and my modem sits in the garage. I do have a cable going to that switch, but I also wanted to connect other devices through that same connection. If I went for this approach, stuff in my living room would be living outside my internal network. And there was no way I was going to allow that. I could as well have stayed with the default Telenet configuration I had before. So I needed something else.
VLAN's to the rescue
Now it gets interesting. My technical requirement was simple enough: I wanted my Digicorder to sit in my internal network, yet provide a way to access the modem directly.
In the networking world, there's a concept called a VLAN. It enables you to partition your physical network into different logical networks. The average home networking gear usually doesn't support this, but all Ubiquiti products do. So what I needed was a separate VLAN for my Telenet devices. I could then connect my modem, my Ubiquiti router, and my Digicorder to it - no matter where they are in my house. When the router or the Digicorder would want an IP, they would get an answer from the modem directly. The rest of my network sits safely behind my router and firewall, traffic cannot flow from the regular VLAN's to the Telenet VLAN or vice versa. Pretty cool!
Geeks love network drawings! So here it is. My actual setup is a tad more complicated and has some additional coolness to it, but we'll discuss that in the next blog post! Pay attention to the red and green lines and it'll quickly become a lot clearer…
Creating a VLAN
To configure a Ubiquiti network, you need a controller. You don't just open a terminal to every device; you need software. That's also why this is called Software Defined Networking (SDN). You can install that software on a server or go the easy route and use a CloudKey: a little computer powered by PoE that you plug into a switch port. You can also use it to control your network from anywhere. I've already provided remote support to my family members while I was at a conference on the other side of the world.
To create a VLAN, login to your controller, go to Settings and then Networks. Create a new network, and give it a name, set its purpose to “VLAN Only” and give it an ID. Click Save.
Next, we need to create a Port Profile so we can assign the VLAN to individual ports in our network. While still in Settings, go to Profiles and then choose the “Switch Ports” tab. Add a new port profile. Choose a profile name, select the VLAN you created in the previous step, and click Save.
We now need to configure the switch ports that we want to connect to the modem with this profile. In your controller, go to the Devices screen and select the switch(es) you wish to configure. Next, choose a switch port and set the right port profile. In the screenshot below, I configured port 2 to be part of the Telenet VLAN.
In my case, I had to configure three ports:
- Port 1 on the switch in my garage (modem)
- Port 2 on the switch in my garage (router)
- Port 2 on the switch in my living room (Digicorder)
By assigning the Telenet port profile, these ports will behave as if they would be connected directly to the modem.
All the other switch ports in your network can be at the default settings. Devices that you connect to them that don't understand VLAN's will connect to your internal network by default. These ports are “trunk ports”. They can carry traffic for all networks in our setup, but regular devices such as laptops won't care. Switches will. With Ubiquiti, it will all work automagically.
Traditionally, you would connect the WAN port of your router to the modem and the LAN port to a switch so all your other devices can connect to it. The LAN port on my router connects to the first available switch port that we didn't tag with the Telenet VLAN - port 3. It's correct of course that with my setup you will lose two additional switch ports - but hey, mission accomplished!