Edgerouter VLAN Setup

This will setup the edgerouter in a router on a stick configuration using VLANs, with no subnet restrictions (these will be applied after setup). Example Network Diagram.

../../../../_images/aafig-6971a641053089b307456a1ab681be257108da0d.svg
../../../../_images/edgerouter.png

Reset & Login to Router

  1. Factory reset edgerouter.

  2. Connect eth1, set laptop static 192.168.1.5, gateway: 192.168.1.1.

  3. Connect to Edgerouter GUI @ http://192.168.1.1.

    • Default credentials: ubnt/ubnt.

Basic Setup Wizard

Basic Setup (Basic Setup is the same as WAN+2LAN2).

Configure WAN / Internet port

Internet (eth3/SFP)

Static IP

› Address

PUBLIC IP / NETMASK

› Gateway

GATEWAY

› DNS

1.1.1.1

Internet connection is on VLAN

Enable the default firewall

Enable DHCPv6 Prefix Delegation

Bridge LAN interfaces into a single network

Updated: None

Configure LAN Management Ports

LAN Ports (eth2)

Address

192.168.2.1 / 255.255.255.0

Note

This will become static management port for the router, in case anything happens.

Updated: None

Configure New Admin User

User Setup

Username

USER

Password

PASS

Updated: None

Apply and reboot router.

Hint

The reason to use the SFP connection for Internet is to make it physically distinguishable from the rest of the ports on the router, even if it just converted immediately to ethernet.

Setup VLANs on eth0

  1. Set laptop DHCP. Connect to eth2.

  2. Connect to Edgerouter GUI @ http://192.168.1.1.

Configure Host and Domain

Management Settings › System

Host Name

HOST

Domain Name

DOMAIN

Ubntu Discovery

Updated: None

Configure SSH Server

Management Settings › SSH Server

Enable

Port

SSH PORT

Updated: None

Define Management Network on Interfaces

Dashboard › eth0 › Actions › Config

Address

Manually define IP address

Address

10.1.1.1/24

Updated: None

Important

This handles untagged traffic coming into the router; this is the Management VLAN network.

Add Wired Network VLAN

Dashboard › Add Interface › Add VLAN

VLANID

2

Interface

eth0

Description

DESCRIPTION

Address

Manually define IP address

Address

10.2.2.1/24

Updated: None

Warning

Add all VLANS using the VLAN Table to eth0. Management VLAN is not explicitly defined as a VLAN – untagged traffic coming into eth0 IS management traffic.

Setup DHCP & DNS for VLANs

Add DHCP Server for Each Network

Services › DHCP Server › Add DHCP Server

DHCP Name

Wired

Subnet

10.2.2.0/24

Range Start

10.2.2.10

Range End

10.2.2.240

Router

10.2.2.1

DNS 1

10.2.2.1

Domain

DOMAIN

Domain

☑ Enable

Updated: None

Warning

Add DHCP for all VLANS. For the management DHCP server, set the Unifi Controller field to the IP for the permanent Unifi Controller and not your laptop.

Services > DNS > Interface > Add Listen Interface

Note

Add for all networks and VLANS. VLANS will appear as eth0.vlanid.

Confirm Management Network Working

  • Connect laptop to eth0.

  • Laptop should pull a Management VLAN network address, with the gateway 10.1.1.1. This means untagged traffic is being properly assigned to the management network.