|
|
ID Verified
Trusted Subscriber
ID Verified Trusted Subscriber
Trusted Lifetime subscriber
ID Verified Trusted Subscriber
Hi as said, your solution is fine, however you may as well discard the USG3 and just put another DHCP scope on LAN2 of the USG4, which is a fine solution, for what you are doing.
But if you want to retain the USG3 and have local firewalling etc then attached is what I would do. Essentially there is a transport network 192.168.20.0/24 between the two LAN2 interfaces of each USG and routes on each USG to support that, the radios sit out in that transport network.
The advantage of this is that there is no broadcast traffic transiting the radio link, and you maintain fully independent networks and routers. The NAT service is by default only applied to the two WAN ports, so no masquerade is applied to LAN2 so you will need the mentioned routes and the only NAT will be out WAN1 of the USG4.
Edit: and having the two unifi controllers is fine as the devices are already adopted to each, if you add new devices to either lan then they will only discover their local controller. Alternatively you could just go with one controller and issue inform commands to each device to point it to the controller in the network its not a l2 member of.
Cyril
Trusted Lifetime subscriber
The last hurdle, with any luck:
Since the last bit of great advice in this thread, we've both replaced our USG's with Mikrotik RB4011's. As per the attached diagram below, I have got a transport network set up between both routers using the IP addresses as shown.
Fibre has been connected at the old man's place today, he's happily getting just over 850Mbps down at his end! Obviously I'd like a bit of that action now but am struggling a little with the implementation.
The goal has always been two isolated networks - we both have our own DHCP running at each end. I'm just struggling a little to get the setup correct and what exactly needs to happen where.
Using WinBox, I have created a route at my end (IP -> Routes) with a Dst address of 0.0.0.0/0 and gateway 192.168.20.6. I am guessing that I need to change the DHCP gateway from its current to something else, but not quite sure what - also the DNS Server will need to be changed as it currently points to my ADSL ISP DNS.
I feel as if my firewall rules may need to be changed as well? They are essentially the default Mikrotik rules as they have been working fine for the ADSL.
At the old man's place, I need to add the route that @cyril7 has pointed out in his picture above (192.168.192.0/24 -> 192.168.20.1) however is there anything else that needs to happen? I feel like there needs to be something to send it out to the world via Port 1 one his router, or is that something I need to do at my end (pointing my dhcp at his default gateway perhaps?)
It seems like it should be so simple - the internet is on port 1 of that router over there! - and I imagine to those of you who do this on the regular it probably is!
All advice most appreciated, thanks.
|
|
|
