Unifi Dream machine Pro - 2 internet connections

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Unifi Dream machine Pro - 2 internet connections

xpd

Geek @ Coastguard NZ
13769 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#288670 16-Jul-2021 08:20

Networking is not my strongest area of IT at the corporate level, so better make sure I'm on the right track before swiping the company credit card ;)

We currently have 2 internet connections into the office, one is for "public" consumption/non-company devices. The other is purely for corporate device connectivity.

We currently have 2 wifi systems running, one being Mikrotik and the other Unifi.

I assume if we purchased a Unifi Dream Machine Pro, it will happily deal with 2 internet connections feeding to the AP's on separate SSID's that are not able to talk to one another ? (VLAN ?) Then I can remove the Mikrotik from the equation and have a one-stop-shop for administration........

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

LinkTree

Spyware

3764 posts

Uber Geek

Lifetime subscriber

#2744984 16-Jul-2021 08:30

UDM Pro is home or small business level. Given firmware problems alone I wouldn't install in a business. A Mikrotik will full your life with joy.

Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

Jiriteach

1119 posts

Uber Geek

ID Verified

Lifetime subscriber

#2744997 16-Jul-2021 08:38

Not sure this is fully possible with the UDM Pro. It does support the concept of dual WAN's. Primary is typically on Port9 via RJ45 and you can use a SPF to RJ45 on Port10 for secondary but its designed for failover or load balancing.

I've run dual WAN's for failover to 4G or similar and its worked well. It maintains connectivity to both WAN's etc. You would have to mess with the routing to get things working - so not sure how far you can take that.

-- opinions expressed by me are solely my own. ie - personal

xpd

Geek @ Coastguard NZ
13769 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#2745003 16-Jul-2021 08:50

Boss isn't keen on Mikrotik given the issues we've had with the existing gear..... ok, so UDM Pro not way to go.

So just stick with PC based controller and have fun figuring out how to setup via that :) Gives me something to do ;)

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

LinkTree

dt

1152 posts

Uber Geek
Inactive user

#2745069 16-Jul-2021 09:45

You likely could have done it with the old load balancing option they had but they removed it for some reason and only have an option for failover now.

chevrolux

4962 posts

Uber Geek
Inactive user

#2745082 16-Jul-2021 10:19

Why not just go straight to the likes of Fortigate if it's an corporate/enterprise level network?

But also, Mikrotik has probably come a long way since you used it.

UDM is just toy trash. It's for people who don't know what they're doing and need pretty shapes and colours to keep them interested.

PaulL

91 posts

Master Geek

#2785346 27-Sep-2021 22:03

Why have two internet connections?

In theory at least your use case is satisfied with a single internet connection, two VLANs and separate SSIDs, and some level of QoS that makes sure the guest/non-corporate network cannot saturate the internet connection. Presuming you have a reasonable fibre connection (1Gbps?) you could just set a rate limit on the guest wifi to 200Mbps or thereabouts, and firewall it so it has no access to things on the corporate VLAN, only access to the internet.

(No, I don't have a UDM, nor actually know how to configure it, so no doubt there are unifi fishhooks of some sort, but it should be mostly doable)

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2785375 28-Sep-2021 07:14

I'll ask the very same question as everybody else - why do you need two connections?

Mikrotik wireless is crap but in terms of routing capability a Mikrotik router is one of the most logical options to build a network to do what you need. Is there any reason why you wouldn't just add another network to the UniFi rather than having duplicate WiFi networks as well that will just be impacting performance?

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

cyril7

9058 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2785381 28-Sep-2021 07:31

My guess is the Mikrotik issues were user in-experience, leading to self inflicted issues, common problem when the operator is I'll equipped.

I too struggle to see why the two internet connections are required. The UniFi supports guest networks with per user throttling at the AP. The Mikrotik will support the firewalling and routing, job done on a single connection.

Failing that if you do want dual WANs ,one for each SSID the the Mikrotik supports vrf,s to help with seperate routes.

Cyril

Jiriteach

1119 posts

Uber Geek

ID Verified

Lifetime subscriber

#2785382 28-Sep-2021 07:35

Out of interest - I wanted to check if this was really possible with the UDM Pro. Happy to say that I have managed to dual WAN's to work in more than a failover. OOTB - failover works really well.
I use WAN1 with UFB and WAN2 with 4G.

If WAN1 drops then the UDM Pro auto-switches to WAN2 and everything works as expected.

WAN2 is always enabled but the UDM Pro does not support policy based routing but still possible with some ip rules and routes. Managed to setup a table with the relevant routes for certain IP's/subnets to route via my 4G connection. UDM Pro supports incoming rules via the UI so that works as well once outgoing routes are in place.

So - it does work but its messy and not ideal unless you know what you are doing.

-- opinions expressed by me are solely my own. ie - personal