Tag: Networking

Jun 03

Configure Windows Server 2019 for Ubiquiti UniFi RADIUS Authentication

This video covers the installation of the NPS, CA and Remote Access Server roles on a Microsoft Windows 2019 Server. We then configure those roles to support RADIUS authentication within Ubiquiti’s UniFi platform.

Check Out My Other Videos:
Networking Playlist – https://www.youtube.com/playlist?list=PL2lsgXYaK5wEn5zEGxOFHAcF1irL4UZYS

Windows Server Playlist – https://www.youtube.com/playlist?list=PL2lsgXYaK5wGbpyq25G9LIjjIH-rXwa5M

Check Out My Personal Blog Site:
https://achubbard.com

Video Equipment:
Logitech Brio – https://amzn.to/32JN0Dx
Lavalier Mic – https://amzn.to/31vPgOi
Video Capture Software – https://amzn.to/31yq0qQ

Permanent link to this article: https://achubbard.com/2020/06/03/configure-windows-server-2019-for-ubiquiti-unifi-radius-authentication/

Jun 03

How To Enable IP Routing On a Cisco Catalyst 2960s | SDM Template

Learn how to change the SDM Template to lanbase-routing and enable ip routing on a Cisco Catalyst 2960s switch.

Check Out My Other Videos:
Networking Playlist – https://www.youtube.com/playlist?list=PL2lsgXYaK5wEn5zEGxOFHAcF1irL4UZYS

Windows Server Playlist – https://www.youtube.com/playlist?list=PL2lsgXYaK5wGbpyq25G9LIjjIH-rXwa5M

Check Out My Personal Blog Site:
https://achubbard.com

Video Equipment:
Logitech Brio – https://amzn.to/32JN0Dx
Lavalier Mic – https://amzn.to/31vPgOi
Video Capture Software – https://amzn.to/31yq0qQ

Permanent link to this article: https://achubbard.com/2020/06/03/how-to-enable-ip-routing-on-a-cisco-catalyst-2960s-sdm-template/

Mar 06

Installing pfSense on VMware ESXi | Virtual Machine | Virtual Firewall

Learn how to install pfSense on a Virtual Machine in VMware ESXi.

Permanent link to this article: https://achubbard.com/2020/03/06/installing-pfsense-on-vmware-esxi-virtual-machine-virtual-firewall/

Nov 26

How to Add a VLAN Over a Ubiquti Nanostation M5 P2P Link

Learn how to add a VLAN to over a Ubiquti Nanostation M5 P2P Link for a security camera or other device. I am using 2 Ubiquiti Nanostation M5s in my setup to get a wireless link from one of the out buildings on my property. I have my security cameras on a segmented VLAN in order to keep them from talking to the web. I show you how to pass that second (or multiple) VLAN over the point to point (P2P) link created between the two Nanostations.

 

Ubiquiti Nanostation M5 – https://amzn.to/2Pvw9AS

Ubiquiti Switch US-8 Switch – https://amzn.to/2JtOyu4

Check Out My Other Videos:

Networking Playlist – https://www.youtube.com/playlist?list…

Windows Server Playlist – https://www.youtube.com/playlist?list…

Check Out My Personal Blog Site: https://achubbard.com

Video Equipment:

Logitech Brio – https://amzn.to/32JN0Dx

Lavalier Mic – https://amzn.to/31vPgOi

Video Capture Software – https://amzn.to/31yq0qQ

Permanent link to this article: https://achubbard.com/2019/11/26/1012/

Feb 24

Homelab Rebuild – Part 1 – Intro

Homelab Rebuild

For the last year and a half, I have been all about consolidating my gear. I got into this funk where I absolutely wanted nothing to do with enterprise equipment in my home. I wanted to go home and just be home. However, that attitude has sacrificed a lot of my personal learning and growth. I am a guy who LOVES to tinker. Doesn’t really matter what it is, I just love to tinker and I love gear.

After talking with some fellow IT guys during a meeting recently, I realized, I miss having the gear to work on at home. I missed having the resources to test something and not give a care if I break something.

I’ve also recently started this blog and am attempting to teach myself about WordPress, it’s plugins and WAFs (Web Application Firewalls). I felt re-invigorated to acquire some gear new gear. I am hoping this blog, and purchasing some new gear, will keep me interested in a hobby that has turned into a career for me.

 Hardware – Dell R510, R610

Hosts

I have acquired 2 Dell PowerEdge R610s to use in my rebuilt homelab. Both are outfitted with only 16GB of RAM. Ideally, I would love to increase this to 32-48gb of RAM per host. The price was right on the two machines the way they sit so I figured I would just outfit them as needed. As low power is a slight concern for me, I ordered a pair of Xeon L5630s for each machine.

Shared Storage

I would love to have a true Dell SAN to go with the rest of my Dell stack, however, they are subtly out of my price range at the moment. Can you tell? I am a rather big Dell guy when it comes to servers. I picked up an 8 bay Dell R510, was hoping for a 12 bay, but this will give me a start. Honestly, with the size of drives these days, 8 bays should be sufficient for what I am using it for. This will allow me to install my collection of hard drives and pass them through to FreeNAS. I have also picked up a set of 10gb Mellanox cards and cables.

Mellanox Network Cards - 10GB

Dell R510 FreeNAS SAN, Dell R610 Hosts

Network

I picked up a pair of Dell PowerConnect 5524Ps. Initially, I planned on using these as my VM switches and picking up a 48 port Cisco of some variation for my core switch. However, I’ve decided I would use both of these for the time being and forgo the Cisco idea. The 5500 series Dell switches support stacking via HDMI cable, not something I have ever tried, but I scored both switches for a song and this is homelab right?

Dell Switches Homelab Rebuild Network

I did however, purchase a Cisco WS-C2960G-8TC-L switch to hand off my modem to my firewalls. This will give me some redundancy…err at least to my firewalls. Maybe someday I will get a secondary WAN connection and setup some type of failover.

Homelab Rebuild Cisco Network Switch 2960G

VLANs, what good is a homelab without VLANs?

WAN – VLAN5

I will provision 3 ports on the Cisco C2960G on what I call VLAN5. Taking the link from my cable modem, I will feed the WAN into 1 port, and send it out the other 2 additional ports to my redundant firewalls. VLAN5 will only exist on the Cisco switch. By setting up the environment this way, it gives me a little bit of redundancy, at least, in my mind. Obviously my two single points of failure are my cable modem and the Cisco switch.

iSCSI Network – VLAN10

As the hosts will have no local storage, we will need to create this VLAN to handle all of the iSCSI/Storage traffic for both. This VLAN will only be present on the Dell stack.

vMotion Network – VLAN15

This VLAN will allow the movement of virtual machines back and forth between my two hosts.

Production/Home Network – VLAN25

VLAN25 is where most of the err….action…happens. This is where my end devices sit. I don’t typically try to break that stuff up in my home environment. This VLAN will be on both the Dell stack and Cisco switch. It will only be present on the Cisco switch so that I can manage the switch from my workstation.

Security Cam Network – VLAN35

My security cameras were once on VLAN25….with everything else… my network was in essence…flat. I currently have 9 cameras with the plan to add a few more (small farm, we have animals etc so we like to keep an eye on things) – I decided it was time to break them out into their own VLAN. Enter stage left, VLAN35. Some of you reading this may be asking, how does this guy pick his VLAN numbers?? Honestly, the number is in direct correlation to the 3rd octet of the VLAN. So, an example might be, 10.10.35.0/24 – the x.x.35.x is where the number comes from. Just something I came up with and ran with.

Guest Network – VLAN45

I do not typically have a lot of guests at my house, we’re out in the woods and people don’t like to visit. I’m ok with that. However, when we do have the occasional guest, I would rather they be on their own VLAN and have no access to anything other than the internet.

Area 51 – VLAN51

This is a new one for me. VLAN51 will become my secure VLAN. It will have no access to the internet. No access to the rest of the network. Any VMs that are apart of VLAN51 will be shut down when not in use. VLAN51 will be used to network my penetration testing VMs.

Network Layout

Homelab Rebuild Network Design

Power

Since I am moving my office to my basement, I will be working on installing two dedicated circuits for my new lab. My electrical panel is right there and access is fairly easy. Most likely these will be 2 – 20 amp circuits. I am not an electrician, I just play one on the internet. Just kidding, please if you are going to run your own circuits, be aware of the risks involved. I am fairly comfortable working with electricity.

One thing I regret selling is my UPS. That is a pricey component that I will need to re-acquire at some point. I have a couple of smaller ones, and frankly, it’s my homelab, if it goes offline, eh not the end of the world.

Rack

One item that I had a hard time selling when I was consolidating my lab, is my 25u StarTech Open Frame rack. I had advertised it locally numerous times and never had anyone actually come and buy it. So I kept it and I am glad I did. It’s one less thing I need to purchase for the this adventure. I am planning on either enclosing it or putting it in a small server closet in my shop/office. This will hopefully help keep the noise down.

Software – FreeNAS, VMWare, pfSense

Hypervisor

Something I never needed before was a VMUG subscription. I always had access to VMWare products through work. This time around I will be purchasing the $200 subscription so that I can utilize all of the products that come with it. Both of my hosts will be running ESXi. I will also be using the vCenter appliance instead of the Windows based vCenter install since that is the way things are headed anyways.

Shared Storage

Several years ago I utilized FreeNAS as my SAN for a POC (Proof of Concept) for a previous employer. This worked out very well. FreeNAS will be once again utilized for this en-devour. It will be installed on an R510 as stated above. Then I will create an iSCSI target and present that to VMWare as a LUN. Once the LUN has been presented to VMWare, we can go to town building out the Virtual Machines. Fairly straight forward here.

Virtual Machines

As of the moment my virtual machines are…..lacking. I went from having numerous VMs to accomplish one or two tasks down to one physical host and only a couple VMs to do a lot of tasks. Some things on my list to virtualize:

Firewall – pfSense and CARP – this is something I have never tried. Never really had a reason to. I feel like in the spirit of homelab, I should attempt this. Currently I am running a single Untangle firewall on Hyper-V. I love Untangle (so far) but I do not believe there is a way to create a failover cluster. None the less, this could change at any time. I jump from UTM to UTM or Firewall to Firewall. Keeps things exciting you know?

Monitoring – Nagios, Observium (perhaps Grafana will make a debut at some point too)

Domain Controllers – Currently I am working on my Master’s in IT, so I have access to the Microsoft Imagine program, so I will more then likely be spinning up a couple DCs to work with.

File Server (either nextcloud or something)

Security related – AlienVault, Nessus, and a dedicated KALI VM. Perhaps even a couple other pentest VMs on a secure VLAN.

Patch Management – ManageEngine

Web Server – Centos 7/WordPress/MySQL

Home Automation and Security – HomeSeer

Media – Plex (and maybe iHome Media Server too)

Physical Machines

Additionally, aside from my 2 hosts and the R510 SAN, I do have several physical machines present in the lab. One of the biggest tasks will be to remove all of my VMs off my Hyper-V box and turn my Hyper-V box into a BlueIris/Nakivo backup box. I switched to BlueIris from Ubiquiti’s NVR recently, and although I am loving Blue Iris, I find it resource intensive. So I will be leaving it as a physical box. The way I figure it, I can remove all the other tasks off my SuperMicro Mini and then have room for Nakivo along side Blue Iris. That machine has plenty of oomph for those two tasks.

I have a custom built workstation that I can never figure out what to do with, so I ordered up a 2u case and will be racking that as well. This will server as my media ingest machine. By that I mean, when I buy my next lot of DVDs and Bluerays or borrow them, I will use this machine to ingest the media and flip it to my Plex server.

A secure homelab or network environment should have a jump box or jump point. For me, my Intel Skull Canyon NUC will become this. Just a versatile box that is always on. Something I can hit from the field. My NUC will also be tied to a TV or screen in my office so that I can monitor the systems in real time.

*Update*

Check out my latest Home Lab rebuild posts

Dell R610 Intel Xeon CPU Upgrades – to see my progress on the two new hosts!

Add VLANs and Assign Ports on Cisco 2960G Switch – to see some configurations on my WAN switch

Permanent link to this article: https://achubbard.com/2018/02/24/homelab-rebuild-network-hosts-freenas-dell-r510/

Feb 08

Create Service Groups in Nagios

Create Service Groups in Nagios

Creating service groups in Nagios Core is a pretty easy task. Service Groups allows you to see the status of like services for multiple hosts. If you have numerous hosts or network devices reporting in to Nagios, this is a fantastic feature.

There are a couple of ways to create Service Groups. I find the easiest way is to use WinSCP and Notepad++

The WinSCP and Notepad++ Method

Launch WinSCP and connect to your Nagios machine.

WinSCP will present to you two sides. The Nagios side on the right, and your Windows side on the left. On the left hand side, create a folder called “Nagios_Backup” – You can call this folder whatever you wish. It is purely copying files from Nagios and editing them with Notepad++

Copy the “servicegroup.cfg” from the right hand Nagios folder, to the left hand Windows folder you just created.

On your Windows computer, open up file explorer and navigate to the folder you copied “servicegroup.cfg” to and right click it. Select “Open with Notepad++”

In here you can define your Service Groups. This is a sample config I threw together. You can see any service that you have in Nagios. For me, General_Ping is for miscellaneous devices that I want to see the status of the ping request in Nagios. Network_Ping is where I group all my network devices. CPU_Load shows the CPU Load of various hosts and workstations.

Upon completing your servicegroup.cfg file, you can copy it back to your Nagios server with WinSCP. You will be copying from the left hand side to the right hand side.

Launch Putty and connect to your Nagios server. Issue the command “systemctl restart nagios” and hit enter.

Login to your Nagios web GUI. On the left hand side you will see a list of links. Find the link that says “Service Groups” and click on it.

The link will take you to the Service Groups page within Nagios. You can now see all of your hosts grouped together by service. The screenshot below is of a running Nagios box I have in service.

Permanent link to this article: https://achubbard.com/2018/02/08/create-service-groups-nagios/

Feb 08

Add MIB Files to Ubuntu

Adding MIB files to Ubuntu Manually

This tutorial will cover manually adding MIB, Management Information Base, files to Ubuntu. Specifically, Dell and Ubiquiti MIBs.

You can acquire the Ubiquiti MIBs here:
Ubiquiti MIBs
Ubiquiti UniFi MIBs

Dell Switch MIBs are included within the firmware when you download it from Dell. This process should work for adding just about any MIB to Ubuntu. You can see my post titled “Dell PowerConnect 5524P Firmware Upgrade” to learn how to obtain the Dell firmware.

You will need WinSCP and Putty fohttps://achubbard.com/2018/01/29/dell-powerconnect-5524p-firmware-upgrade/r this tutorial.

Launch WinSCP and navigate to the home directory for the user you logged in as. Within the home directory, right click and create a new folder. I called mine “mibs” to keep things simple. Copy all of your mib files from your computer to this location.

 

Now that the mibs files are located on your Ubuntu server, we need to get them into the correct directory. For this we will use Putty. Open up Putty and connect to your Ubuntu server.

Type the command “sudo cp /home/username/mibs/*.mibs /usr/share/snmp/mibs/”

Where username is, put your account username. So in my case, my command would look like this: sudo cp /home/altach/mibs/*.mibs /usr/share/snmp/mibs/

This will copy all of the files with the .mib file extension to the /usr/share/snmp/mibs/ folder.

 

WGET to manually add MIB files to Ubuntu

Another way to get MIB files on your Ubuntu server is to use the wget command. We will use the Ubiquiti MIBs for this example.

Open Putty and connect to your Ubuntu server. Create and/or navigate to the “tmp” folder. Navigate to it by issuing the command “cd /tmp”

This is where you can now download your Ubiquiti MIB files to.

Type: “sudo wget http://dl.ubnt-ut.com/snmp/UBNT-MIB” and the Ubiquiti MIB file will then be downloaded to your /tmp folder. You can use any folder you wish, I just happend to use a /tmp folder. Issue the command again using the path for the UniFi MIBs if needed.

When the MIBs have been downloaded, you can now copy them to the /usr/share/snmp/mibs/ folder by issuing the command “sudo cp UBNT-* /usr/share/snmp/mibs/

Permanent link to this article: https://achubbard.com/2018/02/08/add-mib-files-ubuntu/

Feb 01

Installing Untangle on Hyper-V

Background

Over the years I have had numerous different types of firewalls and UTMs in my home lab. For a while, I ran an ASA, then migrated to pfSense and soon after that I went over the a Ubiquiti USG-Pro. Looking for my next challenge, I stumbled across Untangle. Although I had heard of Untangle before I had never used it. I figured I would give it a try. Untangle has a home use version available for $50 per year. I purchased a subscription. So far, it has been a fairly decent application. I have been extremely happy with it. For $50 you get Untangle and most of their premium plugins. I thought it was a great deal.

To download and/or purchase Untangle at Home Please click the link below

Untangle at Home

The consumer can download Untangle in a couple of difference forms. ISO 32/64bit, Firmware or as a Virtual Appliance. I thought, great, I can download Untangle, spin up a VM and be on my way. As it turns out, Untangle only provides their appliance as an OVA. This is only supported by VMWare. Here in lies my issue, I am running Hyper-V. I was determined to get it this working either way. Untangle will install on Hyper-V, they just do not provide the virtual appliance.

Determination

Getting Untangle to work on Hyper-V took me some time. I ran into numerous configuration issues along the way. Almost to the point where I gave up on the whole project. However, I was fairly determined to make it work. My background is in ESXi and not Hyper-V so that was where most of my learning curve came from. For me, the biggest hangup was configuring the virtual switch for the WAN. Whatever my issue was, I could not get it to function. Hopefully my blog/tutorial post will help someone get their Untangle instance setup on Hyper-V

Virtual Switch Configuration

Prior to creating a new virtual machine for your Untangle install, open up the Hyper-V Management Console and create 2 virtual switches. The Virtual Switch Manager will help you do this. One will be for the LAN connection, the other will be for the WAN connection. 

WAN Configuration

We will start with the “External” or the WAN switch first. On your physical host, this is where you will plug your ISP’s modem into.

Create your virtual switch. Give it a name that indicates it’s use, so in this case, mine is simply, “WAN”. From the drop down menu under the “External Network” radio button, select the physical adapter that you will use. Be sure to un-check “Allow management operating system to share this network adapter” – this will prevent your host from trying to use it.

 

LAN Configuration

Repeat the virtual switch creation process again, only this time, select the physical network adapter on your host that you will be connecting to your LAN. Select “External” for this switch too. Be sure to check off “Allow management operating system to share this adapter” – this will allow your host to share LAN access with this VM.

Virtual Machine Creation and Specs

Create a new virtual machine. If you need help creating a virtual machine, please see my post titled “CentOS 7 Minimal Installation on Hyper-V”or click on the link to take you there. The only difference with this virtual machine will be the specs. Here is what I have chosen for my install:

Memory: 6gb

Processor: 2 Virtual Processors

Hard Drive: 40gb

Network Adapters: 2 – 1 for LAN, 1 for WAN

Untangle Installation

Once your VM has booted, you will see the “Untangle Installer Boot Menu” – I used the graphical install option

Select your language

Pick your location

Choose your keyboard type

Untangle will show you a system summary before beginning it’s installation process

To continue with the installation, select “yes” to format your VHD.

Write the changes to disk

Untangle will continue it’s base install. This process takes a little while, you may want to go make yourself a coffee and come back.

Untangle has now completed it’s long installation, click on continue and the VM will reboot.

Finalization

With Untangle on Hyper-V I have found that it sometimes has the tendency to appear to be hung up on this spot. Don’t worry though, let it sit and it will come right up. It is not stuck.

When the VM boots up and launches the OS, you will be prompted to go through the initial setup phase. This is fairly straight forward. At this point, you have now installed Untangle on Hyper-V.

I hope this tutorial helps you understand how to get Untangle installed on Hyper-V. It is a fairly straight forward process. Although I ran into some issues initially because I had never done it before.

Permanent link to this article: https://achubbard.com/2018/02/01/installing-untangle-hyper-v/

Jan 31

CentOS 7 Minimal Installation on Hyper-V

CentOS Minimal Installation Tutorial

This tutorial will show you how to install CentOS minimal on a Hyper-V virtual machine. We will also focus on getting network connectivity.

Before we begin this tutorial, please head over to centos.org and grab a copy of the latest ISO of CentOS Minimal, link below.

Download Centos

Creating the virtual machine:

CentOS Download

Once you’ve downloaded your ISO, on your server or workstation running Hyper-V, launch the Hyper-V management console.

Hyper-V Management

Within the management console, right click on your server, and select “New” and then “Virtual Machine”

New VM - Hyper-V

Give your new VM a name and instruct Hyper-V on where to store the config files.

Hyper-V Name and Location VM

Select the amount of memory you want your virtual machine to have. In my case, I have chosen to give mine 1024mb or 1gig.

Hyper-V Memory

Pick your network connection (this is your virtual switch) and click “next”

VM Lan

Once you’ve assigned your new VM a network connection, you need to create a virtual hard disk for it. Select “Create Virtual Hard Disk” from the menu, give it a name, select the location you wish to save it in and the size.

Create VHD Hyper-V

Now we must tell Hyper-V where to find the CentOS ISO that we downloaded. Select “Install an operating system from a boot CD/DVD-ROM” pick the “Image File (.iso)” option. Click on “Browse” and locate the ISO. Then click “Next”

Select ISO File

Finally a summary page will be displayed. This will tell you all of the options that you selected for your virtual machine. At this step, please click on “Finish.” Clicking “Finish” will bring you back to the Hyper-V management console.

Hyper-V Summary

In the Hyper-V management console, find your newly created virtual machine, select it and right click. Click on the “Connect” option that appears.

Hyper-V Connect

Go ahead and click on the green power button to fire up your VM.

Hyper-V Connect

Installing CentOS on your Virtual Machine

Your virtual machine will now begin to read the ISO inserted into it’s virtual optical drive. Using the arrows on your keyboard, highlight the “Install CentOS 7” and hit the enter key.

CentOS ISO - Install

Select your language. In my case, I left it as the default of English. Then click continue.

CentOS Pick Language

Select the disk on which you wish to install CentOS. I typically allow CentOS to use the automatic partitioning feature. Then click “Done”

CentOS Disk Install

During the installation, you are asked to set a root password and/or create a user. I have chosen to do both. You may click each icon and assign a password and create a user. CentOS will then set these during it’s installation.

Create User Root Pass

User Pass Created

Allow CentOS to complete it’s installation process. Once this step is complete, the virtual machine will reboot. Once it has rebooted, you will see the following prompt. Here you can login with either your root user or the user you had CentOS create during installation. CentOS is now installed.

CentOSInstalled

 

Gaining Network Access

 

 

CentOS minimal out of the box on Hyper-V will not get an IP Address. You can verify this by logging in and issuing the command “ip addr”

CheckIP

If you get an IP address, you should see it listed under “eth0” – in this case we do not see an IP address. This is because CentOS does not go out and try to grab an IP on boot. In order to change this, you must issue the command, “vi /etc/sysconfig/network-scripts/ifcfg-eth0”CentOS Eth0 Conf

To change this config, hit the “i” key to switch vi into insert mode. Arrow down until you get to the last entry, “ONBOOT”, you must change this from “no” to “yes” – when you’ve changed this, hit the : key and type wq to write the changes and quit vi.

Change_OnBootYes

Restart your network interface by issuing the command “systemctl restart network” – CentOS will hang for a moment and then restart the network adapter.

CentOS Restart Network

Now you can issue the command “ip addr” again and you should see an IP address listed for interface eth0.

CheckIPAgain

You now have a base CentOS Minimal install with network connectivity. This will give you a great base to install Nagios. I will be writing a tutorial shortly on the installation and configuration of Nagios Core on CentOS.

 

Check out some of my other blogs on Hyper-V!

Permanent link to this article: https://achubbard.com/2018/01/31/centos-7-minimal-installation-hyper-v/

Jan 30

Unifi and NanoStation VLAN Configuration

Unifi and NanoStation VLAN Configuration

Background

This is a tutorial on how to configure a VLAN on a Ubiquiti Unifi Controller and switch. We will also go over how to use the second ethernet port on a Ubiquti NanoStation on a different VLAN for use with a Ubiquiti Security Camera.

I have a rather long driveway, our upper half of the driveway is where my office and house are located. The lower half houses an area for our growing animal population and parking. I have multiple VLANs, 1 of which is for my security cameras. I wanted the 2nd port on the Ubiquiti NanoStation placed on the lower portion of the driveway to be able to utilize my camera VLAN.

This tutorial will assume that all of the hardware is in place and you are ready to make the secondary ethernet port on the NanoStation work on another VLAN.

In my case, I have a Unifi Controller that will need to be configured with my security VLAN, VLAN35, prior to configuring my NanoStations.

Unfi Configuration

Enter the Unifi controller and navigate to Settings >Networks. 

Click on the “Create New Network” button. Select “VLAN Only” from the “Purpose” section. Give your VLAN a name and a number. I chose 35.

You can then configure any other settings for your new VLAN that you may need. In my case, I only needed the basics. No DHCP on my security VLAN. You can then click on the “Save” button.

Once saved, in the Unifi controller, navigate to “Devices”

Select your switch and it will open the device’s configurations on the right hand side of the page. Select your port from the list and click “Edit”

On my “Core” (I use quotations because it is not really a core switch, but it is my main switch) I picked port 2 to use for my NanoStation uplink.

You want to make sure the “Switch Port Profile” is set to “All” – The reason is that this port is going to act as a trunk port and provide all of the VLANs to your first NanoStation. You want this if you wish to pass all of your VLANs over the bridge. Click “Apply”

NanoStation Station 1 Configuration

Next, login to the web interface of your NanoStation that will be acting as the “Station” – Navigate to the “Wireless” tab. Here you want to configure your wireless bridge settings (IE: your SSID, WPA2 Key, Channel Width etc) – I will leave that up to you to determine what works for your application. Since this NanoStation is acting as the “Station” you want to make sure the “Wireless Mode” is set to “Station”

Below is what I chose for my settings:

Once the wireless portion of your first station is configured, go to the “Network” tab. Here you can configure your station with a static IP etc. For the purposes of this tutorial, we will assume you have already given your station a static IP address, gateway, mask, DNS and so forth. You will want to make sure that the “Network Mode” is set to “Bridge” and that the “Configuration Mode” is set to “Simple”

NanoStation Station 2 Configuration

After completing the setup of your first NanoStation, login to the web interface of the second NanoStation. First go to the “Wireless” tab on your second NanoStation. This time you will want “Wireless Mode” to be set as “Access Point” – You will then match the rest of the settings to the settings you configured on the “Wireless” tab on your first NanoStation.

Once you have selected your settings, navigate to the “Network” tab on your second NanoStation. This is where things get to be a little be more complex. Since the wireless bridge itself is passing all of the VLANs across it, we need to tell the NanoStation what VLAN to use for the 2nd onboard ethernet port. This is the port we will be daisy chaining our camera off of.

VLAN and Bridge Configuration

On station number 2, your “Network Mode” will also be set to “Bridge”, you will have the option to set a static IP, mask, gateway and so forth. The real difference here is that the “Configuration Mode” MUST be set to “Advanced” this will open up a slew of different options for you.

When “Advanced” is selected, you will now see a bunch of options at the bottom of the page. For this example, the LAN0 port is feeding a switch, the LAN1 port is what the camera will be daisy chained off of and WLAN0 is the wireless bridge between the two NanoStations.

Under the VLAN Network section, we first must add VLAN35 to each interface. This will allow the NanoStation to pass VLAN 35 over the wireless bridge and the 2 ethernet ports.

After adding the VLAN to the interfaces, come on down to the “Bridge Network” section. If memory serves me correctly, you must break the existing bridge to configure a new bridge.

BRIDGE0 is allowing LAN0 and WLAN0 to communicate thus passing management traffic to the switch connected to that ethernet port.

BRIDGE1 is allowing LAN1 and WLAN0.35 to communicate thus allowing camera traffic to pass from LAN1 to the wireless bridge, and back to the NVR.

After configuring the bridges, you must go up to the “Management Network Settings” section. Select “Management Interface”, in my case, it is “BRIDGE0” or my “management” VLAN.

The final step before you can plug the camera in, is to enable POE Passthrough. This allows the NanoStation to power the camera via POE on the secondary LAN port. On your second NanoStation, navigate to the “Advanced” tab. Scroll down until you find “Advanced Ethernet Settings”. Check the checkbox labeled “POE Passthrough enabled”. Click the change button and you should now be able to power up your camera on a separate VLAN.

 

Hope this helps someone, I spent a lot of time trying to get this to work on my property.

Permanent link to this article: https://achubbard.com/2018/01/30/ubiquiti-unifi-vlan-configuration-and-nanostation-ethernet-port-vlan-configuration/