From part 1, here are the criteria I’m working towards for the new setup.
Run UniFi Controller on a Raspberry Pi 4- Run pfSense or Sophos directly on the Dell PC rather than on a VM
- By pass the HomeHub3000 completely and run fiber directly into the Cisco switch
I didn’t talk about this in part 1, but I’m now strongly considering just using the HH3000 in conjunction with the Cisco and Unifi. At the very least it would be a good step in the right direction. If I can’t do what I want with vlans with the HH3000, I’ll revisit the above. The main drawback I think will be that I won’t be able to make use of any other sub-nets, but I’m not using them anyway so I’m not losing anything. For now, I think I’m going to try to get a very basic setup going and expand from there.
So to start, I need to reconfigure the Cisco. I assumed the default-gateway was previously set to point to my pfSense box (192.168.1.1) and that I’d need to point it at the HH30000 (192.168.2.1), which is done with this command:
>enable
#configure terminal
(config)#ip default-gateway 192.168.2.1For some reason, it was already set to the HH3000 though, and I’m not sure why or how it’s currently working. You can see the current default gateway with this command:
#show ip routeSo my default gateway is already configured, but my IP address (192..168.1.2) is on a different sub-net mask than the HH3000 network (192.168.1.255), so I should change it to be on the correct network. Note, this will (probably?) kill my terminal session and I might need to go to switch networks on my PC to continue configuring the switch:
>enable
#configure terminal
(config)#interface vlan 50
(config-if)#ip address 192.168.2.2 255.255.255.0
(config-if)#exitI can see what my current ip address is by running the following:
#show ip configurationThis shows me that my new IP is set up on vlan 50, but my old system was set up on vlan 100, so I didn’t actually overwrite anything. Since the default gateway is already configured where I want it… I think I can try to have the new configuration setup parallel to the existing.
So the next step would be to assign vlan 50 to a port and physically connect it to the HH3000.
(config)#interface GigabitEthernet 0/13
(config-if)# switchport mode access
(config-if)# switchport access vlan 50Now I should be able to plug the HH3000 into port 13, connect my laptop to it’s WiFi, and SSH back into the switch with the new IP address.
That worked! Almost like I know what I’m doing (I don’t, but I feel like I’m understanding it more and more). Next step, I’m going to assign another port to vlan 50 and plug my laptop into it. I want to see if it gets an IP address from the HH3000.
And it did that too! Ok, so now for the tricky part. I want to switch over my UniFi WAP to be on vlan 50, so that it’s using the HH3000 as a router instead of pfSense. For it to work, it also needs the UniFi Controller which I currently have running on a Pi from last time. So I think if I make two more ports on vlan 50 and plug in the Pi and the WAP, it should just work? Probably not, I think I’ll need to at least change some settings in the controller, but we’ll see.
So I’ve made ports 21 and 22 connected to vlan 50, once I swap the devices over, I should be able to find the IP address of the Pi and log into the controller: <IP address>:8443/manage/
I started with the controller, because it isn’t need for the WAP as long as the WAP isn’t rebooted. So I swapped it into port 22 and it got an IP address, but I couldn’t load the interface via the web app, likely because it didn’t really know it’s IP address changed, so I rebooted it.
That didn’t fix it, or at least it didn’t help immediately. Turns out the web UI is an https address, so it wasn’t finding it until I explicitly told it https://<ip address>:8443/manage. So I have no idea if the reboot was required.
I set up a new network (left the existing one alone in case I have to go back, hope this doesn’t cause problems) and now I’m ready to swap the WAP over to port 21.
After a few minutes the WAP connected to the new network and all of my devices were assigned new IPs in the new sub-net. So now I just need to do a bit of management on the IP addresses so that certain ones are fixed in a range I want, but that seems to have worked. I also need to move ports 1 – 12 over to vlan 50, but that’s pretty easy.
As a quick test, I plugged my laptop into a port on vlan 100 and ran a speed test and then plugged it into a port on vlan 50 and ran it again. Apparently my pfSense box isn’t configured well, as it topped out at 100Mbps whereas vlan 50 connected directly to the HH3000 topped out at 1.1Gbps. Hopefully this fixes some of the issues we’ve been having with WiFi.
This was fairly successful, but we can’t forget to save or the next time the switch powers off we’ll lose everything:
#copy running-config startup-configWe can verify the save worked:
#show startup-configIt should spit out a tone of information about each port as well as the default gateway, hostname, and vlan ip addresses that we set up here.
That’s it for now!