Thursday, December 12, 2019

Ubiquiti and my configuration

So here at my new job I've been steam rolling the old network infrastructure. When I came here there was a Cisco 2602I wap, a GS series Netgear, and a Cisco SG200.  And with what I was told this place wanted to be able to do those two devices had to go.

So because I've always wanted to try them, and I think their UI is neat as hell (and the switching performance is a definite improvement over the existing) I went whole-hog into UBNT.

I have a US-8-60W, a pair of US-48's, an AC-LR, AC-Pro and 2 AC-Lites. Setting up the Unifi controller on a local virtual machine was a breeze, and adopting and configuring things was a snap.  Even migrating the controller from a Win10 guest to an Ubuntu server was overtly easy.
I NAT'd it's required ports to the outside and could access it from anywhere via the mobile app on the Cloud Access Portal.

Then I decided to take it one step further.. I need a USG for those oh so sweet ISP metrics and DPI.

So I ordered one. Now the idiot in me that does surface from time to time did not read the manual and did not checkout the help.ubnt.com articles.  I jumped right in and uplinked it to my network via it's LAN1 port.
*BIG MISTAKE*

So did I mention my idiot?  He's more of a part-time dumbass. I did not know that the USG would start plugging DHCP right out of the box and because I had snooping enabled in the controller I'm sure all sorts of backend havoc happened.

So after fighting with it myself for an hour I decided to give the Chat support a try.  Fix thing the guy asks for in a screenshot of my config under Networks. When he sees their all Corp LAN object he immediately tells me to delete them and create VLAN objects. I had a bad feeling about this but, at his behest I did it anyway.

Long story, Short I lost communication to all my servers and the controller. When I regained control I spent the next 4 hours getting my switches and APs to re-adopt and to get the wireless network to pass DHCP traffic.

In the end I had to delete the Wireless VLAN and create it as a Corp LAN object. Then.. and ONLY then did DHCP traffic begin flowing and my clients started pulling valid leases from my firewall.

So moral of the story is, not every environment will work with the best practices.

No comments:

Post a Comment