Some time ago I bought new network gear for my home from Ubiquiti. The Unifi range of hardware is very nice. It’s a bit pricy but you can do so much interesting stuff with it and the hardware is rock solid.
At home I have the following hardware running:
- Unifi Security Gateway (USG)
- Cloud Key
- The 8 ports PoE switch to power access points and some security cameras
- Unifi 802.11ac Dual-Radio PRO Access Point (UAP-AC-PRO)
- Unifi AC In-Wall Pro AP
- And later I need to add a 24 port switch
I am configuring my network to be able to use a VPN connection to The Netherlands depending on what wireless network or what physical network port the client is using. To be able to do that I first needed to add a network which operates on a different IP range. My network is by default configured to use the 192.168.1.0/24 range. But for this network I need to add a 192.168.2.0/24 range. The following steps is what I used to configure this.
Fortunately all steps can be done through the UI. I am running Unifi version 5.6.20 stable candidate when writing this. Depending on the version you are running the screens might look a bit different since they are adding more and more functionality every month.
First I created a new network with the following settings:
I tagged the network with VLAN value 100. This value we need in the next part of the setup. I also configured the DHCP server for the 192.168.2.0/24 range. When you fill in these numbers it will automatically calculate the subnet mask etc.
Once that is done I needed to configure the new wireless network. I called my network Hoekstraonline NL so it’s easy to identify. By itself this network would get the same IP addresses as my other wireless networks. But since I needed a seperate network which is also by default blocked through the firewall from my other networks, I tagged this network with the VLAN value 100 as well.
That was all. When I connect my devices to this wireless network they receive an IP address in the 192.168.2.x range. When I tag a network port on my switch with VLAN 100 the devices connected to that port will also get an IP address in that range.
Next step is configuring source address based policies.