Back to Help and Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Extending VF guest wifi using third-party (Ubiquity Unifi UAC-AP-LR) access points

mishad
2: Seeker
2: Seeker

‎22-04-2017 10:36 PM

We have VF Fibre 80/20, with a VF Connect VDSL/router/wifi all-in-one, currently set up to provide two SSIDs one for "normal" usage and a separate "guest" one (which gives internet access but doesn't provide access to the wired or wireless devices on the main wifi/LAN, and doesn't allow access to the VF Connect admin/status webui).

 

This basic setup appears to work fine as far as it goes -- guest wifi users connect on a different subnet (192.168.5.* for guest, 192.168.1.* for main network). However, the VF Connect wifi is nowhere near strong enough to reach the whole house and garden (its a 5 bed house, so quite big, but bigger issue is the 2 foot thick internal solid stone walls which effectively separate the house into 3 separate "zones" which its hard to get wifi signals to reach between).

 

To address this I've bought 3 Access Points (Unifi UAP-AC-LRs) -- these are ceiling mounted and PoE powered, which means I can get them where needed to provide wifi coverage. The UAP-AC-LRs support multiple SSIDs (up to 4 each) and 802.1q VLAN tagging. I've also got a VLAN-capable managed switch (an old Dell Powerconnect 2716).

 

What I want to know is how I can set up the Unifi APs so that they expose both the main and guest networks, while maintaining the separation between those networks that I have now.

 

So far the possible solutions I've come up with are:

 

 

1) Configure the VF Connect so that one of its LAN ports is associated with the 192.168.5.* VLAN, then set up the switch so that traffic from the APs on the guest SSID/VLAN is directed to that specific LAN port on the VF Connect. Does the VF Connect modem support linking the guest VLAN to a specific LAN port?

 

2) Put the VF Connect modem into PPPoE/bridge mode, then use another router as the gateway to the internet (either using the switch to separate the guest VLANs onto distinct physical cables into the gateway, or using 802.1q VLAN tagging on the gateway if it supports that). Does the VF Connect modem support PPPoE/bridge mode?

 

3) As for (2), but using a separate modem-only VDSL2 device, together with another router as the gateway. Does VF allow equipment other than their own to be used to access their network? Will they provide the necessary username/password for authentication? (I understand that if I had any issues with this configuration and needed VF/BT support I'd probably need to switch back to using the VF Connect modem to prove it was still an issue with VF's provided equipment too.)

 

4) Implement a "double NAT" solution, attaching all the "main" network devices (wired and wirelss) to a second router on a different subnet (e.g. 192.168.2.*), with NAT between that and the 192.168.1.* LAN network provided by the VF connect. This has the standard double-NAT disadvantages (e.g. peer-to-peer connections for gaming etc. are more likely to fail). It also allows the guest network users to attempt to access the VF Connect admin screens (though they would still have to guess the admin password).

 

5) Implement a more complex routing solution using a second router, configured to bridge (most of) the 192.168.1.* subnet provided by the VF Connect router to a 192.168.1.* on the "other side" of the second router. It feels like this might be possible -- it sounds similar to the way that a gateway router would need to be configured where an ISP provides a /29 or larger IP range (with the connection being via PPPoE/external xDSL modem) and the available public routable IP addresses are assigned to hosts within the local network. All internet traffic would go via both the second router and the VF Connect. Does anyone know whether such a configuration is possilbe?

 

In addition the the VF Connect and the 3 UAP-AC-LRs, I also have a couple of other VLAN-capable routers (an Archer C5 v1, and an Archer C50 v1, both of which I believe could be flashed to run OpenWRT/LEDE/similar). I may also have one or two old DD-WRT/OpenWRT-flashed 802.11g routers kicking about somewhere -- and tbh wouldn't mind buying an additional more powerful device if necessary (e.g. to provide sufficient CPU, memory and ethernet ports to run OpenWRT/Linux/pfSense with a more complex routing configuration).

 

Any help gratefully appreciated!

 

Misha

0 Thanks
1 REPLY 1

florca
4: Newbie

‎24-04-2017 02:54 PM

Hi - worth you reading a few of the other posts on this forum before getting your hopes up about the capabilities of the VF Connect Router!

Your Options 1, 2 & 3 are pretty much a non-starter unless you are very lucky in being able to extract the Logon credentials from the support team - the current stance seems to be that they will not release them under any circumstances, so removing the VF router from the setup to use other, more configurable kit as a replacement is out. Also no (visible) Bridge mode or ability to associate specific LAN ports with VLANs, at least on the current firmware.

Others have managed to get various Double NAT / Routed subnet solutions working so I think that's your best hope - while you're at it worth disabling UPnP, which seems to cause a world of pain for the device.

One possible glimmer of hope is that a new firmware is due soon, and another thread suggested that a Bridge Mode option may be on its way - so could be worth waiting a couple of weeks to see what joy or misery the next firmware update brings?

0 Thanks