Jump to content

Ubiquiti router acting as a switch, can I create Vlans on it?

Enspist

I am currently living at home as I start my first job and save up to get an apartment. Currently my family uses Verizon Fios as out ISP and use the provided diaper geanie router to provide internet access to the house. I would love to use ubiquiti stuff instead of that because I host my own home server and would like to set up Vlans and other stuff. the Fios router provides almost no customizablily in this regard. If I were to get a ubiquiti router now, in preperation for when I move out, could I set it to only act as a switch and then set up Vlans on it? I do not want to run it as a router behind my families router because I will run into double NAT issues with my server when services need to access the internet. If I set it to only act as a switch would I still be able to set up Vlans or is only a function of it being a router?

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Enspist said:

If I set it to only act as a switch would I still be able to set up Vlans or is only a function of it being a router?

I don't believe you can set up any Unifi gateway as just a switch.

I'm just conjecting, but you could get a layer 3 switch (as opposed to the simple layer 2 kind) that can do routing processing on board, but I don't know if you still need a router to manage the VLANs, etc.

Main System (Byarlant): Ryzen 7 5800X | Asus B550-Creator ProArt | EK 240mm Basic AIO | 16GB G.Skill DDR4 3200MT/s CAS-14 | XFX Speedster SWFT 210 RX 6600 | Samsung 990 PRO 2TB / Samsung 960 PRO 512GB / 4× Crucial MX500 2TB (RAID-0) | Corsair RM750X | a 10G NIC (pending) | Inateck USB 3.0 Card | Hyte Y60 Case | Dell U3415W Monitor | Keychron K4 Brown (white backlight)

 

Laptop (Narrative): Lenovo Flex 5 81X20005US | Ryzen 5 4500U | 16GB RAM (soldered) | Vega 6 Graphics | SKHynix P31 1TB NVMe SSD | Intel AX200 Wifi (all-around awesome machine)

 

Proxmox Server (Veda): Ryzen 7 3800XT | AsRock Rack X470D4U | Corsair H80i v2 | 64GB Micron DDR4 ECC 3200MT/s | 4× WD 10TB / 4× Seagate 14TB Exos / 8× WD 12TB (custom external SAS enclosure) / 2× Samsung PM963a 960GB SSD | Seasonic Prime Fanless 500W | Intel X550-T2 10G NIC | LSI 9300-8i HBA | Adaptec 82885T SAS Expander | Fractal Design Node 804 Case (side panels swapped to show off drives) | VMs: TrueNAS Scale; Ubuntu Server (PiHole/PiVPN/NGINX?); Windows 10 Pro; Ubuntu Server (Apache/MySQL)

 

Proxmox Server (La Vie en Rose)GMKtec Mini PC | Ryzen 7 5700U | 32GB RAM (SO-DIMM) | Vega 8 Graphics | Lexar 1TB 610 Pro SSD | Dual Realtek 8125 2.5G NICs | VMs: Ubuntu Server (PiHole)


Media Center/Video Capture (Jesta Cannon): Ryzen 5 1600X | ASRock B450M Pro4 R2.0 | Noctua NH-L12S | 16GB Crucial DDR4 3200MT/s CAS-22 | EVGA GTX750Ti SC | UMIS NVMe SSD 256GB / TEAMGROUP MS30 1TB | Corsair CX450M | Viewcast Osprey 260e Video Capture | Mellanox ConnectX-2 10G NIC | LG UH12NS30 BD-ROM | Silverstone Sugo SG-11 Case | Sony XR65A80K

 

Camera: Sony ɑ7II w/ Meike Grip | Sony SEL24240 | Samyang 35mm ƒ/2.8 | Sony SEL50F18F | Sony SEL2870 (kit lens) | PNY Elite Perfomance 512GB SDXC card

 

Network:

Spoiler
                           ┌─────────────── Office/Rack ─────────────────────────────────────────────────────────────────────┐
Google Fiber Webpass ────── UniFi Security Gateway ─── UniFi Switch 8-60W ─┬─ UniFi Flex XG ═╦═ Veda (Intel X550.1)
(500Mbps↑/500Mbps↓)                             UniFi CloudKey Gen2 (PoE) ─┴─ Veda (IPMI)    ╠═ Veda-NAS (Intel X550.2)
╔════════════════════════════════════════════════════════════════════════════════════════════╩═ Narrative (Asus USB 2½G NIC)
║ ┌── Closet ───┐    ┌─────────────── Bedroom ─────────────────────────────────────────────┐
╚═ UniFi Flex XG ═╦╤═ UniFi Flex XG ═╦═ Byarlant
   (PoE)          ║│                 ╠═ Narrative (Cable Matters 2½G NIC w/ USB-PD)
   Kitchen Jack ══╝│                 ╚═ Jesta Cannon*
   (Testing)       │        ┌──────── Media Center ────────────────────────────────────────┐
                   └──────── UniFi Switch 8 ─────────┬─ UniFi Access Point nanoHD (PoE)
Notes:                                               ├─ Sony Playstation 4 
─── is Gigabit / ═══ is Multi-Gigabit                ├─ Pioneer VSX-S520
* = cable passed to Bedroom from Media Center        ├─ Sony XR65A80K (Google TV)
** = cable passed from Media Center to Bedroom       └─ Work Laptop** (Startech USB-PD Dock)

 

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, AbydosOne said:

I don't believe you can set up any Unifi gateway as just a switch.

I think in the most recent ShortCircut Jake said the new cloud gateway could be used as a switch? unless I miss understood him. thats kinda what got me thinking about this. 

 

7 minutes ago, AbydosOne said:

I'm just conjecting, but you could get a layer 3 switch (as opposed to the simple layer 2 kind) that can do routing processing on board, but I don't know if you still need a router to manage the VLANs, etc.

layer 3 would be a managed switch right? 

Link to comment
Share on other sites

Link to post
Share on other sites

I'd argue double nat isn't that bad, you just have to do port forwarding twice. Yea its not optimal, but hosting anything on a residential connection isn't optimal.

 

What would these vlans do? Normally if you want vlans get a switch, not a router. I think vlans are a misused term at times as people often mean subnets, and vlans just make the wiring easier.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Electronics Wizardy said:

 

I'd argue double nat isn't that bad, you just have to do port forwarding twice. Yea its not optimal, but hosting anything on a residential connection isn't optima

 

Omfg I haven’t thought of that. I’m running an offense VM currently that I’m using as a firewall for my server stuff but trying to forward my Plex VM from behind the second firewall was being a pain. I didn’t think I would have to port forward twice…

 

 

as for what I’m trying to use Vlans for: 

 

I would want to set up some extra firewall rules from some of my VMs because they access the internet. I don’t want people hacking a VM and then messing with my stuff (it’s probably a slim chance of that happening but I’d rather be safe than sorry)

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Enspist said:

Omfg I haven’t thought of that. I’m running an offense VM currently that I’m using as a firewall for my server stuff but trying to forward my Plex VM from behind the second firewall was being a pain. I didn’t think I would have to port forward twice…

 

 

as for what I’m trying to use Vlans for: 

 

I would want to set up some extra firewall rules from some of my VMs because they access the internet. I don’t want people hacking a VM and then messing with my stuff (it’s probably a slim chance of that happening but I’d rather be safe than sorry)

You probably want multiple subnets. Then you can make multiple rules of how the subnets can talk to each other. 

 

IDK the hypervisor your using, but there are often filewall options in the hypervisor that could do this aswell.

Link to comment
Share on other sites

Link to post
Share on other sites

8 hours ago, Enspist said:

If I were to get a ubiquiti router now, in preperation for when I move out, could I set it to only act as a switch and then set up Vlans on it?

 

7 hours ago, AbydosOne said:

I don't believe you can set up any Unifi gateway as just a switch.

As an Ubiquiti Edgerouter-X owner, yes there are steps for configuring VLANs that may not require it to run as a router, though I havent used VLANs myself: https://help.ui.com/hc/en-us/sections/360008199833-EdgeRouter-Routing-Switching-Configuration

 

I don't have experience with Ubiquiti gateways to know what they can or can't do.

 

6 hours ago, Electronics Wizardy said:

I'd argue double nat isn't that bad, you just have to do port forwarding twice.

As someone with 5G home internet who perpetually lives with double (CG)NAT and has even lived for a while with a triple NAT (5G >ER-X>Mesh Wifi), I don't think I've experienced any issues, but I also don't host a server and I rarely play games online. I also rarely configure manual port forwarding.

Link to comment
Share on other sites

Link to post
Share on other sites

On 9/14/2024 at 12:27 AM, Enspist said:

I would want to set up some extra firewall rules from some of my VMs because they access the internet. I don’t want people hacking a VM and then messing with my stuff (it’s probably a slim chance of that happening but I’d rather be safe than sorry)

What kind of firewall rules? 

It's it for incoming or outgoing traffic? 

 

Anyway, if you want to do this then a simple switch won't really be enough. You need something with firewall capabilities (which some switches has but in very limited capacity). 

 

 

How do you plan on routing the various VLANs if someone told you "yes, you can use it as a switch"? Because I assume you would want to do some routing, not just have a little island that can't be contacted. 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×