3

I need help with deciding the correct network architecture for a guest WLAN deployment. We have 3 buildings, and each of them has its own LTE router (Mikrotik RB411U) connected to an Ubiquiti EdgeRouter PoE (to eth0). The buildings are connected with Ubiquiti NanoStation M5 bridges with a PtMP setup so that Building 1 NanoStation is the AP and Building 2 and 3 NanoSations are clients. NanoStations are connected to each EdgeRouter PoE to their eth1. Ports eth 2-4 have Ubiquiti Unifi access points connected to them.

What I want to accomplish:

  • Same SSID in all buildings
  • Wireless clients can roam between buildings
  • By default traffic goes out from the nearest LTE router (i.e. avoid using wireless bridges)
  • If any LTE link goes down, traffic is automatically routed to the LTE router in next building via a wireless bridge
  • All wireless clients are guests, so their traffic should go directly to internet. They don't have to see each others, but if they do, it's ok.

Unifi access points are currently managed by Unifi controller running in Amazon EC2 which works fine.

This is what I tried:

  • All LTE modems and EdgeRouters in 10.0.0.0/24 network
  • Masquerading to internet done in LTE routers
  • All three EdgeRouters have switch0 (eth2-4) in 10.0.2.0/23 network, switch0 IP 10.0.2.1 for all of them
  • All three EdgeRouters have DHCP server in them giving non-overlapping IPs: 10.0.2.100-10.0.2.199, 10.0.3.1-10.0.3.99, 10.0.3.100-10.0.3.199, default gateway to wireless clients 10.0.2.1.
  • 10.0.2.1 default gateway was used so that a DHCP lease given by any DHCP server would be valid in all buildings

What didn't work:

  • I didn't know how to setup backup routes. All examples are based on scenarios where WANs are connected directly to EdgeRouter's eth0 and eth1. My backup route is connected to a different EdgeRouter via a wireless bridge.
  • Even though using the same default gateway in all EdgeRouters felt like a good idea at first (gw would be 10.0.2.1 no matter to which EdgeRouter the wireless client is connected to), ARP addresses weren't the same. Roaming started to work only when wireless client's ARP cache was refreshed.

What I have considered but need your help with:

  • OSPF to manage routes and handle redundancy? Both Mikrotik and EdgeRouters support OSPF.
  • Policy based routing?
  • All buildings in different VLANs with different DHCP servers
  • I tried EdgeRouter's failover load balancing, but that worked only in single building scenario when I had two ISPs connected to a single EdgeRouter.
  • One or multiple DHCP server? Where should it be?
  • I have a fourth EdgeRouter PoE that can be used if needed.

Basically I'm open to any network architecture suggestion. I'm building this from scratch using these components: 3 LTE routers, 4 EdgeRouter PoE, 4 NanoStation M5, lots of Unifi APs. I don't have to worry about any old network setups, so anything you suggest could be implemented.

Logical picture of environment in question

Jason Aller
  • 2,360
AnttiP
  • 31

0 Answers0