ubiquity

VLAN for Guests with Ubiquity: Unifi USG, USW8-150, AC-Pro, AC-LR and other stuff

This posts is merely an overview of what I did to get my WLAN guests, who access the Internet through the hotspot feature of the USG and the Unifi controller,through a VLAN so that they are not part of my own private network. (security)

This handout only applies when you own some gear of Ubiquity. (I have also other hardware, here you might have to make some configuration as well, my situation is explained.

What hardware is in the network
USG Router – US 8-150W switch – AC-Pro, 2 x AC-Lite AccessPoint (Unifi stuff)
1x TP-Link TLSG108E (Smart Switch)
2x Dump switch 5 port Netgear (not important in this story)
1x TP-Link TLSG2216 (Smart Switch)

1st Create a guest network with VLAN100. Do this only if you have the USG. If you do not have an USG this does not apply cause the network part in the controller is for use with the Unifi USG router.

If you use “Guest” it is already isolated from your corporate LAN.
Modify other settings like DHCP in this menu. This I do not explain.

Now make sure your SSID for your guests can be on a VLAN

This is the most important part.

Notice: I have an US-8-150W. When creating a VLAN Guest network in the profiles part of the controller the ports will be configured automatically. As long as you have all profiles accepted on the ports, the VLAN will directly work if your AccessPoint is directly connected to the Unifi Switch.

In my situation I have 2 AccessPoints behind a smart switch and 1 AccessPoint connected to a dumb switch what is connected to the US-8-150W (all devices eventually come to the US-8-150W as the uplink is the USG Router).

A simple test towards the AP connected to the dumpswitch is showing that the VLAN is working

To have the VLAN100 working towards the other APs you need to tag the ports in other smart swiches. In my situation 2 different TP-Link devices

Tips for the TP-Link: TLSG108E: enable 802.1Q (no need to set the 802.1Q PVID setting)

In my example you see that port 1 and port 6 are tagged with VLAN 100. Port 1 is the uplink port towards the other switch (the unifi switch) and port 6 is the port towards the AccessPoint

Apply and save the configuration and your guests can access the guest portal over VLAN

the TP-Link SG2216 is a business smart switch so the screens are a little different

Here you see the VLAN section of the SG2216 where I tagged port 16 (uplink port towards the Unifi Switch) and port 10 connected to the AccessPoint. Now this AccessPoint is also serving VLAN towards my Guests.

Maybe you wonder what will happen to your normal LAN clients when you enable or tag ports on VLAN100: your normal LAN is not tagged and the switches will forward your data normally.

Dear D-Link, Alpha Networks, Realtek .. I own a DWA-192 and I get satisfied

Update 15-11-2016

I have added extra options to the SMB configuration of Openmediavault

In a last test I got almost 5.5 tot 5.75MB/s downloading data from my NAS to my Win10 notebook.

By adding these ‘options’ my speed improved with almost 600% from 5MB/s to 30MB/s

max protocol = SMB2
max xmit = 65535
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=65535 SO_RCVBUF=65535
read raw = yes
write raw = yes
max connections = 65535
max open files = 65535

 

Update 21-08

I am getting (its wierd) more satisfied, now the Wireless is stable and I do random tests

First of all I was testing PC Windows 10 –> Debian Linux, so a write action, my rant was about the write speed. But actually I think I cannot be complaining a lot when I achieve 20 to 30MB/s  write speed .. ? can I?

Today I tested a read speed from NAS (Debian with OMV, (OpenMediaVault)) and here I get speeds between 40 and 45MB/s ..  so .. although I would like to have faster write speeds, the read speed is showing expected speeds.. .

 

original rant  below;-)

…..

First of all .. I am geek, like to test, read manuals (not user manuals but engineer manuals or technical manuals) to find and read about settings to see how they can be finetuned for optimal results.

Maybe it’s due to myself, but why is there not a decent manual for the DWA-192? settings explained? best settings used … documentation is dramatic.

Last week I bought a DWA-192. It’s being used in The Netherlands under Windows 10 and I am testing towards a HP Microserver running VMWARE with a host running Debian 8. Normal speeds on Gigabit copper wire are around 78 to 80MB/s

The speed advertised for the DWA-192 within Windows 10 is between 1.1 and 1.3Gbit/s with this I expect at least speeds between 300 and 500mbit/s, but I achieve much lower (180 / 220mbit/s)

update (one day later): due to just wait .. and maybe time of test I see better results. Speed is improved towards 250 to 300 mbit/s

My AP environment consists of 3 APS’s

  1. Ubiquity AC LR in the attic
  2. Ubiquity AC LR 1st floor
  3. Ubiquity AC Pro living room (the DWA-192 is connected to this one). I know that I get much lower speeds when using 1 or 2 but I am using it at 3 .. and expect the full potential ..

The notebook is 4 meters next to the Ubiquity AC Pro. I have a good wireless connection (Images will follow) due to the wireless connection speeds of 1.1 and 1.3Gbit/s

Dear D-Link, please request your engineers at Alpha Networks that they will contact Realtek to see how interoperability between AP’s can be improved. I really like to help to test, things I did many years.

There are a few things:

  • the advanced settings in the network driver are not described, So it is a needle in a haystack to see what are the best settings (I did test a lot of settings and see various results
  • Enable / Disable QoS shows dramatic changes in performance
  • default using the WLAN on auto rather than choosing 802.11ac or a combination of both is causing the DWA-192 not to connect to its max speed, only Wifi speeds: 450 or 600 (if lucky), forcing the device on 802.11ac/n/a is showing higher speeds ..
  • Windows SMB copy shows around 20 to 30MB/s at a connection speed of 1.3Gbit/s this is ‘dramatic’ I am expecting here 45 to 60MB/s
  • Update: SMB is also improved to max 40MB/s

smbcopy

 

  • iperf used between my Windows 10 and linux box is showing between 170mbit/s and 220mbit/s which is in line with the Windows SMB copy

iperf3_1

update: iperf3 is showing ‘higher’ results now to max 300Mbit/s  .. but still not a 400 to 500Mbit/s I am expecting.

Of course I would like to fingerpoint towards Ubiquity’s  AP but I have seen that other AP’s can achieve higher results towards the Ubitquity’s AC Pro device

Of course specific settings like using VHT80 etc are set otherwise the connection speed could not achieve 1.1 or 1.3Gbit/s

So how to achieve a higher throughput speed, something I am seeking.

Anyone?

b.t.w. Altough speed is not everything, the wireless is absolutely stable !