I moved to a new city that gave me the option of having fiber internet. I was lucky enough to get a new router at the same time. This blog post focuses on how I have designed my network.
In the past, I always used the router the ISP gave me. In this case I got an AT&T U-Verse Pace 5628ac Gateway. This time around, I have the opportunity to use the Ubiquity EdgeRouter X. This new router offers more enterprise-friendly configuration options and a sleek management GUI.
SOHO VS. ENTERPRISE ROUTERS
SOHO refers to Small Office/Home Office. A SOHO router is usually a router that is given to someone by their ISP, or Internet Service Provider. These types of routers are unique because they are commonly all-in-one devices. For example, the 5628ac that was given to me by AT&T is a modem, switch, and router. Like many all-in-one things, there is a trade off. SOHO routers have less options when it comes to configuration.
Enterprise routers, like the ER-X are not all-in-one devices. The ER-X is only a router. If I need a modem, switching, or wireless capability, I have to buy the respective devices for those functions.
MY NETWORK ARCHITECTURE
I don’t want my experiments to interfere with my SO’s, Casey’s, work from home routine. For this reason, I’ve decided to integrate the LAN associated with the 5628ac. Casey will be on this LAN, and if Casey loses internet connectivity while I am out, she can troubleshoot it with AT&T. Additionally, I can make configuration changes to the rest of my home network without affecting her.
I will have two more dedicated LANs. The first will be a LAN for my lab. I plan on letting friends/family connect to my lab via VPN. With a dedicated LAN, lab traffic won’t interfere with the rest of my home network.
Lastly my workstation will have its own LAN. I will add an access point and Pi-hole in the future. I’m sure I’ll think of other things to add.
CONFIGURING 5628AC WITH EDGEROUTER X
When using multiple routers in the same network, there is a risk that the routers will conflict with each other, causing performance issues. For example, routers use protocols like DHCP and NAT. These protocols work more efficiently if there is a dedicated device providing them. Multiple devices providing them will “confuse” each other. To ensure my setup is working as efficiently as possible. I will configure my 5268ac to pass all traffic to the ER-X. My ER-X will be the boss.
In most cases, I could set the 5628ac to Bridge Mode to make this possible. Unfortunately, the 5628ac didn’t have that option. After consulting a friend with more experience, and doing a bit of research, I learned the 5628ac had a DMZplus Mode to help me achieve what I wanted. I used these articles to configure DMZPlus mode for my SOHO Router.
- Old Reddit Post – AT&T Fiber Possible Bypass Pace
- Enabling Bridge Mode on AT&T U-Verse
- Using AT&T GigaPower PACE 5268AC With Your Own Gateway
In the management GUI of the EdgeRouter X, I configured the WAN port to accept a DHCP address.
After configuring DMZPlus on the 5628ac, and configuring the WAN interface on the ER-X to accept DHCP address, I rebooted both routers. Then, I viewed the device information in the 5628ac to find the ER-X now had a Public IP given to it by the 5628ac. Success!
After essentially taking the AT&T router out of the picture, I was able to configure three dedicated LANs in my ER-X. Each network was given an interface on my ER-X to use as a Default Gateway. For now, routing tables have been added to allow traffic to flow between all three networks. Additionally, the Firewall on the ER-X has been configured to allow WAN traffic to flow outbound, but not inbound.
To do this, I used this blog post and a built-in wizard in the Management GUI of my ER-X.
Very interesting read Ken. I was considering setting up my own LAN separated from the household LAN and this provided…