16again wrote:Seems to me like internet access should be fine now on all VLANs. Don't bother about pinging ubnt.com , from my W10 PC it is also not pingable
->Getting specified VLANs out to the internet with inter-VLAN communications (i.e. VLAN2000-2400)
Should work, your next step is getting DHCP on each VLAN working
->Local VLANs with inter-VLAN communicationsOn ER, add ALN_IN firewall rule, blocking that specific subnet
->Local VLANs with only Local CommunicationsOn edgeswitch remove the VLAN interface , but keep the VLAN. This isolates the VLAN , since there's no longer a default gateway present. Next question is: how to do DHCP on that isolated LAN?
Thanks
Isloated VLANs have Win2K12 DHCP servers so handling DHCP on them isn't going to be much of a problem.
The one thing I can't seem to figure out is whether or not, in the case of the Linksys at least, if it needs its firewall enabled (the Linksys devices act as access points because UBNT didn't have tri-band devices at the time). I don't want to end up in a double-NAT situation where the WiFi is being double natted. For a sample, those are connected to the Unifi which is then connected to the EdgeRouter. Everything seems to think it's on the same network even if the Linksys is connected to the Unifi with the WAN port before moving on to the EdgeRouter.
When I used Cisco devices, only the ASA needed its firewall but wasn't sure with the UBNT devices.
Edit - One thing: the EdgeSwitch won't let me create a new user with Privlege-15 so I can delete the default ubnt user. The EdgeRouter already had its default user replaced.
