RT-AC68U As Access Point in New Hardwired Network

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Seventh Monkey

New Around Here
I'm in the process of migrating from my RT-AC68U based network to a hardwired network based on Uniquiti EdgeMax. I still need some type of access point for IoT devices as well as guests and when I need to roam with my laptop.

The 68U's have been rock solid and reliable and I have a pair set up in a mesh network. It has everything I need in an access point, so I want to repurpose them for that role.

I could use any dedicated AP, but the EdgeRouter does not support mesh. UniFi does, but it relies on "the cloud" and I don't do cloud anything. Too much IT history to believe that anything stored by someone for you is secure. This is why I have my own NAS.

The other reason is that in the event that the EdgeRouter failsI can just repurpose the 68U back to that role until the issue is resolved. I couldn't do that with a standard AP.

My plan is to:
  • Connect the WAN interface to a port on my Edgerouter.
  • Connect one standard port to an EdgeSwitch
  • Turn off DHCP since I want that to come through the EdgeSwitch to the switch portion of the 68U
  • Turn off the firewall since it will be behind another firewall already
The intent is that devices connected to the guest network, like IoT devices and guests, will only have access to the Internet. The Asus router only allows access to the WAN port for the guest wireless network.

Devices, like a laptop that need access to printers, NAS, and other devices should still be able to access that through the connection to the EdgeSwitch, I shouldn't need to do anything else

Anybody see anything I missed above before I mode the EdgeMax gear out of lab and into production?

Thanks in advance
 

OzarkEdge

Part of the Furniture
I'm in the process of migrating from my RT-AC68U based network to a hardwired network based on Uniquiti EdgeMax. I still need some type of access point for IoT devices as well as guests and when I need to roam with my laptop.

The 68U's have been rock solid and reliable and I have a pair set up in a mesh network. It has everything I need in an access point, so I want to repurpose them for that role.

I could use any dedicated AP, but the EdgeRouter does not support mesh. UniFi does, but it relies on "the cloud" and I don't do cloud anything. Too much IT history to believe that anything stored by someone for you is secure. This is why I have my own NAS.

The other reason is that in the event that the EdgeRouter failsI can just repurpose the 68U back to that role until the issue is resolved. I couldn't do that with a standard AP.

My plan is to:
  • Connect the WAN interface to a port on my Edgerouter.
  • Connect one standard port to an EdgeSwitch
  • Turn off DHCP since I want that to come through the EdgeSwitch to the switch portion of the 68U
  • Turn off the firewall since it will be behind another firewall already
The intent is that devices connected to the guest network, like IoT devices and guests, will only have access to the Internet. The Asus router only allows access to the WAN port for the guest wireless network.

Devices, like a laptop that need access to printers, NAS, and other devices should still be able to access that through the connection to the EdgeSwitch, I shouldn't need to do anything else

Anybody see anything I missed above before I mode the EdgeMax gear out of lab and into production?

Thanks in advance

A couple of points...

Note that AiMesh can be configured in AP Mode:

router <wire> AiMesh AP <wire/wireless> AiMesh remote node

Given your scenario, can you configure the router port the AC68Us are wired to to prohibit AC68U clients from accessing router other clients?

OE
 

Seventh Monkey

New Around Here
A couple of points...

Note that AiMesh can be configured in AP Mode:

router <wire> AiMesh AP <wire/wireless> AiMesh remote node

Given your scenario, can you configure the router port the AC68Us are wired to to prohibit AC68U clients from accessing router other clients?

OE

Thank you for that information - I was wondering if AI Mesh was supported in AP mode.

I could do that, however I have two scenarios for wireless devices:
  1. IoT wireless devices (believe it or not my bed is one) that I only want to to have access to the Internet and nothing else. Frankly, IoT's like light bulbs that change color are unlikely to be very secure. I don't want them to be able to play with anything else.

    These devices would connect to a guest network, and the Asus router only gives them access to its WAN port, thus the wan port connection to the EdgeRouter. The EdgeRouter port only allows access to it's WAN port so all they can access is the Internet

  2. Other wireless devices that I want to have access to the Internet and network resources like printers and my NAS.

    These devices would connect to one of the standard networks. The Asus router gives them access to it's WAN port, so if they are used for Internet access they would follow the same as case 1 above.

    If they need access to network resources like printers and the NAS, then the Asus router would direct that traffic through the LAN ports. One of those is connected to the EdgeSwitch, which also provides DHCP as well as those resources.

    Diagram below for reference. Yes, I am aware that the ES-24-500 switch is isolated from the rest of the network. It's intentional.

    1614882385144.png
 
Last edited:

OzarkEdge

Part of the Furniture
Thank you for that information - I was wondering if AI Mesh was supported in AP mode.

I could do that, however I have two scenarios for wireless devices:
  1. IoT wireless devices (believe it or not my bed is one) that I only want to to have access to the Internet and nothing else. Frankly, IoT's like light bulbs that change color are unlikely to be very secure. I don't want them to be able to play with anything else.

    These devices would connect to a guest network, and the Asus router only gives them access to its WAN port, thus the wan port connection to the EdgeRouter. The EdgeRouter port only allows access to it's WAN port so all they can access is the Internet

  2. Other wireless devices that I want to have access to the Internet and network resources like printers and my NAS.

    These devices would connect to one of the standard networks. The Asus router gives them access to it's WAN port, so if they are used for Internet access they would follow the same as case 1 above.

    If they need access to network resources like printers and the NAS, then the Asus router would direct that traffic through the LAN ports. One of those is connected to the EdgeSwitch, which also provides DHCP as well as those resources.

    Diagram below for reference. Yes, I am aware that the ES-24-500 switch is isolated from the rest of the network. It's intentional.

    View attachment 31553

Connections like the AC68W LAN1 always confuse me.

OE
 

Seventh Monkey

New Around Here
Connections like the AC68W LAN1 always confuse me.

OE

After some testing I decided to use Access Point mode.
  • IoT AP will be connected directly to the router where it can only access the Internet
  • Wireless devices that need to access other LAN resources will connect to the ES-48-LITE.

I'll need to pick up a few more routers, but used RT-AC68Us are pretty inexpensive right now, especially the rebranded T-Mobile units. They meet my needs and have been very reliable, plus I don't like the gamer look on the newer models.

An advantage of needing the additional devices is that they can be set up as AP's to the EdgeMax equipment in advance of cutting over.

The only thing I don't know is how close the two different AP networks can be.

Why not just go with a regular AP? The construction used in my current house makes it very difficult to place them where they would need to go, whereas the footprint and appearance of the AC68x makes it easier for them to blend in with other things.

1615665089471.png
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top