Learn the steps to configure your network correctly.
Learn the steps to configure your network correctly.
I’m thankful for all help. Please don’t interpret any arrogance into my comments I just tried to push it in the right direction. I love this community and for sure you are all volunteers. Sometimes it is necessary to simply tap a little on the brake. Ayyy mates! Please calm down! This is a community. Not a place where someone should hate on someone else!!! Please do not interpret arrogance to my or someone else’s replies. Such questions thrown like the one from @shoutingsteve are not unwanted… he’s all the rights to throw in any question he has to understand certain replies. Furthermore please don’t get me wrong. Sometimes someone has to moderate a little so that in case someone else is the future trying to read this topic is not blown away by slightly off topic things. that said just calm down respect each other and move on with sharing your experience with the community.
I’m considering two approaches. I’m not entirely confident the UDM Pro supports multiple DHCP servers, but I’d like to explore it. You have a few choices:
1) Install a Layer 2 switch in each flat, run cables back to the UDM Pro, create subnets there and apply an ACL to restrict communication between them. Then you can allow specific hosts access or provide public DNS through the UDM Pro while keeping private servers for your own use.
2) Use a single switch, split the network into VLANs per flat, connect each flat with an unmanaged L2 switch and a Layer 3 switch for routing. Assign subnets to each SVI and set up trunking to the UDM Pro for centralized management.
My preference leans toward option 1—it’s simpler and easier to manage. You can configure NAT on the UDM Pro to share one public IP across all flats, ensuring privacy while maintaining control. If your UDM Pro doesn’t support multiple subnets, you could use option 2 with additional switches and dedicated routing.
Misconceptions to note: You’re free to choose any IP address space, but private ranges prevent external access (like DNS lookups). Using a public range would block certain services. For advanced routing, BGP announcements are possible, though you’ll need to avoid advertising subnets to non-owners.
Hello! Your response is appreciated! The idea from minkyath is accurate. We're in the same family, with two flats, identical buildings, shared servers... So: For 1) based on what I understand, the UDM can support several DCHP subnets. However, one SFP+ needs to remain idle for future FTTH needs. Currently, I only have one SFP+ port that connects to both flats. For 2) if I'm correct: I would need another SFP+ L3 switch and divide the single UDM SFP+ port into multiple ports. Then connect those to L2 switches and finally reach my devices inside each flat? The SFP+ ports on the L3 switch would have their own subnet and VLAN tagging? Yes, only the UDM handles NAT. That's the goal—keep things as straightforward and reliable as possible! Thanks for highlighting these points.
This approach ensures proper segmentation. For point 2, label the packets at the switch linked to the UDM pro to the L2 unmanaged switches. Configure the ports as access with a unique VLAN tag for each flat. A trunk port connecting the switch and UDM pro would then function effectively.
I checked for an L3 SFP switch from Ubiquiti. It seems limited, only offering aggregation switches with SFP ports. Assuming you have a L3 switch per flat and the UDM as the server network gateway, it's possible to route traffic between them. You can treat each flat as its own private network with its own subnet and DHCP servers. Using the UDM as the default gateway for L3 makes sense. All networks should share a single DNS server for your domain and Cloudflare for other requests. This setup avoids double NAT if configured correctly.
Alternative Concept: Send traffic through an UDM Pro, route it to an aggregation L2 switch, then forward to two additional L2 switches. Segment the traffic on the UDM for better performance. The advantage would be establishing connections between servers using SFPs while maintaining high-speed links during heavy loads.