Complicated multi-router setup, specifically an Ubiquiti router. Help?

OilMagnate

Thread starter
Joined
Aug 4, 2020
Messages
557
I have been trying to set this up for two days now and I'm defeated. What I feel should be a somewhat simple setup for an average user is definitely not. That or I'm completely incompetent. Not sure at this point which.

The details are super long and complicated, but here's the simple short version. I have three routers that need to work together. The ISP modem/router combo I'll call "A" which is fed by fiber, my Asus RT-AC68U will be called "B" and an Ubiquiti AirRouter HP will be called "C" in this scenario.

A has zero issues and is the main unit for the whole network.

B is hardwired via a 100ft Cat5e cable from A on the extreme opposite end of the house. It has been connected for several weeks and has been working perfectly as a secondary router with it's own SSID and password (which is what I want). I have disabled the 5GHz radio on this router because it isn't needed in my setup.

C needs to be connected wirelessly to B in an auxiliary building/garage 92 feet away. B and C will have a clear, unobstructed line-of-sight to each other via windows in each building. The auxiliary building is solid cement block all the way around with solid core steel doors...an RF nightmare. The only chance of getting RF through is this third router in a tiny bathroom window above eye level (I'll be anchoring it in to prevent any possibility of it falling into water). This one will also need it's own SSID and password (I'm assuming WPA is not an option as a repeater, which is fine).

What I can't figure out is how to setup this particular router (C). My suspicion is that because it's a POE/WISP router, I'm doing something wrong. I can get logged into it, I can change the SSID, etc. But I can't get it to connect to B. Every time I think I get close, it completely locks me out of it and I have to do a hard reset to get access again, even using the "test" function. No matter what I do, it will not connect to the internet. Do I need this in Access Point mode, AP-Repeater mode, or Station mode? I'm assuming AP-Repeater. I'm also going to assume that between Bridge, Router, and SOHO Router modes, I need the standard Router mode due to not being on a WISP. But I'm questioning if Bridge is correct...? When in AP-Repeater mode I do enter B's MAC address as a WDS peer, but it still doesn't connect. I'm beating my head against the wall, but I feel like this is a simple obvious error. I also have a suspicion that I'm not doing something correctly regarding DHCP/Static/PPPoE, because I don't know what those do. I also cannot figure out how the WEP key works. I feel incredibly stupid with this WEP key in particular. Nothing works, everything I try is an invalid key. Ultimately I need all 3 routers to utilize the same bandwidth on a single ISP, but act as three totally independent networks to the average Joe trying to connect to them. They all need their own unique SSID and passwords.

Basically, can anyone knowledgeable with Ubiquiti AirOS, or at least fluent in this PDF manual help me out? PLEASE explain it to me like an old lady who knows nothin' bout them pooters. I won't take offense to talking to me like an idiot, because I wouldn't have typed this if I had the answer/wasn't. Any help is HIGHLY appreciated!

I guess my backup plan is buying a second AC68U to replace the Ubiquiti. At least I know how to set those up...
 
Last edited:
I'd take that a step further and see if he can get the ISP to put the device in bridge mode so it just acts as a modem, that way he cuts it doing NAT/PAT out of the equation all together.

Even if he sets it up as Wayne noted, with routes between the different subnets, that would allow a savvy user to access devices on one of the parent subnets being routed through. Ideally, we'd use VLAN's here, but another option is something like an Aruba InstantON that allows for the creation of guest WiFi networks, which has the traffic tunnelled, on its own subnet, to the default gateway and isn't allowed to access the parent subnet. Though I believe Ubiquiti hardware may also have this capability, not sure as to the price differential there.
The AC68U (B) has the capability of enabling guest networks. I believe A does also. I have them disabled, but if it's beneficial, I can enable them.
 
That said, I feel the AirRouter should easily meet my low expectations.
I'm sure that it could, but as you're looking for someone to walk you through the setup, that person would need to own the same model. That is unlikely since it wasn't a common model and it has been discontinued for some time.
 
I'm sure that it could, but as you're looking for someone to walk you through the setup, that person would need to own the same model. That is unlikely since it wasn't a common model and it has been discontinued for some time.
Agreed. That's what I was afraid of. I was just hoping I was doing something obvious incorrectly, which very well still may be the case.
 
The AC68U (B) has the capability of enabling guest networks. I believe A does also. I have them disabled, but if it's beneficial, I can enable them.
A being able to do it doesn't help us though, because it's not the device you want the function on. The guest network in this case needs to be on an access point and be able to encapsulate or route the traffic in a way that prevents clients on that network from being able to access your non-guest network. That's easy when it is on the same device (like A) providing the access, but becomes more complicated when you are using equipment in a manner in which it isn't designed (like the current setup with serial NAT/PAT).

Now, I mean, if we are really just trying to jerry rig stuff here with your existing equipment, you'll want to take B and use it as an access point (eliminating NAT/PAT). I assume it doesn't have access point "mode" but some of the ASUS routers do, so check that first. You can turn it into a pseudo access point by:
1. Turning off the DHCP server on it
2. Assigning it a LAN (NOT WAN, that interface won't be used) address in the same subnet as what's being served up via DHCP by A (so, if A is 192.168.1.1, give B 192.168.1.254 or 192.168.1.2)
3. Ideally, restrict the scope on A so that we reserve ranges for static assignment and these are left out of the DHCP pool, so if the current pool is 192.168.1.2-192.168.1.254, change it to 192.168.1.10-192.168.1.250, which gives you addresses from 2-9 on the bottom and 251 to 254 on the top.
4. Plug the cable from A to B (I know it passes through a switch, that doesn't matter for the sake of this explanation) into one of the LAN ports, taking it out of the WAN port

Your wireless client on B should now be getting its IP address from A, as B is doing nothing other than acting as an access point.

Now, looking through the manual for the Ubiquiti device, as I noted earlier, it definitely has the ability to act as a client bridge. BUT, it only has one radio, so it does not have the ability to serve wireless clients in that mode. You will need:
1. A computer connected to it via ethernet
2. Get into the configuration for it, configure it to:
a. Have an IP address on the LAN interface in the same subnet as A & B, so say if A is 192.168.1.1, B is 192.168.1.2, C would be 192.168.1.3
b. Configure it as a wireless client/bridge to connect to B
3. You should now have internet through the ethernet connection

This is where you need another piece of hardware. You need an access point that can isolate guest traffic connected to C to achieve what you want. I'd personally recommend an Aruba AP11 InstantON. You configure it via an app, it's ridiculously easy to setup and can do what is desired. You will need either a power injector, cheap PoE switch or the appropriate AC adapter to power it, as they expect you to be powering it via PoE by default.

Aruba AP11
Cheap TP-Link PoE injector

Don't order the AP11 and injector until you confirm you have internet through ethernet at C.
 
Technically it can work without changing anything inside the house. Multiple NAT is a problem for gaming and other intense real time interactive stuff but for regular web browsing, video streaming, or social media apps, the network you have is fine.

Having found an Airrouter HP manual, I see that as @OVERKILL said it can't do simultaneous AP and client. So it's not going to work as a single box solution in the garage. You'll need to buy something to supplement or replace it. One approach would be to have the Airrouter as the AP for the garage and buy something for the link to the house.
 
Technically it can work without changing anything inside the house. Multiple NAT is a problem for gaming and other intense real time interactive stuff but for regular web browsing, video streaming, or social media apps, the network you have is fine.

Having found an Airrouter HP manual, I see that as @OVERKILL said it can't do simultaneous AP and client. So it's not going to work as a single box solution in the garage. You'll need to buy something to supplement or replace it. One approach would be to have the Airrouter as the AP for the garage and buy something for the link to the house.
I've seen MTU issues with serial NAT (can't reach certain sites), though it's not super common, but enough to have me never recommend it as a practice. It's also a networking no-no, though a lot of people get away with doing it.

Yes, he'll ultimately need another device in the garage is my conclusion, since what he has only has one radio.
 
A being able to do it doesn't help us though, because it's not the device you want the function on. The guest network in this case needs to be on an access point and be able to encapsulate or route the traffic in a way that prevents clients on that network from being able to access your non-guest network. That's easy when it is on the same device (like A) providing the access, but becomes more complicated when you are using equipment in a manner in which it isn't designed (like the current setup with serial NAT/PAT).

Now, I mean, if we are really just trying to jerry rig stuff here with your existing equipment, you'll want to take B and use it as an access point (eliminating NAT/PAT). I assume it doesn't have access point "mode" but some of the ASUS routers do, so check that first. You can turn it into a pseudo access point by:
1. Turning off the DHCP server on it
2. Assigning it a LAN (NOT WAN, that interface won't be used) address in the same subnet as what's being served up via DHCP by A (so, if A is 192.168.1.1, give B 192.168.1.254 or 192.168.1.2)
3. Ideally, restrict the scope on A so that we reserve ranges for static assignment and these are left out of the DHCP pool, so if the current pool is 192.168.1.2-192.168.1.254, change it to 192.168.1.10-192.168.1.250, which gives you addresses from 2-9 on the bottom and 251 to 254 on the top.
4. Plug the cable from A to B (I know it passes through a switch, that doesn't matter for the sake of this explanation) into one of the LAN ports, taking it out of the WAN port

Your wireless client on B should now be getting its IP address from A, as B is doing nothing other than acting as an access point.

Now, looking through the manual for the Ubiquiti device, as I noted earlier, it definitely has the ability to act as a client bridge. BUT, it only has one radio, so it does not have the ability to serve wireless clients in that mode. You will need:
1. A computer connected to it via ethernet
2. Get into the configuration for it, configure it to:
a. Have an IP address on the LAN interface in the same subnet as A & B, so say if A is 192.168.1.1, B is 192.168.1.2, C would be 192.168.1.3
b. Configure it as a wireless client/bridge to connect to B
3. You should now have internet through the ethernet connection

This is where you need another piece of hardware. You need an access point that can isolate guest traffic connected to C to achieve what you want. I'd personally recommend an Aruba AP11 InstantON. You configure it via an app, it's ridiculously easy to setup and can do what is desired. You will need either a power injector, cheap PoE switch or the appropriate AC adapter to power it, as they expect you to be powering it via PoE by default.

Aruba AP11
Cheap TP-Link PoE injector

Don't order the AP11 and injector until you confirm you have internet through ethernet at C.
You certainly live up to your name! Thank you so much for taking the time to explain all of this. This is the dumbed-down level of hand-holding I needed. I'm terrible with networking, and even worse with software of any kind. But I can completely tear down a gaming console (and most of a computer - still not brave enough to swap a MOBO), repaste it and/or swap basic components, and put it all back together without breaking a sweat. Hardware and physical things I understand. That's why basically my entire house is hardwired.

I will try your recommendations this week and report back with my results.

Out of curiousity...since the Ubiquiti router only has one radio, and the goal is to not buy additional equipment, could I simply switch BC and leave all of the connections as they were prior to switching them? I assume the only sacrifice made in this scenario is not being able to wirelessly connect to the Ubiquiti router because the Asus would be occupying the radio? And I also assume that the Asus 2.4GHz radio will be occupied/connected to the Ubiquiti, therefore only allowing 5GHz wireless connectivity in the garage? If this is correct, this would be perfectly fine with me. Knowing my networking ignorance though, this may be entirely wrong.

Thank you again for the thorough explanation. Some of what you said I still don't perfectly understand (like assigning LAN IPs), but you did way more than your part to try. I'll do my part and try educating myself on some of these basics and hope I gain some knowledge.
 
Multiple NAT is a problem for gaming and other intense real time interactive stuff but for regular web browsing, video streaming, or social media apps, the network you have is fine.
*Screeching brakes* Wait a minute. This needs clarification. Where does multiple NAT become part of my network and what exactly is the effect? I have two gaming consoles and a PC with a 3090 hardwired to A. If the multiple NAT you speak of only affects the B/C connection (essentially from B going downstream), then I'm fine. If it has an effect on the whole network, then I may have to completely change my plan. Or does it only affect the wireless devices? That would be okay as well, since all of the gaming devices are hardwired.

I really need to take a networking class or something. I feel so incredibly stupid.
 
You certainly live up to your name! Thank you so much for taking the time to explain all of this. This is the dumbed-down level of hand-holding I needed. I'm terrible with networking, and even worse with software of any kind. But I can completely tear down a gaming console (and most of a computer - still not brave enough to swap a MOBO), repaste it and/or swap basic components, and put it all back together without breaking a sweat. Hardware and physical things I understand. That's why basically my entire house is hardwired.

I will try your recommendations this week and report back with my results.

Out of curiousity...since the Ubiquiti router only has one radio, and the goal is to not buy additional equipment, could I simply switch BC and leave all of the connections as they were prior to switching them? I assume the only sacrifice made in this scenario is not being able to wirelessly connect to the Ubiquiti router because the Asus would be occupying the radio? And I also assume that the Asus 2.4GHz radio will be occupied/connected to the Ubiquiti, therefore only allowing 5GHz wireless connectivity in the garage? If this is correct, this would be perfectly fine with me. Knowing my networking ignorance though, this may be entirely wrong.

Thank you again for the thorough explanation. Some of what you said I still don't perfectly understand (like assigning LAN IPs), but you did way more than your part to try. I'll do my part and try educating myself on some of these basics and hope I gain some knowledge.
The ASUS unit may not let you separate the radios out, or work as a client bridge, while we know the Ubiquiti does have the client bridge function. The best bet would be, if the Aruba AP I recommended is too expensive, get the cheapest router you can find and do the same setup for it as I showed you for B, to just turn it into an access point, then connect it to the LAN port on the Ubiquiti.
 
*Screeching brakes* Wait a minute. This needs clarification. Where does multiple NAT become part of my network and what exactly is the effect? I have two gaming consoles and a PC with a 3090 hardwired to A. If the multiple NAT you speak of only affects the B/C connection (essentially from B going downstream), then I'm fine. If it has an effect on the whole network, then I may have to completely change my plan. Or does it only affect the wireless devices? That would be okay as well, since all of the gaming devices are hardwired.

I really need to take a networking class or something. I feel so incredibly stupid.
The schematic/plan I've given you eliminates serial NAT.
 
I wasn't ignoring the advice given here, I just wanted to try following the Asus instructions which have never failed me. Well, they failed me in grand fashion. I lost my entire network. Lesson learned: never folllow idiot pictures. I swapped B and C and put the Asus in repeater mode (which the pictures indicated were exactly correct for my case). I remembered from here needing to set a static IP, so I did. Ended up FUBARing the entire network. Had to make a two hour 'emergency' call to a distant relative in IT to get me back to normal.

So back to the drawing board. It was a stupid idea, I get it, but I didn't think I could mess things up THAT bad. I just assumed it would only mess things up downstream. Nope. It was a wake up call that made me realize it's really not worth improvising on such a large scale to save a few bucks, especially when I consider how much of the household's income relies on this internet connection. It was also a wake up call that made me realize I know even less about networking than I thought I did. Now I feel exceptionally incompetent. Guess I should have read the first sentence of my previous post a few extra times beforehand...

So I still want to try OVERKILL's exact layout (with the help of said IT family member holding my hand and translating over the phone the next time he has a chance to), but his walkthrough did give me a crash course and gave me a few ideas for simpler solutions. There is only one thing that's completely clear - take the Ubiquiti/C out of the picture.

Idea #1 - suck it up and bury a cable. This is the ultimate answer, but I still want to try wireless options - and that's coming from a die-hard 'wired' guy. It's been discussed previously, but this fiasco made it more appealing.

Idea #2 - buy a second Asus router as discussed before and throw them into AIMesh mode (per his dumbed-down recommendation, he said he'll walk me through it). $129 + tax solves that. Small price to pay compared to crashing the whole network again (especially if I didn't have my connection).

Idea #3 - use the internet via electricity method that @Rand mentioned previously. The 2 hour phone call also included explaining my power setup and he confirmed it is connected because both the house and garage share a main breaker box at the pole THEN split to their own breaker boxes. I'll be looking into this option more closely. Seems simple enough.

Idea #4 - simply try a plug-and-play range extender. Seems too easy, but I don't have much to lose at this point.

Idea #5 (which I think I want to try first) - put the Asus router in the garage window and connect it wirelessly directly to A. I lose a large chunk of wireless signal at the far end of the house, but it's still far from a dead zone and has been this way for years. I have already configured the rest of my hardware to work with this setup. It adds distance and walls compared to my original plan, but it seems workable, and I'll explain below. Here's what I have in mind:
20220303_013521.jpg

Legend:
A - ISP modem/router
B - Asus RT-AC68U
S - Unmanaged ethernet switch
W - Represents numerous random wireless devices that will connect to A,B independently/exclusively
Z - Represents one specific device that is hardwired
Green Line - indicates a hardwired connection
Yellow Line - indicates a wireless connection

I originally was extremely skeptical of A's signal reaching out there, but I did some speed testing tonight that gives me hope. If I test with the phone in the window, I get 3ms ping, 0.4% packet loss, 34Mbps down, and 10.7Mbps up when connected wirelessly to A. I would think a router with three external antennas (antennae?) would get a better signal. Either way, I'm happy with a 500ms ping and 5Mbps both ways. More than that and I'm thrilled, so I think it just might work. I just need to surf the web on a PC out there for my shop (print invoices, receipts, etc. from a web-based program and order parts online).

Long story short, if I try idea #5, considering the Asus is dual-channel, would it work now that the Ubiquiti is history, and what is the best way to make it work if so? Remember, idiot explanations (or at least clearly list the technicalities so I can relay to my helper).

I think I'm going to explore all of those ideas though, working in reverse order (5,4,3,2,1). I'll report back with my findings. Thank you all very much for your help. It is not going unnoticed.
 
The Airrouter in bridge + AP mode could be used to replace B. It won't have the speed that the Asus has, since it's from a time when "Broadband" meant ADSL or DOCSIS 2, but it will be better that trying to eke out a weak signal in that end of the house.

Then with the Asus out of the loop as a spare router, you can explore what it could do for the garage.

Within your constraint of not buying anything that is about the best you can do.
 
Last edited:
Back
Top