The secure, upscale network in the single-family house

  • Erstellt am 2020-06-06 23:00:54

Tarnari

2021-10-26 19:30:52
  • #1
Alright, the UDM Pro is ordered. Allegedly new as a return for €325. I’ve been looking into it a bit. Apparently, on this thing, you can set NAT to be disabled and a script via cron job prevents resetting on reboot. I’m curious. The plan now is: Telekom DSL, Fritzbox with its own network and static route to the UMD Pro, telephony and Magenta on the Fritzbox, UMD Pro behind it, and the rest segmented into VLANs. I’m curious whether it will work as desired.
 

JoachimG.

2021-10-26 20:59:23
  • #2


That should work like this.

Because general tips were asked for.

My opinion:
Especially in the network area, if in doubt, you have to study 1000 protocols to get VoIP, IPTV, or other topics running in your network in the end. You need some enthusiasm or a taste for pain.

Therefore, like Tarnari. If possible, keep things like MagentaTV and VoIP out of the "complex" network. For IPTV, you might get lucky by choosing components that support IGMPv3; with VoIP, you're like on the high seas in God's hands. I witnessed live how 4 T-technicians desperately and nearly in tears tried one after the other to get the SIP trunk running as a PMX replacement on a Cisco gateway. In the end, following my suggestion, they took some kind of digitalization box from the warehouse, and it worked after 10 minutes.

Always keep networks as simple as possible unless it’s your hobby.

For WLAN, the same applies for me. "Professional" equipment doesn’t make everything better, just more difficult. When it comes to APs, pay attention to things like the mentioned DFS, TPC, and Band Steering (which doesn’t just let the client decide which network is better for it). Ubiquiti is a good choice, basically regardless of which APs, but it is more complex to configure and more prone to misconfiguration than, for example, AVM.

Basically, the rule is: the more present the provider is in the German market, the more likely there are adjustments for German providers like Telekom in the area of VoIP or at least guides or a community that can help.

For those who want to tinker: inform yourself beforehand. How does my provider handle multicast, which codec is used for VoIP, which ports, etc. That prevents annoying bad purchases by recognizing in advance where you will have problems.
 

Tarnari

2021-10-26 22:18:31
  • #3
Well said. For me, it is already somewhat like a hobby. Still, I just want it to work and a bit more beyond that. I don’t want to have to work at home as well. What that means, I am currently experiencing at work. Moving into a new building. Switching from Internet via Vodafone cable to fiber via Netcologne into the DFN. As my trainer often said, “That is really a pain in the ass.” Switching Asterisk from ISDN to SIP trunk. All this is only possible with incredibly expensive external service providers as long as the special expertise is not present in-house. At home, I don’t need that. I mean, if I ever am gone someday, somehow my wife/my daughter has to be able to continue that as well.
 

FoxMulder24

2021-10-27 19:17:29
  • #4
So I operate a UDM-Pro.

DSL connection --> Zyxel modem --> UDM-Pro --> switch (PoE capable, Unify). From the UDM-Pro and switch it continues further. -Among others to a FritzBox, which only serves as a DECT base. (I like the telephone functions of the Fritz) -2 Unify cameras and a NanoHD, which are powered via PoE.

Double NAT can be prevented, there are instructions on the internet for that. However, you have to keep in mind that MagentaTV does not work with the UDM (IGMPv3 is not supported). And I had to fiddle a bit with the settings, initially I had connection drops during telephone calls after 15 minutes. Certainly, if you have zero knowledge or affinity for software / IT, it is definitely not recommended. Then just a FritzBox and that’s it. But the possibilities with the combination are really nice (VLAN, cameras, firewall, ...). An interface to configure (almost) everything is also pleasant.
 

Tarnari

2021-11-01 23:18:23
  • #5
Here is an update… UDMPro arrived on Friday and was installed over this long weekend.

OK, nice looks different but there is more to come:



Additionally, a small work desk has found its place. This makes those few times a year when you have to work directly a bit more comfortable, especially when remote access doesn’t help.



The Magenta receivers along with the GigaSet Go Box, as well as the fax, run on an old crappy Netgear switch connected to the Fritzbox. The UDM is connected via WAN port also to the Fritzbox, behind it via 10GBit the Cisco switch, and behind that the entire rest. The NAT on the UDM has been disabled. A script checks via a cron job every 15 minutes to see if this is still the case and disables it again if a reboot or a firewall change turns NAT back on. A static route on the Fritzbox into the UDM network directs the traffic from outside inward. Conclusion: everything works wonderfully. Well, almost. I am struggling on the one hand with the Sunny Homemanager and the inverter of the photovoltaic system. They are still acting up badly. I am also struggling with the UDM firewall. I am doing something wrong. Access from the Fritzbox network into the UDM network does not work yet. Additionally, DNS is causing me problems. Until now, my Windows server handled that. The Fritzbox was the second DNS. Now I don’t know how to teach the DNS that everything takes place in a new network. Forward as well as reverse lookup do not currently work via the Windows server. But that will come. If anyone has tips, feel free to share. Nevertheless, I can at least recommend the setup so far! Regardless of the functions, I actually immediately notice a big improvement in responsiveness. This suggests that my network was overwhelming the Fritzbox and the UDM handles it much better. Furthermore, I can now segment the network via VLAN. That will be the next step when everything runs. For €325, by the way, it was a real “bargain.”
 

Tarnari

2021-11-04 22:52:54
  • #6
The DNS thing is really sh..ty. Does anyone have an idea how I can explain to the Domain Controller that it should please resolve in the new network? I have already created a new forward and reverse lookup zone, but it doesn’t start. Now I have two zones, the old one that doesn’t update and the new one that doesn’t populate. On top of that, I don’t fully understand the FW concept of the UDM yet. Which rule do I have to set so that I can get from the FB network to the UDM network? NAT is disabled on the UDM and the FB has a static route to the UDM network pro…
 

Similar topics
07.10.2014Renounce Telekom connection30
01.01.2016Cost of house connection for Kabel Deutschland and Telekom?37
30.05.2016Apply for Telekom / Unity Media connection in parallel11
16.07.2016Telekom connection - line already laid, still have to pay 600€?29
08.08.2016Connection costs for telecom, cable, electricity10
25.08.2016IpTV and alternatives...34
01.02.2017Duration of completion notification for Telekom house connection22
10.01.2018Telekom says TV is not possible - Can that really be true?29
25.02.2019New construction: Connection & cabling Internet + TV103
22.02.2019Home network cabling with POE access points38
29.02.2020Implement LAN and SAT in a single-family house with a central server cabinet40
25.08.2020Is a satellite system still necessary in new buildings, or is IPTV sufficient?233
12.11.2020Internet connection: Deutsche Telekom vs. cable network33
13.09.2020Do you have experience with the Cisco SG250X-24P-K9-EU switch?57
07.10.2020DSL or video doorbell with telecommunications cable A2YL2Y 6X2X0,6 TR?16
03.01.2021Problems with Telekom. Crossed cable?33
19.02.2021Telekom Hybrid or Vodafone Cable - Advantages & Disadvantages for Internet36
04.01.2022Cable vs. Telecom Fiber Optic - Decision56
16.09.2021Apply for cable and/or DSL connection37
14.07.2022Technical room / Router / Access Points / Switches99

Oben