Setting up a Unifi UDM behind an EdgeRouter using static routes

Scope: The purpose is to use the UDM on the network; behind an EdgeRouter, still be able to expand other networks behind the same EdgeRouter if necessary, while using the same MAC address.

Situation: I could only seem to get an EdgeRouter to work automatically on the network line allotted to me from the IT department, using a specific MAC address that IT used to validate the hardware on their side. I originally gave IT the wrong MAC address and to fix the issue was going to be a 20 page request to the IT department and I did not want to do that again. So I used an EdgeRouter that my friend gave me and through the CLI was able to change the MAC address and surprisingly the EdgeRouter worked immediately on the network… Unlike the USG (Unifi Security Gateway) Pro 4. I tried for days to get the USG to work on the network solo, and then behind the EdgeRouter but no success. That brought me to the conclusion that some configuration I may have done caused the issue but I was not going to tear apart my current configuration to figure it out so I purchased an UDM as an upgrade/fresh start on the new network. Unfortunately I could not get the UDM to work on the network or behind the EdgeRouter so after several attempts I dove into some static routes that I remember doing once before when I had my own router behind an AT&T router. Here is what I did to get it to work behind my current ISP host (IT) at work.

• Login to the EdgeRouter using your credentials and name ports your accordingly. For the purposes of what I needed to do, the first port in my WAN from IT, the second port is my network that needs to get to the interwebs and port 3 is the one I am using to control all the chaos.

• I had to put in the ISP information I was given for port 1 as that is my “ISP” and I have a static IP address from them along with DNS servers.

• Configure port 2 using the [Actions]>[Config] buttons on the right side to manually configure the name, enable the port, and select Manually define IP address with 10.0.0.1/24 and then save the configuration. This is our “bridge port” from 1 router to another.

• For the purpose of this setup, use the 3rd port as the “control network” to configure all this jazz without loosing connection. Configure the port as shown below and save.

• Next, hop over to the routing tab and select the “+ Add Static Route button” in the top Left corner and use the variables listed below and save.
  • From there select “Gateway” from the drop down list
  • Destination Network = 192.168.1.0/24
  • Next Hop = 10.0.0.2
  • Distance = 1

• I am using 192.168.1.0/24 network behind my UDM and 10.0.0.2 is the WAN IP address of my UDM that is manually configured in the cloudkey. Since all the work here is complete, log into the UDM next and head over to the [Settings]>[Networks] tab.
• Here I changed the WAN port name to Zone B WAN for my own convenience. Select to edit the WAN using the [edit] button in that row

• Set the WAN facing parameters as follows:
  • Connection Type = Static IP
  • IP Address = 10.0.0.2
  • Subnet Mask = 10.0.0.1
  • Router = 10.0.0.1

• Save your settings and move over to the “Routing and Firewall” tab. Here you will select “+ Create New Route” and fill in the following parameters then save: * Name = whatever you feel like, mine is outbound * Destination Network = 0.0.0.0/1 * Distance = 1 * Static route type = Next Hop * Next Hop = 10.0.0.1

• From what I understand, the Destination network is supposed to be 0.0.0.0/0 but the controller kept giving me a payload error so I guessed on something close and it worked. From here I cycled the network connection and the internet worked . The default network is 192.1.68.1.0/24 behind my UDM and thats why I had to add that route to the EdgeRouter so that it would complete the path.

• In my Instance, the default lans DNS servers had to be set to my IT networks IP addresses they sent me or else the networks would not work.

• I believe this static route has to be done with each subsequent network formed, eg 192.168.2.1, 192.168.3.1, etc..