How to set-up a home network with Ubiquiti devices and T-Mobile Thuis.
Last updated on 19th of May 2020: Fixed issue with Zyxel firmware updates, see Internet + Management VLAN
When moving, I was wondering what ISP I should choose. I have always liked T-Mobile and the amazing speeds they offer on their fiber network (up to 1Gbit/s download and upload!).
In order to make full use of this speed, I, as a nerd, am not going to stick with the default WiFi router they offer, a Zyxel VMG8825-T50. They previously offered Huawei and DrayTek modems. The Zyxel is the default modem as of May 2019.
Notice: This guide does not describe how to configure the basics of the Ubiquiti devices. There already are several guides on that subject. This guide only describes specific settings for setting up a network that is compatible with T-Mobile Thuis.
Goal
We have a T-Mobile Thuis subscription with Internet (Fiber), TV and home phone. Since we want to get the most out of the provided internet speed, we got our hands on several devices from Ubiquiti, which we'll describe later.
Since we do not want to draw extra cables for the TV set-top box, we use in-wall access points and we pull a cable from the built-in switch in the access point to the set-top box.
The unique thing about this guide is that it also describes how to use the home phone service from T-Mobile Thuis. Something other guides did not describe.
Devices Used
- Mediaconverter
- Zyxel VMG8825-T50
- Unifi Security Gateway
- Unifi 8-ports switch with PoE
- Unifi In-Wall AC
- Unifi In-Wall HD
- Unifi Cloud Key Gen1
- Set-top box and a phone, if you require those.
Quick network overview
We don't connect the USG directly to the mediaconverter since this will break IPTV.
In order to let you know what we’re going to do in the following guide, here’s a quick overview of the end result:
Now, let’s setup our network. If you want to use the home phone service, start from step 0. Otherwise, skip to 1.
Step 0. Set-up VoIP (optional)
In order for us to install a home phone later on, we first need to acquire our SIP details. You are required to use the Zyxel for telephony, since T-Mobile doesn't grand you access to the SIP details.
So, let’s connect the mediaconverter to our Zyxel’s WAN port. Connect a phone and wait a few seconds for the Zyxel to acquire your SIP details. You can call your landline number to see if it works. Does it? Great. Let’s disconnect the Zyxel and put it aside. We need it later.
Step 1. Install the switch
Yes. As seen in the topology, the 'WAN'-cable is not going into the WAN port of the USG, but in a port of the Unifi switch. We used port 1.
Mediaconverter -> Switch port 1
Why? That's a valid question. We do this because we need to seperate the vlans that T-Mobile uses. These are 100 (management), 300 (internet + VoIP) and 640 (IPTV).
Let's connect the other devices to the switch. We'll configure those later on.
Switch port 2 -> USG WAN1
USG LAN1 -> Switch port 3
Switch port 5 -> A PC or other device in your LAN. I use an unmanaged switch, this doesn't matter for this guide.
Switch port 6 -> Access Point 1
Switch port 7 -> Access Point 2
Unifi Cloud Key -> Switch port 8
Optional, but required when using the home phone service:
Switch port 4 -> Zyxel
Step 2. Create the VLANs
So, now everything has been connected, it's time for us to create the VLANs.
Go to Settings > Networks in your Unifi Controller and click on Create a new network.
The following networks need to be created:
Step 3. Create a LAN and WAN network, if you don't have those yet.
If you just set up your equipment. It might be the case that you don't have any LAN or WAN networks yet. So let's create those right now.
Create the following networks:
When all networks are setup correctly, your overview should look like this:
Step 4. Create the switch port profiles
Okay. This part is where the actual magic happens. For my colleague network engineers: Let's create some trunks!
First, go to Settings > Profiles > Switch ports. If you have setup the networks correctly as mentioned in the previous steps, there already should be a few configurations. But let's create some new ones.
The Fiber Trunk will be assigned to port 1 on the switch later on. This allows us to receive packets that have been tagged with vlan 300, 640 and 100. So we can browse the internet, call and watch TV.
This one is magical. This profile will be assigned to the ports where access points are attached to, so untagged traffic (mostly generated by wireless devices) will be routed to the LAN network. The VLAN tags like 640 can be used later on to assign this tag to a port on the access point's built-in switch. We'll talk more about this later.
The Internet + Management switch port profile is needed to provide management access to the Zyxel modem as well as tagging its traffic with VLAN 300. This way the home phone service of T-Mobile will keep working and you will still receive automatic firmware updates from T-Mobile over the management VLAN.
The WAN Trunk allows us to get a working internet connection and will be assigned to the USG’s WAN in the next step
So… all networks and profiles have been created. It should now look like this:
Step 5. Assign the profiles to the actual switch ports.
We just created all the required networks and profiles and have connected our devices to the switch. Great! Now let's make things work.
Go to Devices > Your switch and click on Ports. If all devices have been connected correctly, all boxes should be green. However, this might be different if you have a different network setup.
Now, let's edit the ports by clicking on the pencil icon and assign the Switch Port Profile. It should look like this:
Edit the ports with the following profiles:
Port 1 — Fiber Trunk
Port 2 — WAN Trunk
Port 3 — LAN
Port 4 — Internet + Management (300 and 100) Optional, but required when using the home phone service. Otherwise, use LAN.
Port 5 — All
Port 6 — Internet + IPTV Trunk
Port 7 — Internet + IPTV Trunk
Port 8 — All
Things should work now! Your WiFi should provide internet access and devices on LAN should also be able to reach the internet. You should also be able to make and receive phone calls when using the home phone service.
But what about TV? Well, we're configure those now.
If you want to connect your set-top box to theswitch directly, go to step 6. If you want to connect the set-top box to the built-in switch on the in-wall access points like I did, go to step 7.
Step 6. Connect the set-top box to the switch.
If you want to connect the set-top box directly to the switch, change one of your ports that use LAN or Internet + IPTV Trunk to the IPTV (640) profile.
Power on your set-top box, log in and your TV should work!
Skip to step 9.
Step 7. Enable Port VLAN on your access points.
I preferred this way since I did not have to draw more cables from the switch to the bedrooms. I just use the built-in switch on the in-wall access points.
In order to be able to use VLANs on the access point ports, we need to enable Port VLAN. This is important! Otherwise, the next step won't work.
You can find this setting on the Config tab of your access point. Expand the Services drop down and enable Port VLAN. Keep LAN as your management VLAN.
Step 8. Connect your set-top box to the access point.
Go to Devices and select your in-wall access point and go to Ports. Here, click on the port you desire and change its profile to IPTV (640).
Now, connect the UTP cable from the set-top box to the port with the IPTV profile and power on the set-top box. After logging in, you should be able to watch TV as usual!
Step 9. That’s it.
Everything should now work as expected! Phone, IPTV and Internet.
Your normal internet traffic won't pass the Zyxel modem and will only be routed via your USG. Zero compromise on your throughput because of the ISP’s router!
If you are stuck, don't bother posting a comment. I’ll see if I am able to help you.
Good luck!
