Tong Family

OK, this post is long involved and very specific, but a few things, with Comcast really dropping the year long contract price of the 1.2Gbps to $90/month plus $30/month for unlimited data, that’s quite an incredible deal, when you realize this is just $5 more than the 900Mbps and $10 more than 600Mbps. So in that way a great deal if you can use the bandwidth.

However, getting it all to work is pretty complicated because 1.2Gbps is actually faster than the usual gigabit Ethernet (1Gbe). So what’s the hardware that you need to do this?

Arris Surfboard SB8200 and Link Aggregation Groups

At first I thought I was going to have to pay another $200 to get the Arris SB8211 which has a dedicated 2.5Gbe port. However, it turns out that a the SB8200 is pretty capable and I bought it last year for $140 at Amazon when Xfinity was bundling their unlimited data with their 600Mbps plans. Really sad that they stopped this. . It supports DOCSIS 3.0 with 32×8 channel bonding (which is what is here in our Seattle neighborhood). The confusing thing is that the Amazon page for instance says it is only good for up to 1Gbps, this is actually incorrect, a 32 channel SCQAM DOCSIS 3.0 at 44Mbps down and 8 SCQAM upstream ports (which can be as fast as 27Mbps upstream) is actually 1.4Gbps down.

However, when you move to really high speeds, you actually move to DOCSIS 3.1 and the SB8200 lights will actually change so the downstream light is green in DOCSIS 3.0 and blue in DOCSIS 3.1. For the system here in Seattle, I see that the downstream or receive is blue, but the upstream is still DOCSIS 3.0 or green. That is why the service is technically 1.2Gbps down/35 Mbps upstream.

So the trick here is that you have to reconfigure your modem so that it does what is called link aggregation groups or LAG. This is a bonding trick, where you take two 1Gbe ports and make them a virtual 2Gbe port. Here is how you have to do it on a SB8200:

1. Connect your computer directly to one of the two ports of your modem. Note that with this device both are actually active, so you can leave your network connected and then just plug your PC into the other.
2. Now set that connection to Manual IP and set it for say 192.168.100.10. This is because the modem has a web interface at http://192.168.100.1 and you have to send it data there. Now set your browser and you should see the web interface for the modem.
3. Now look at the serial number of your modem, the default user is admin and the default password are the last eight numbers of the serial number. It will then ask you to set a new password and make sure to squirrel that away in 1Password or somewhere safe. Use a random password please!
4. Now in the interface click on Advanced and then Enable LAG and hit Apply/Save

This now sets your modem into the mode where it will gang together the two ports

Ubiquiti Unifi Dream Machine Pro

Ok, so here is the nice thing, by default the UDM Pro which is $480 at Amazon is the big brother of the Unifi Dream Machine. It is rack mounted, has a slot for a 3.5″ hard drive for UniFi protect, an 8-port switch and a Gbe WAN port and and an SFP+ WAN and a SFP+ port for LAN access. It includes a firewall in it with threat management and deep packet inspection.

So, the nice thing is that with the SFP+ WAN port called Port 9, you can just slide any SFP+ adapter into it and while Ubiquiti makes a 1Gbe/10Gbe module, you can get a third party one like the FlyPRO Fiber that support 2.5Gbe and 5Gbe.

The main trick is a simple one, by default, there is WAN1 port tied to the 1Gbe port and WAN2 is tied to port 9 or the SFP+ port and the UDM Pro uses WAN1 as the primary and WAN2 as the backup. For our system, we want the SFP+ port to be the primary, so you have to reconfigure the switch. Specially, you need to:

1. Insert the FlyPRO Fiber into the SFP+ and then life the buckle up to lock it in.
2. Now swap the WAN ports and force it to 10Gbps. This is a little confusing, but you go to the unifi interface Network > Unifi Devices > UDM Pro > Settings > Ports > WAN Ports > Configure Interfaces. Here is the tricky part, you first have to go to Port 9 and for WAN select Disable, then go to the Port 10 and select WAN 1. Then go back to Port 9 and select WAN 2. So it is a two step process to switch. Choose Apply and reboot the machine. Also for Port 10, set the Speed/Duplex to 10Gbps FDX because the UDM Pro does not autodetect this properly on the SFP+ port. What happens is that this third party SFP+ module emulates a 10Gbps interface to the UDM Pro and is 2.5Gbe or 5Gbe.

Create a Xfinity VLAN on your Ubiquiti

But you are going to need something that feeds into the Unifi Dream Machine since it has a single RJ45 and you have two on the SB8200. The problem is that this router does not support link aggregation on the WAN side. Some folks buy a separate switch that connects from the cable modem to their router, but we had a trick. We had over provisioned the wiring closet with a full Ubiquiti Unifi Pro Switch 48 POE which was over $1K at Amazon, but it was worth it. We did the same thing with the original Netgear 48-port switch and it was really a good long term investment.

This one has full POE+ and POE++ but one feature which I never really used was VLAN. This is a nice way to take a 48 port switch and create a bunch of virtual switches. Specifically, you can take the two ports that are from the SB8200 and route them to an SFP+ with a 10Gbe part and then use that to route to the Unifi:

1. Create a VLAN only Network for the SB8200. So you need to create a virtual network that makes that splits the switch, let’s say we call this new VLAN “Cable” as an example. Goto Unifi console > Network > Unifi Devices > UDM Pro > Settings > Networks > Create New Network and create a VLAN only network that you can set as VLAN 3. Assuming see below (that VLAN 2) is the guest. This is VLAN only because you do not need a DHCP server. That comes from the SB8200 and is a reflection of what the cable provider is giving you. That is, with link aggregation, the port has an IP address which is just the Comcast Xfinity one something like 72.x.x.x
2. Configure two ports to be a Link Aggregation Group. Go to the Unifi console Network > Unifi Devices > USW-Pro-48-PoE > Settings. Then click on the lower number of the two ports you want to aggregate. On this switch, the two ports have to be adjacent to each other and then in the Profiles, select the “Cable” VLAN. Do the same for the SFP+ port that you are going to connect the the UDM Pro Port 10.
3. So the final step is connecting it all together, the two Ethernet cables from the SB8200 go to the VLAN ports that a 1Gbe. Then you connect the SFP+ port in the 48 switch to the port 10 in the UDM Pro and there you have it!

Note on setting up a Guest VLAN

As an aside, if you want a guest network, you know everything about how to create one. Just to to the Unifi Console > Network > UDM Pro > Settings > Networks. Then you need to provide a Gateway IP/Subnet by unchecking autoscale network . This should not be your main network, so for instance if it is 10.0.1.x that is your main, pick something else and it should not be 192.168.100.x. Now select Advanced Configuration Manual, because you do not want this network to be visible to anything else, pick a a small address range like 24 available and then typically the VLAN Id should match the varying portion of the network, so VLAN 1 would be a 10.0.1.x, VLAN2 at 10.0.2.x. I don’t like to use the 192.168 because many devices default to this and if you use them you are masking those factory set devices.