Network
Executive Summary
The HHT network is a UniFi-managed ecosystem designed for high-availability theater operations. It utilizes a Double NAT architecture to maintain an “easy-recovery” path: the ISP router remains in ‘Router Mode’ to allow basic internet access via local ports if the UniFi stack fails.
1. Physical Infrastructure
Internet Service Provider (ISP)
- Provider: BT Business Broadband
- Modem/Gateway: TP-Link VR400
- Mode: Router Mode (Handing off
192.168.1.xto the UniFi WAN) - DMZ: Configured to point to UniFi Gateway WAN IP to mitigate Double NAT issues.
Core Hardware
| Device | Model | Physical Location | Notes |
|---|---|---|---|
| Gateway | UCG-Ultra | Comms Rack | Replaced USG-3P (Jan 2026) |
| Core Switch | USW-Pro-48-PoE | Comms Rack | 600W PoE Budget |
| Controller | Intel NUC (Docker) | Comms Rack | 172.16.0.94 |
Wireless Access Points (WAPs)
| Location | Model | Role |
|---|---|---|
| Foyer (Bar) | UAP-AC-Pro | High-density public/staff access |
| Foyer (Box Office) | UAP-AC-Pro | High-density public/staff access |
| Backstage | UAP-AC-LR | Long-range coverage for tech crew |
| Balcony | UAP-AC-LR | Coverage for auditorium/balcony |
| Garrick | UAP-AC-LR | Room-specific coverage |
| Yardley | UAP-AC-LR | Room-specific coverage |
2. Logical Network (VLANs & SSIDs)
| VLAN | Name | Subnet | SSID | Usage |
|---|---|---|---|---|
| 1 | Management | 172.16.0.0/24 | Hidden | UniFi Hardware & NUC |
| 10 | Public | 172.16.10.0/24 | teddingtontheatreclub | Guest/Audience WiFi |
| 20 | Admin | 172.16.20.0/24 | ttcadmin | Staff PCs, Office Printer |
| 30 | General | 172.16.30.0/24 | TBD | General purpose / Staff BYOD |
| 40 | Security | 172.16.40.x | N/A (Wired) | DualCom Alarm System |
| 50 | Pixalite | 172.16.50.x | N/A (Wired) | Lighting & AV Control |
3. Remote Access Strategy
Remote management is handled primarily through the UniFi Cloud Portal.
- Primary VPN: UniFi Teleport (via WiFiman App).
- Direct Access: Teleport bypasses the TP-Link firewall via the DMZ.
- Backup Access: NUC is accessible via ZeroTier (Management VLAN).
4. Maintenance Notes
- Switch Ports: 1-40 (PoE+), 41-48 (PoE++). PoE is disabled on ports 1-40 unless an AP is connected to reduce heat.
- Backups: “Settings Only”
.unffiles are generated before any configuration changes and stored on the NUC and off-site. - Recovery: In the event of a UniFi failure, plug a laptop directly into the TP-Link VR400 (
192.168.1.1) to regain basic internet access.
5. Port Map Reference
See separate Port Map Document for individual 48-port switch assignments.