Since this has come up a few times in the comments, if you set your hardware to use a static IP address, you should modify the DHCP range to ensure the DHCP server doesn't attempt to give out those IP addresses. I go over it in this video if you'd like to see it: kzbin.info/www/bejne/aYvbn3aqhphkm9k

Spot on Frank! the allow return traffic checkbox implementation is definitely a greatly welcomed addition!

You're an exceptional orator, sir! Cleared up a lot of confusion concisely and with great examples. Much appreciated!

Quick question on the static IP tip. I always configure static IPs on the HW but when it comes to DNS, if you’re running something like a PiHole or AdGuard Home config locally on LAN, wouldn’t you want to point the UI HW DNS to that IP so that all traffic traverses the internal PiHole / AdGuard server (which also has pointers to upstream DNS) rather than external ? Thanks

Should you also set the main router DNS verification from auto to custom? or should this only be set on the switches and access point?

You don't need a fiber cable if they are super far from each other, just get some 10GB SFP RJ45 adapters. Yes, the RJ45 SFP Adapters run hotter than SFP Fiber or a DAC cable, but it would allow you to reach the 10GB bandwidth.

Excellent video. Thanks for all your great work. Agree with the need for dynamic dns however unifi’s implementation is lacking IMO. There are no logs to tell you what’s going on. I prefer using a docker container.

The uplinks on all your switches should be the default admin VLAN and then just change ports to specific ones or like you said, us profiles? Sorry for the newb question. Great videos!

Great video! Thank you!

Great information, thanks for this video!

LAG (Link Aggregation): I haven't yet found where Ubiquiti states what they use for assigning traffic to a particular link. Is it Round Robin, Destination IP, a combination of Source & Destination IP, etc. There are multiple options available. With any of them, except for Round Robin, the problem becomes that the traffic may all be assigned to 1 of the LAG links. This would mean that you're not getting any benefit from the LAG. For example, if only Destination MAC is used to determine which link to place the traffic on, then all traffic going to the Default Gateway would use the same link. (I doubt that Unifi is using only the Destination MAC. This is just being used as an example of how a problem could occur.) It's just that it would be nice to know what Unifi is using to assign traffic to the LAG links. Also, Unifi needs a 3rd DDNS option. They currently allow you to place a DDNS entry of each WAN connection. However, if you have more than one WAN connection and you're trying to VPN back into your network, you will use one of the DDNS entries. Well, what if that WAN link is down? You'd have to change your destination in the VPN to the other DDNS entry. Unifi should have a 3rd DDNS entry. In that 3rd entry, you would tell it which WAN link to consider as Primary. As long as that link is up, then that 3rd DDNS would use the Primary's IP address for DDNS. However, if the Primary link goes down, the 3rd DDNS should update the DDNS entry to show the Secondary WAN's IP Address. When the Primary WAN link returns, this 3rd DDNS would then update the DDNS entry again to point to the Primary WAN's IP Address.

I did it of block traffic from my trusted to my cameras. Was awesome!

Suggestion, you should not configure DNS that way. Simply go under security and enable HTTPS DNS, that will overwrite whatever the gateway got from for the WANs, and also encrypted

Great one! Just save the video! Thank you so much!

8:12 Theres an auto allow return traffic rule you can select on allow rules that does this for you!

So useful thank you

Thank you.

Having issues with pinging devices in my IoT (UnTrusted) zone from my default (Trusted) zone. Any ideas on how to set up the polices with the new zone based setup?

I'd like to request video about USW-EnterpriseXG-24. Thank you.

I'm looking to buy a U7 Pro, but I've read in the unifi community that many users have and continue to have problems with it. Have you had any problems with the U7 lineup? Could you share your experience?

i've learned very nice tips in this video, appreciate it , keep up w the good work !

Correction, when you tag Vlan, you are blocking the traffic in layer 2, aka same broadcast domain.

Correction again, when you select Lan In, you are only blocking a device from the source VLAN to the destination. Because that's LAN in from the perspective of the router. So even when you have that rule, the destination VLAN device can still reach to the source VLAN. Because it will be a LAN out traffic.

The title doesn't really fit the content. The first topic really feels like it is aimed at.intermediate users who have bought a the whole unifia stack

Doesn't this guy have the manliest man voice ever. God damn he should be in hollywood.

Clickbait