Unifi Network Complete Setup 2024
Рет қаралды 138,902
Күн бұрын
@j.e9971 5 ай бұрын
CODY I NEEDED THIS! I legit just got a new Ubiqiti setup a few months ago and added new switches, AP’s, a NVR etc. I reset my entire network a few days ago and I’m starting from scratch. Your timing is impeccable!
@deinos2114 5 ай бұрын
Literally set mine up a few weeks ago and wished he had a newer guide out... 🤣
@kuftamarc 5 ай бұрын
Thank you so much for making these complete setup videos! This technically counts as a community service.
@michaelkern8856 2 ай бұрын
Can't thank you enough for making this video. I am retired it (71 now) and I never thought I would still be doing this. Donating my time as an IT volunteer for non-profits "fixing" stuff.
@MactelecomNetworks 2 ай бұрын
Thanks for watching! That’s great you’re volunteering your time. Hope these videos have been of help :)
@kuftamarc 4 ай бұрын
Cody, one note for the next update to this series- You actually can have a LAN-In firewall rule that blocks all IP addresses from one of your subnets to the gateway address. This won't block internet access, as that traffic's destination IP address isn't a match. It's accomplishes same as the rules you used, but is a little more secure and clean as you do it with fewer rules, and don't end up only blocking specific ports (21,80,443). As other vulnerabilities crop up that affect other ports, you end up better protected. Only gotcha is make sure you test how this affects cams, I don't have a camera network to test with, but this worked great for securing Unifi from my IOT and Guest networks.
@ayden8901 3 ай бұрын
Can you further explain this?
@kuftamarc 3 ай бұрын
@@ayden8901 Sure, but it's a bit complicated, so I'll try my best. If you skip to around 24:07, this is where this all starts to become relevant. Cody wants to prevent devices on various subnets from talking to his Dream Machine (this is best practice, and you should absolutely want this). The way he does this is he makes a firewall rule that blocks devices on each subnet from talking to the gateway address of the Dream Machine on other subnets (example: devices on the IOT network shouldn't talk to the gateway address of *other* networks). Cody demonstrates this from the Secure network, but doesn't block devices on the Secure network from talking to the gateway of the Secure network. Cody explains at 25:38 that if he included 192.168.40.1 in his list, devices on the Secure network would no longer have internet access. This is actually not correct. When the firewall sees a packet coming from a device on the Secure network for the internet, it sees a destination address on the public internet (not the gateway address of the UDM), and would allow it through, even if the firewall rule said to block devices on the secure network from talking to 192.168.40.1. Cody then demonstrates creating a rule that blocks devices on a subnet from talking to the management ports of the gateway address for that subnet, but it still allows those devices to attempt to send other kind of traffic to the UDM Pro (all other ports). The cleaner way that I suggest is stick with Cody at the start: -Create your Allow Established/Related Traffic rule -Create your Allow Default to all VLANs rule -Create the Block Inter-VLAN Routing rule BUT THEN: -Create a rule to block your Guest and IOT networks from talking to every gateway address -Ensure that the network you use when you manage your UDM doesn't block the gateway address on that same subnet I don't have cameras, or a camera subnet, so I'm done here. But if you do, Cody's right that you need to let the cameras talk to their gateway address, and that whatever device you use to view the cameras needs to be allowed to talk to the gateway address for the cameras AND the network that the cameras are on. An odd fluke of Unifi, is the gateway addresses are not treated as the rest of that subnet. If I've lost you at any point here, do exactly what Cody suggested. His guide is still great. But if this all makes sense, you'll probably prefer not allowing random IOT devices to hit almost every port on the UDM, as they have no legitimate reason to be allowed to do this.
@Noob-5 3 ай бұрын
@@kuftamarc Your client devices don't actually need to talk to the default vlan. The management IP for switches, APs, etc isn't needed for clients to function. Clients only need to reach DHCP and DNS on gateway IP if the console runs those servers (or other specific IP if running a local DHCP/DNS server elsewhere) and the internet. So my LAN LOCAL rules are to allow est/related, allow DHCP and DNS any/any, allow my Trusted devices IP groups (my user vlan and server vlan subnets for 2 locations, camera subnet and VPN subnet) to Trusted devices (lazy way to allow anything trusted full access to any of those subnets gateways for management), then deny RFC 1918 to RFC 1918. If you want to be a tad more secure you can remove cameras from the Trusted devices IP group, move to a Camera IP group, then on LOCAL LAN allow source camera to destination their gateway with only the ports needed for their functionality. Oh, and because it's not needed I did block my cameras from the internet.
@kuftamarc 3 ай бұрын
@@Noob-5 Good call on the DNS. I’m not running it on my gateway, so not an issue for me but may be for others. I don’t think you need to allow DHCP any/any, as the destination IP address that your gateway gets is the broadcast IP (255.255.255.255), not the DHCP server’s unicast address, so the gateway wouldn’t block it. You could test to be sure. I block all traffic from most my subnets to their gateway on my IOT and Guest networks and never had an issue picking up an IP.
@jackcarr2763 3 ай бұрын
I have apple homeket devices on the IOT network and now I can't see them from IOS Home app, can I make an exception for devices that need to get to homekit. i realize I could get on the IOT wifi, it would be easier if IOT network can get information to and from homekit hub. I am not sure I am saying this correctly thank you
@Croc_Mais_Racing 5 ай бұрын
Thank you Cody for the 2024 yearly complete setup. Unifi changes their UI so much every year that it really does help each and everyone of us to start from scratch without forgetting anything. I really was looking forward to this video as I am after moving house and had to reset all my network devices. Your videos helped me set my network before and I'm very thankful! Keep doing what you do best, a great job!
@BazejTuszynski Ай бұрын
Great video as always! For those experiencing issues with ICMP/Ping tests and still getting timeouts after setting up the rules to allow network communication, the likely cause is that Windows Firewall blocks ICMP by default. To resolve this, you'll need to create a custom inbound rule in Windows Firewall that specifically enables ICMP over TCP/IPv4. This should allow the devices to communicate successfully.
@noloboy 5 ай бұрын
What perfect timing! I was just watching your 2023 video as I'm going to re-do and start from scratch my UDM-Pro this afternoon. I guess I'll delay a bit after I digest this video. Thank you!
@michaelsims7728 5 ай бұрын
Amazing how many creators just happen to put out a Unifi Network Complete guide at the same time... ;) . Love your videos!
@ThinkGreek88 5 ай бұрын
Who else?
@marc3793 5 ай бұрын
@ThinkGreek88 SpaceRex on the same day. How funny! This one has more details on firewall etc which is nice. The other is more beginner I would say.
@ThinkGreek88 5 ай бұрын
@marc3793 I'm new in the whole network thing.. Trying to set up my new house. Thanks for the hint I will check the vid out too..
@SnowBob302 4 ай бұрын
This is the best video but one issue I had with this setup is that HomeKit devices on the IoT network stop working when the blocking firewall rules are put into effect. I tried searching the UI community and Reddit but looks like there’s not a clear guide on how to keep HomeKit devices segregated on an IoT VLAN while allowing HomeKit to work properly. I tried putting HomePods on the IoT but iPhones on the Secure VLAN can’t reach them. Same for the other configuration. mDNS settings didn’t clear this up for me. I would love if you could take this one as a separate video: “HomeKit Setup with UniFi.”
@stepmback 4 ай бұрын
If I followed this design what network would I use for my main workstation and my server? Secure? Also... when you say IOT what kind of devices are you talking about? What about a Nest thermostat or Nvidia Shield or Apple TV? Last question, what about iPhones, should they be on IOT as well?
@rodolforts 4 ай бұрын
Cody great video! Tks for sharing. Can you help me with one doubt? In the RFC1918 rule, if I have changed the IP address ranges in my network should I adapt the RFC1918 rule as well? Eg: 192.168.1.1 to 1.1.16.1... would affect the three IP ranges in the RFC1918 rule?
@johnvanwinkle4351 2 ай бұрын
Thank you for this information! I just bought a new UDM, POE 24 port switch, NVR and 6 cameras for my new home and I am slowly installing it now. Very timely information!
@peerview 5 ай бұрын
Thanks for this videos, recently switch to Unifi and loved the guides to know the best practices and new options. Keep it up
@ivankolev459 Ай бұрын
Thanks mate! Finally I have clarified to myself how are vlans functioning! Huge thanks!!!
@kelemvor3333 5 ай бұрын
Well that was fast! Watching it now as I just got my WAP yesterday so I can finally use my UDM SE.
@ttam1534 5 ай бұрын
Great video, don’t know if I missed it or misunderstood, but with the separate VLANS for IOT and secure, how do I control my IOT devices with my iPhone that would be connected to the secure network?
@NiftuCalTheGOD 3 ай бұрын
This is an unbelievable guide for any Ubiquiti user and configurator! Tyvm, you're awesome!
@SpiderSato 5 ай бұрын
Good timing My Cloud Gateway Ultra will arrive today. Just launched yesterday here in japan. Keep up the good work
@gjhunter9326 5 ай бұрын
Just replaced my pfSense router with UDMP SE, this video was fantastic! Thank you Cody!
@barat7867 5 ай бұрын
Would be nice to see, which things from this video couldn't be achieved by just using Layer 3. There's almost no resources about Ubiquiti L3 after recent updates. It would be nice to maintain inter-VLAN traffic with ACLs when UDM is down.
@Jupiter0ne 5 ай бұрын
Thank you Cody for making and remaking this video every year. Unifi changes their UI so much that it really is needed so we can go back and refer to something when needed. Your videos helped me set my network a year ago and I'm very thankful!
@AlexPettitt 4 ай бұрын
Great video. Can you expand on what you said at 24:55 around not wanting to block a camera VLANs gateways due to it slowing things down. What then would be the process for setting up a camera VLAN? Would you still create "Black Cameras To Gateways" and "Block Cameras to UDM Interface" rules for the camera VLAN?
@rq-nt7zi 5 ай бұрын
Thank you so much! I was playing with these firewall settings last week and missed the top down rule set. Thanks for making another great video!
@prfrag 4 ай бұрын
Excellent!! What you do with the printers?? IOT? Secured? or dedicated vlan?
@antaloga 4 ай бұрын
Separate VLAN is good if you need users on more than one VLAN to have access to the same printer(s).
@eleelife 3 күн бұрын
Thx for the video. I am a newbie to networking and learning a lot from you. I'm about to order a complete setup from them. I have bell's 3gb service, will the udm pro be a good match to take advantage of the service or should I get something else?
@__AT__0 19 күн бұрын
Thank you so much for sharing this video! In addition to using these configurations, how would one set up Pi-hole with Unbound on a Synology NAS and use that as the DNS server on a UDM Pro/Pro Max?
@tonyvowels5165 5 ай бұрын
Thanks Cody good video. I am trying to find some more information on why you would allow Default to talk to all LANs and Devices. Are there specific reasons or white papers you can help point me at to address why this is needed. I have been running without this for some time and just want to expand my knowledge incase I have been doing something incorrect.
@kettnsaeg 5 ай бұрын
I'm pretty new to this topic and I was just asking myself the same question - would be glad if someone could clarify this!
@ryanbuster4626 4 күн бұрын
No reason I can think of unless you have appliances on separate networks. If you keep default as "management" with all appliances and management interfaces on this network it shouldn't need to talk to anything. Keeping this network isolated is proper security.
@andrescalapt_ 5 ай бұрын
Let’s goooo! Was waiting for this one! ❤
@DeciduousNature 5 ай бұрын
What about when using a UNVR for the cameras? You only need to install Protect on the UNVR and then Adopt them via the UNVR in that case, right? I'd read elsewhere to: use both ports on the back of the UNVR. Connect the SFP port on the UNVR to the SFP port on the switch and put the SFP port (on the switch) in the 'Cameras' VLAN. Then connect the RJ-45 port on the back of the UNVR to the switch also and put the RJ-45 port connected to the RJ-45 on the UNVR on your Default network LAN (and that this will improve throughput and reduce buffering). Do you agree with this setup?
@MickParker-d9l 2 ай бұрын
Loved this one but hanging out for the Camera Vlan set up. Any time frame?
@IbizaStyler 5 ай бұрын
Thanks a lot, Cody, for this video! I guess all of us really appreciate your work!! ...but, may I ask you a question please? The identity VPN feature... I would like to do the same as you in your video to allow the vpn users only access to my nas (it has the function as an exchange drive for teachers). So if I do exactly the same as you in your video, is it the same as split tunneling? So the users have access over vpn to my nas from their homes/their common school, but all their home/school traffic (normal browsing, streaming, etc.) doesn't run over our private internet connection... Am I wrong or does all their traffic run over my private internet connection? And if thats the case, how can I only allow split tunneling? I hope you can help or want to help me!! I've tried it with wireguard, but it doesn't work as expected (I'm sure it is a layer 8 problem ;) ) and also with openvpn. It was working, but the connection speed could be much better. Thanks a lot in advance, Cody!!
@Bloodycub666 5 ай бұрын
Thank you for this video will do this weekend and add this as favorite! Keep on going hope reach 100k SOON!
@antoniorodrigues8495 5 ай бұрын
Amazing tutorial. Good Job! but I am still with old square USG due to less budget that satisfies home security needs. Anyway i got the knowledge. Thanks Cody...
@MoneyMarcMes 3 ай бұрын
What online courses can you take for unifi to get a deeper understanding of firewall rules etc. Does Ubiquiti offer online courses?
@bryancamphens 4 ай бұрын
Hi, what is your advice…the Cloud Gateway Ultra of Max? I have a 1Gb Ethernet connection and I only use the network option in Unifi because my cameras are from Eufy.
@genxguy 5 ай бұрын
Probably the best Unifi instructional videos out there. I know most of this of it but great to fill in a few gaps and refresh the brain cell! VPN wifiman for desktop! Didn't even know that existed 🤦🏻♂️🤣
@dws1337 4 ай бұрын
Hi, you say, that you block secure from accessing IoT. Usealy Smartphones and Laptops are in the secure network. What if you want to use a IoT Device App at the secure devices? Do you change the Wifi Network to do this?
@NathanSweet 4 ай бұрын
WDYT about using the Default network solely for adoption, then having a separate Management VLAN where the Unifi devices live? Would be cool to see a video about setting that up. I set it up but I'm not sure what optimizations are appropriate. Eg, should I check Isolate Network for Default? I did (stupidly) find that if you remove DHCP from Default then you have to boot into recovery mode and reset to factory default settings. Getting into recovery mode was a huge pain, as the UDM-SE just booted as normal despite holding down Reset. It took ~30 tries! EDIT: You started talking about blocking IoT from accessing gateways, then you blocked Secure from accessing gateways? Maybe I'm confused by the naming, eg you have a network named Secure and then create a rule "Secure IoT". I don't like naming the profiles what they are for, instead I name them what they are, eg "IoT gateway". Also I like Trusted for the network name. It would be good to mention that after setting the router to a L3 switch, firewall rules will not be applied anymore. Separating IoT from Secure is good, but you don't want hacking your fridge to compromise other IoT devices (like a door lock!). How to block IoT to IoT by default, but allow it on a case-by-case basis? Traffic on the same VLAN won't use firewall rules, so maybe this is not possible. I find it cleanest (especially when doing this for multiple networks) to block IoT to all gateways' HTTP, HTTPS, and SSH. I don't see a point in blocking non-IoT gateways. It's the same device as IoT's gateway. The important part is that nothing can be done with any gateway.
@macm3086 2 ай бұрын
Thank you for sharing your expertise with us in this video. In our company, we have a small office and in different locations. Is it possible to control them all from one location? Sorry for asking, but I am new to the Unifi WiFi network and am trying to figure it out.
@mkbean 5 ай бұрын
Have you considering doing a video showing a potential migration from the UDR to a UDM (pick your flavor)? I know besides myself that others would be interesting in it.
@navonenicola 4 ай бұрын
Hey Codi, very nice 2024 tutorial from "zero to hero"! 1 question, does the speed limit rule apply to the entire network or to one single client of that network ? If i got this correctly, setting X/X (mbps) means all guest clients have to share a X/X internet bandwidth...am I right ?
@BattleBear96 5 ай бұрын
One question about IDS/IPS: is this also limiting the speed for LAN-internal traffic (PC to NAS for example) to the limit of the router used (3.5 Gbps for UDM SE for example)? Is all this traffic then routed "over" the UDM for IDS/IDS inspection? Or is this feature for external WAN connections only? Greetings from germany :)
@antaloga 4 ай бұрын
It only affects wan traffic.
@parthshah3800 Ай бұрын
@17:35, why do you add your main IP and the other 2 IP address to set up RFC1918? - (172.16.0.0 and 10.0.0)? any why those specific numbers and why that subnet?
@dukeseb 5 ай бұрын
Thanks for all the hardwork on this Cody
@andyjayh 4 ай бұрын
Great video, well structured and explained. I was finally able to apply f/w rules between my vlans and confidently fault find to fine tune. Thank you.
@TechGuyWiz 5 ай бұрын
Just setting up a new Company with two sites thank you so much@
@skrivyd 5 ай бұрын
Thank you for this! How do the Traffic & Firewall rules you created differ from the rules created with you check the "Isolate Network" box on the network config?
@ericilkwatson5557 5 ай бұрын
Thank you for this video. What is your reason for having a different WiFi subnet? I get why you want to have separate subnets for your IoT, Guest, and Camera devices, but why split your main subnet into two parts?
@zweefvlieger 5 ай бұрын
Very nice video as always! I did my setup not to long ago. But I am struggling with airplay/cast function to my LG smart TV. I like it to be on a other vlan then default with airplay and casting working. Any ideas?
@TomasVillegas 5 ай бұрын
Appreciate the work you put into this and thank you for sharing 🤝
@MrEricH5470 2 ай бұрын
Cody, is there a way to copy certain configurations from one UDM backup, and import them into another UDM? For example Copy all the VLANS, Firewall Rules and VPN's from one UDM, and import only those selections into another UDM Pro?
@jyss60 5 ай бұрын
Really appreciate your dedication to do this each year, straightforward and clear explanation
@Vin68142 4 ай бұрын
Great video, I am still a bit confused with my upcoming setup. It's a small office 1000sqft split in 3 areas but open space. I was putting together my setup and ended up over $1000 which I think is a bit overboard, I just want (3) indoor cameras, poe. I have fios gbit coming and running my lines next week, so I was curious if you can provide any suggestions. No doorbels neded just 3 cameras (was thinking 2k torrents) and thats about it, would like 24hr recording and only need 7-10 days storage, specifically the mvr option as im abit confused there, would the $99 option work in my scenario? I appreciate the help!
@YYSilby 5 ай бұрын
These videos are always super helpful! Thank you!
@random-ig6tp 4 ай бұрын
Hi Mac, If you're routing traffic from one UMD to another. Are there any useful firewall rules to harden the setup?
@JerryPena 5 ай бұрын
Hope you can do a video on the Tesla Wall Connector for some reason,. We Tesla owners can't connect the wall connector to Unifi Wifi. Tesla custumer support are not that informed in networking so we have to rely on our knowhow to find the sultion. Been following you for a while, so maybe you can get down to the cause and see if we can set something up on our settings, other than their recommendation of just having the 2.4Ghz radio on and only using WPA2. Thanks
@jrogerss8616 5 ай бұрын
Have they fixed the issue with the UDM Pro that causes it to brick after power loss until you remove it from power for 24 hours? As of a couple of months ago they hadn't. I had to switch to a UXG-Max and a UCK2.
@JeffreyFrye 4 ай бұрын
Is there a difference between the 'Simple' Block Networks that you did between Secure and IoT versus the Blocking Inter-VLAN routing?
@dukeseb 3 ай бұрын
thanks again cody, i needed to use this again after nerfing my UDMP
@marvinfrancisco4812 5 ай бұрын
Just the right time before my UDM Pro arrive.
@MactelecomNetworks 5 ай бұрын
Have fun building it out :)
@nduri2 4 ай бұрын
Excellent video. Considering upgrading to Unify from a mix of various, random gear...wanted something more Unified, pardon the pun...BTW I found your channel at the right time, great information.
@SB-hu5uy Ай бұрын
That is a good video. But we are having problem with ID or wireguard VPN (we didn't test openvpn). Everything is set to default (ips, firewall, ...). 1. we created wireguard server 2. add some users 3. install wireguard client 4. user vas able to connect to vpn, user was able to ping VPN gw, user was able to ping UDMPM network, user was able to use internet. 5. but user was unable to ping his own local network when connected to VPN. 6. after restart UDMPM, user was able to connect to vpn, ping vpn gw, able to ping UDMPM network. 7. but user was unable to ping his own local network and internet was not working. This is really strange as this happened now on 3 different devices without firewall rules changes. I am missing something or this is some kind of bug. We tried with different router (different brand) and everything is working as it should.
@notsrynot 4 ай бұрын
Yoooo I’m so excited to watch through this, I haven’t touched my UDMSE config in over a year and I know with an update some of my firewall rules went wonky so this will help a lot
@jannowak163 7 күн бұрын
Is unify as default blocking AirPlay (or communication between devices in the same WiFi)?
@4tv914 5 ай бұрын
I've just updated my setup with your video last year, but still thank you lol
@JagadishM 4 ай бұрын
Thanks for wonderful setup complete video from Unifi, If possible can you make it same kind of setup from TP-Link it would be great helpful 😊
@brentfausett8989 3 ай бұрын
Any reason to configure switch ports to direct devices to virtual networks vs virtual network override in the device settings?
@a.daubercy9784 4 ай бұрын
I legit just got a new Ubiqiti install and added new switches, APs, an NVR, etc. I and I'm starting from scratch. But I have a few questions, in my network there is also a Synology NAS with an Ubuntu Virtual Machine running an ODOO Application. Ask : - In which Vlan is this best placed (Management!)? - This Application must be available via the internet (cloud), certain adjustments are required in the settings (VLAN, Profile, Firewall), only Staff & IoT Users should be able to do this.
@orlovskyconsulting 2 ай бұрын
Great tutorial, from the preview this routing hardware looks like kind of as Cisco major competitor, sure you can configure yourself into failure, thats always challenges , but i like that this hardware is affordable it have the 2 10GB ports which can be used for wan and for lan.
@hyperprotagonist 5 ай бұрын
As I’ve always said, I love your content! Keep up the great work!
@GpconnectInfohotspot 5 ай бұрын
hello, where do you get the icons to use with draw io ? thanks
@MarioSesana 13 күн бұрын
So is this a complete guide I can follow to the letter? And does this work if my ISP Modem isn't on Bypass mode?
@MikeS29 3 ай бұрын
I learn a bunch every video you make!
@ebay11123 Ай бұрын
Do you know how to isolate ipcameras on a vlan with the UDM pro running protect on it. If the cameras are on another vlan the protect app can't see them so I'm looking for a way around that to isolate the cameras from the default network. Unifi support was not helpful. As of now the only way I know how to do it is to buy a separate UNVR pro and put that on its own VLAN with the cameras.
@Ex_impius 4 ай бұрын
I confuse myself a lot making rules. Whats the best way to write a rule if I have say 5 Roku tvs in IoT? Need the Main secure network to talk to the Rokus but not talk back to secure. Like I said, I confuse myself a lot and what seems logical when making rules doesn’t work sometimes.
@larslaguna 5 ай бұрын
How happy I was you have done a fantastic and easy to understand installation, very many and good tips for my part. Keep up your movies I love them +++++
@douglasthom3335 5 ай бұрын
Great video, but a little fast. How about a video discussing Guest Networks printing to a different VLAN using AirPrint.
@mindcreativestudios4709 5 ай бұрын
Can you do a video on setting up a mail server/ access on the udm?
@selectthedead 5 ай бұрын
Thank you for another build video!
@carlosbril9412 5 ай бұрын
Cody, do you know if you will be able to disable shadow mode in the case that you need to run two different networks connected from your UDM PRO LAN port to a second UDM PRO Wan port?
@jalati 3 ай бұрын
any chance you can cover off ipv6 and rules between networks?
@thesagarmatha 4 ай бұрын
Thanks for the 2024 setup guide.
@victory70gr 5 ай бұрын
Thank you so much for this. Very easy to understand and as a new comer to Ubiquity ecosystem, soon I'll install my home network follow all your steps. Have some questions and wonder what is the best way to contact you for a resolution
@jaredgrieve5749 4 ай бұрын
So if you want to use PPSK and you want guests to be able to present on say apple tvs and print but dont want guests to see each other or staff, but want staff to be able to see each other for airdrop, I assume your only option would be to create a PPSK SSID for your secure network and your iot network and create a separate SSID for guests on the guest network since device isolation is enabled by SSID? Or would you make a single PPSK SSID and create firewall rules to allow the specific ports etc used by airdrop within the secure network only?
@JMagG23 5 ай бұрын
Will you be going over any IPV6 configurations in the future with Unfi, love your videos as I have used them for reference to help setup my home network and firewall rules. Thanks!
@MactelecomNetworks 5 ай бұрын
Most likely not as I don’t use it but you never know what the future holds :)
@krisleslie Ай бұрын
Can wait till we have you at 500k subs
@GrahamWerle 4 ай бұрын
have you experienced an issue with NVRs dropping connectivity when blocking inter vlan routing?
@BrazenNL 5 ай бұрын
I'd love a video on how to gently progress from a 1GB network to 2.5 or even 10GB network.
@arthurbernardes1 5 ай бұрын
Hey Cody, thanks for you great video.
@pe1pqx321 5 ай бұрын
Thanks Cody, have to have a look later!
@laurenceminuto8769 4 ай бұрын
Ok I followed this better then I did in 2021. But I have a question on one of the firewall rules. The block inter-vlan rule I think is causing all my home automation issues that I randomly have. All my IoT devices are on the same vlan but all my Apple devices are giving me issues especially with AirPlay or AirPrint. Is this a bonjour thing or a rule issue? Or something else. If I remove the rule it works but I kinda don’t want to do that. I was thinking of putting all my Apple devices into their own group with static IPs and allow them but that seems like it may be too much or unnecessary?
@carstenskjoed9026 Ай бұрын
Great video, so helpful…💪 thanks! 🙏
@waltpage 5 ай бұрын
Love the IoT network name of Deloris - I hope West World can make a movie or one more season to wrap everything up
@briankennedy6889 16 күн бұрын
Reference time = 24:36 in video. If there already exists a rule to block inter vlan routing via RFC1918, why can a machine on the 192.169.40.X Network (Secure Network) Hit the 192.168.20.1 gateway on the .20 network (Guest network). The RFC1918 block inter vlan routing blocks all inter vlan traffic. However, it seem to appears that a client on a given network (i.e. the .40 , secure network) such can hit another networks .1 gateway still (i.e. the .20.1, guest network gateway). I am sure there is a good reason, but I don't fully understand. Any insights?
@ryanbuster4626 16 күн бұрын
Thought the same thing
@SnailDOS 5 ай бұрын
Great video Cody!
@jeremyminshall2779 4 ай бұрын
What I would like to understand is an efficient way to manage multiple sites with multiple admins. We are an ISP we'd like to create each customer their own site but have several of our admins to be able to administer the sites. I have not found a way to efficiently do this. If you use the site manager every time you create a site you have to add each admin to the new network. If you use Identity Enterprise there are certain devices that can't be used. If anyone has an idea on scalable multi-tenant management on Unifi I'd like to hear it thank you.
@KrispKiwi Ай бұрын
Isn't default set up to be able to communicate to all networks by default?
@non2614 5 ай бұрын
Note: I'm using a Cisco switch, not a Ubiquiti switch. When I create an SSID and assign it to a VLAN I manually created (VLAN 100 in this case), users cannot connect to the Wi-Fi. Should I choose the default VLAN and then reserve IPs from the VLAN 100 range for the SSID? help please
@derek400004 5 ай бұрын
Unifi requires VLAN 4040 for internal-VLAN communication. Maybe that's your issue?
@ZCTravels1 17 күн бұрын
Question: how come when I setup L3 mitigation, sometimes my network certain devices gets complete slow down to near 0 mbps? I have to physically restart the switch to go back to normal. Also if I go back to normal mitigation L2 it is normal.
@LordSaliss 5 ай бұрын
Hey Cody, I think you made a bit of a mistake around the 27 minute mark. You made a port group called Secure IoT and made that the IP of the Secure network gateway. Then after making some block rules, you talked about how you could block the Secure network from being able to get to the UDMP login page, and you used the Secure IoT port group to do that, but this was all about blocking the Secure network from the login page, and had nothing to do with the IoT network, right? Cause your PC had a .40.x address and this was about blocking just to its own gateway login page.
@c0reying 5 ай бұрын
Yeah - I found this entire section confusing. Even the fact that he started by saying that it's not best practice to allow the IoT network access to the UDM, but then switched to stop the Secure network from accessing the UDM. Why would you block your trusted PCs from being able to get to the UDM? How would you then administer the UDM if you don't have it connected to the Unifi Cloud?
@JeffreyFrye 4 ай бұрын
Yeah, if you check @23:02 in his 2023 Setup Video, he does as intended I believe for Blocking the IoT Network to Gateways and then Blocking the IoT to UDM Interface.
KTZ Systems
Рет қаралды 95 М.