Unifi Complete Network Setup
ฝัง
- เผยแพร่เมื่อ 14 ก.พ. 2021
- Welcome to the 1+ hour walkthrough of setting up a Unifi network start to finish. I hope you have some spare time, because this is going to take a while. If you are already familiar with a lot of this setup, use the timestamps below to browse to specific topics.
In this video, I go over how to setup a complete network using a Unifi Security Gateway, (concepts apply to the Dream Machine as well) Unifi 60W switch, Unifi Flex Mini, and Unifi AP Pro. I'll go over how to get everything setup from scratch as well as how to tune everything for use with a typical home network with VLANs.
We will setup two separate VLANs (IoT and Guest) and create firewall rules to separate them from the rest of the network. We will broadcast one of these using the wireless AP to show how to get multiple SSIDs setup and configure the USG and USW for VLAN tagging.
Intro: 0:09
Overview Diagram & IP/VLAN assignments: 0:35
Initial Security Gateway Setup: 2:53
Unifi Controller Installation: 4:00
Unifi Controller Initial Setup: 8:10
Device States / Provisioning: 11:49
USG Device Menu Walkthrough: 13:11
"Network" Configuration: 14:25
"Network" Configuration (Classic Menu): 17:16
Wireless Network Configuration: 20:45
Port Profile Configuration: 23:27
Security Configuration: 25:25
Add Switch to Network: 28:21
USW Device Menu Walkthrough: 31:15
Apply Port Profile to Switch: 32:47
Create Custom Port Profile: 34:30
Apply Custom Port Profile to Switch: 34:54
Purpose of Profiles: 35:45
Add Access Point to Network: 37:07
Resetting Access Point: 38:00
Adopting Access Point: 39:00
Access Point Device Menu Walkthrough: 40:10
Verifying Wireless Connectivity: 42:57
Add Second Switch to Network: 43:50
Upgrade switch firmware: 44:35
Complete original diagram connections: 45:00
What We've Done so Far (Recap): 48:21
Adding Clients: 48:58
Troubleshooting Client Issue and Browsing Clients/Insights Menu: 51:25
Client Device Testing: 56:08
Firewall Configuration (for VLANs): 58:06
Testing Firewall Rules: 1:07:49
Local Interface Firewall Configuration: 1:09:38
Testing Local Interface Firewall: 1:11:00
Controller Menus Overview (After Network Setup): 1:12:56
Outro: 1:17:54
Awesome content. So much information (that I have been searching for) that I need to kept rewinding to ensure I catch it. Much appreciated. A wealth of information!
Thanks for taking the time to produce this video. Enjoyed it, good stuff.
I appreciate you being so detailed in your explanation and love the step by step instructions. Thanks!!
This was an absolutely fantastic video. Thank you. I have had my Unifi network at home for about 7 years. I muddled my way through setting it up though I am sure that it is not set up in the most efficient manner. This video will help a lot. I am a retired IT guy. My Cisco certification expired in 2009. I have been dormant since about 2015. Lots to try and remember.
The biggest confusion I had was the firewall. Wan/Lan/ Local In/Out . Your explanation of this was great. In the next week or so, I am replacing one of my access points. A UAP-LR with a UAP-LR-AC (green to blue). Personal preference, but I am going to try and alter my existing AP UAP-LR-AC and set up the new one with separate 2 & 5 Ghz SSIDs. This video will help a lot. Thanks again.
Outstanding video. This really helped me demystify the firewall rules I needed for my Unifi Network. Thanx for your clear and concise help here.
This is a amazing, not even just for Unifi, but just good home networking overall.
Toasty, you have out done yourself. Thank you for a great and detailed video.
I use to have mobile access, but once I place the secondary authentication I can enter that authentication in my mobile log in and thus I have no access to my network via mobile phone. What can I do?
Very well explained! I especially appreciate you explaining the whole setup with all steps from nothing to fully functional! And your hand drawn illustrations, of course (:
Excellent video! Was unsure whether to go Ubiquity or a mesh system. You made this system much easier to understand for a network noob.
thanks toasty! I was searching like this for so long. You rock!
Great thorough explanation! Thank you
Thank you so much, especially the firewall rules.
THIS IS LEGENDARY
This video was a life saver! Thank you, much appreciated 👍🏿
Nice job, well explained , thanks for your efforts.
Thank you for this video, very enlightening.
Excellent video, thx so much. More like this.
thank you. this tutorial is very clear.
Thank you so much for starting from beginning, it's wonderful to actually see a real life start to end video of a actual real setup...and you started with a flow diagram too (+10 points sir)
U
U
Came here to check my firewall setup. Such a great explaination. Good job.
Just installed a USG, waiting for a used 24-port switch to arrive, and about to buy a couple of AC Lite APs. This video will be perfect. 👌 Thanks!
Your video is very helpful, thanks
Really nice video!
Thank you so much you save my life!!!🤗🤗
Great video!
Top video thanks Mr toasty
Nice mate, thanks :)
Your video is amazingly very good
It seems that I always view things a year later... I am looking to accept a job which deals with Unify mostly, so I need to familiarize myself with it. I found this video (list) I Downloaded the software, (Kudos to Ubiquity for providing it free). I went through as much as possible without any devices at all. (so not much). But I am now familiar with its interface and operations. The firewall section is actually configured, it allows for that (device-less) This is a Great video! I give it a 9. Why? well, the few mistakes. LOL. I actually fixed the IP subnet for the .20.0 network before you noticed (following along) and I made my Firewall rules in LAN In (not WAN IN) then when You noticed, I looked too, and I did it correctly. So that means that I have learned well from your video. Thank YOU very much! Now I can say that I know a little or enough to get by for now.
I actually sat and watched this entire video and enjoyed the entire process. Unfortunately for me still have to wait for a Dream Machine Pro to get the line speeds that I want, but otherwise I now understand how the whole process works. You can almost set up everything before you even have any devices and then adopt and provision them when they arrive. Nice :)
Good job, thanks
10 out 10 Bro Thanks
Well explained
BTW your vids are awesome, thnx
Great video! I took notes. My next few purchases are all your fault.
I have learnt alot out of this video. Kindly allow me to contact you privately concerning unifi network and their devices. Kudos Man!!!!
Crushed the like button!!
Whew, you talk faster than I can hear :). Thank you for your contribution.
nice one bro
Good job
The company should hire you and do what you do.
Thank you for unifi leason
Great video, thanks.
Böyle bir videoyu bizim milletten biri çekseydi udemy de 799 liraya satardı.
Well articulated and very informative. HOWEVER every video I have seen on setting up Unify so far, (especially the USG) there is no clarity on connecting the USG to the internet. A MODEM is not required if you have fibre. The fibre ONT unit can be connected directly to the USG and in my case the download speed was seriously increased when I took the ISP Modem out of the equation. It would be great to see more videos on setting up USG for optimum use.
Hi Steve. Have the same issue. what did you do? how did you fix the speed problem? Yours Trygvi
I have the same problem!! I have AT&T fiber and WOULD LOVE to learn how to get my network up and going!!
Than you very much for all your work that you put in this great video. I learned a lot. Specially with the firewall rules. Can explain why you did not mark you guest network as Guest instead of leaving it as Corporate?
Lot’s of greetings, Dennis 🇳🇱
This is a great walk through and would've been massively helpful the first time I setup my Ubiquiti equipment.
A note about wifi SSIDs being named the same - this is a bad thing.
2.4GHz broadcasts a greater distance and has better signal strength compared to 5GHz. 2.4GHz is far more congested and has lower overall throughput. Every BlueTooth device operates within the 2.4GHz range as does your home microwave.
I purposely name the 2.4GHz vs 5GHz slightly different names (ie. Home2 and Home5) and manually connect every device I can to 5GHz - this puts you on a much cleaner wireless frequency range. You can use the same wireless password for both SSIDs if you prefer, but if you connect your device to the 5GHz SSID, it will not now how to connect to the 2.4GHz SSID, because you've never connected to it.
You can perform a 'wireless channel check' with your AP to find the least congested channels for both 2.4GHz and 5GHz. Within 5GHz, the DFS channels (middle 16) are often the best to use. The first 4 channels and last 5 channels are not DFS channels - meaning all of your neighbors can use those channels - so you want to use those as little as possible (or not at all).
DFS channels are not ideal if you are within 2 miles of an airport (of any size) or near a weather radar station, as they use the DFS channels specifically.
Very great information. I agree separating the bands is a good idea if you want the best performance on 5ghz, but I've found that this limits the connectivity of devices outside of range of the 5ghz radio. This causes a lot of issues with devices dropping connectivity while still in range of 2.4ghz signals.
It's a bit of a dilemma. 2.4ghz is more crowded and has a lot more interference, but 5ghz has very limited range. Your mileage will vary greatly depending on your environment.
@@ToastyAnswers 100% agreed. The business customers that I've supported over the years, when I detail everything (in basic terms), have always opted for more APs vs having their workers be shoved onto a crowded/slow connection.
I do understand that some situations either cannot do this (limited budget OR infrastructure), and that is when I simply guide them as best as I can and let them make the ultimate choice with the advanced knowledge of the potential impact.
As per range, I quote 100ft for 2.4GHz and 80ft for 5GHz - and detail that every obstacle (wall, etc) will diminish that range. Lath and plaster construction is one of the worst to push through due to the uneven and porous nature.
One last tip, never mount APs in a manner in which you cannot see it (ie. above ceiling tiles, behind an object, etc).
If you have any questions, please ask - I am happy to share my knowledge & experience.
I stayed up for 2 hours straight I'm just realizing I have my moniter off the entire time thx man I'm going to sleep
Z
Hallo Toasty.
I would like to thank you for doing this guide. I have now setup my own home network all thanks to your video. A simple step-by-step guide. I hope that you will make others videos with Unifi products. will recommend your guide to all my friends and colleagues.
Question:
I'm considering buying a Unifi cloud key 2gen. Should I? and what does it actually do?
I have a small network in my home. But after seeing your videos I would like expand a bit. :)
All the best from Silkeborg, Denmark.
Thank you!
Answer: I can see the appeal of the cloud key, but I've never really desired to have one. You can think of it like a "Raspberry Pi" that comes pre-configured to run the Unifi Controller software. It isn't a bad device to have, but it also isn't "necessary" since you can install the controller on many different pieces of equipment. It is convenient though, if you don't want to mess with installing the controller or don't have anything lying around you would want to run 24/7.
Somehow in the new interface it is impossible to assign a network to LAN2 interface. Or am I missing something?
Just looking to help a customer upgrade her whole system and this is perfect...just one little thing at the moment....If a device is new the controller should be able to adopt it....I mean it hasn't been used before on any other network..I remember you resetting one device.....
You are correct. Any new device should show up as "Pending Adoption" when discovered by the controller.
I probably reset a device in the video because they've been setup and torn down so many times I never know if I have an active configuration or not.
@@ToastyAnswers Thank you for the reply...much appreciated
How can i combine 2 vlans on a single wan. One for internet and another for iptv
goog lectures
Would you recommend the USG for connecting my modem for a WISP set up?
Trying to get started in the business world of WISP as the internet is terrible where I am based, I have a dedicated line already fitted.
Since your demo almost mirrors my equipment this was perfect for me, thanks. I am guessing that the GUEST IN/OUT/LOCAL refers to the third port on the USG?
Thank you for the very nice video and presentation. I am planning on purchasing UniFi 6 Lite Access Point & UniFi 6 LR AP, do these support fast roaming. Also when I get unifi 8 port switch and connect one port to a 24 port non unifi switch, will I be able to see the traffic coming from 24 switch. If yes will it be for individual ports or for all 24 as one bundle data. Thank you for your help.
Switched to Ubiquiti stuff a few months ago. I really like the products. Not using a USG but do have 8-port POE switch, mini and 2 AP Lites. Use my desktop for configuration and monitoring. Is it really necessary for a USG? I'm pretty remote and don't have too many issues. The wi-fi coverage is what got me going with their stuff. Glad I found your channel as well. Even if most of it goes over my head. :)
If you don't care about the site security and stats on data consumption then the USG is not really necessary but once you get used to those aspects they are very nice to have centrally managed as opposed to whatever the default router that you are using does.
Hi, those tutorials are great. I watch every one til the end and i have question if there is a chance you can make a tutorial of making the home network using ISP router + Ubiquiti Edge Router X + unifi accessories. That would be helpful.
I can take a look at this, but it sounds very similar to my "Edgerouter with an existing Network" and "Double NAT" videos. These may already have the answers you are looking for.
First let me thank you for this video. It is quite informative. I am having some issues with setting up a similar system (USG + 24 port PoE Switch + WiFi AP + CloudKey + 2 Unifi Cameras + 1 off-brand PoE camera (not sure how to manage) + NVR (which I have not started to try to config).
As soon as I configure the Guest network I loose my connection from my laptop (connected through the switch) to the internet. Do you have any suggestion on what might cause this out of the box? As a note, I still have the IoT network but am not doing anything with it yet.
Almost all of my IoT devices use wifi to connect so I'm not sure that your setup excluding them from wifi access is widely applicable considering typical use. Aside from that I like your logic and detailed instructions very much.
I have several non Unify POE cameras that I understand cannot be adopted using the controller software. Before I setup a comparable network setup as is described in this video, will I be able to USE these cameras at all? Thanks.
I too have many many wifi IoT devices and this set up wouldn't work for that
This is probably some oversight on my part. I excluded the IoT from wireless just to show some differentiation between wireless and wired VLANs. I didn't mean to imply that you wouldn't broadcast an IoT network over wireless. You definitely would.
In this case, you would just take the same steps for the Guest network and apply them to an IoT wireless network.
You will be able to use non Unifi wireless cameras with a setup such as this. I use Wyze cameras with Blue Iris on a Unifi wireless network.
Can you please do a video on udm pro parents control or dns settings
you can also use a cloud key to host the controller
Can you explain the purpose of the cloud key? Do I need it? Thank you. From what I understand if I don't use a cloud key I need a PC running 24/7 on my network?
@@thomas_didymus a cloud key takes the place of the PC running the Controller management console (correct me if I'm wrong someone). It's a 'candy bar' looking device connected to a POE port in your switch.
Thank you for this tutorial! I have the same exact equipment except the mini switch.
The only issue I’ve came across so far during the setup is that your interface automatically created Port Profiles. Mine did not create any at all.
Another discrepancy, in the Routing & Firewall you have multiple sections in Firewall (WAN In/Out, WAN Local, LAN In/Out etc) whereas my interface doesn’t.
There are probably quite a few changes due to GUI updates since this video was posted. I am getting ready to make a somewhat updated video for this, but I figured I would comment on what you've seen so far.
Port Profiles: I've actually seen where the port profiles don't get created automatically. It is unfortunate, and I'm not sure what causes it, but it has actually broken a few networks I've worked on. For some reason, it's a toss-up if you get the standard built-in profiles or not.
For the firewall rules... this is something I haven't gotten to re-visit, but I'm pretty sure there was a change in the interface that has caused problems with the firewall portion of the configuration.
I decided to use my Gen 1 Cloud Key, gave me the same exact interface as yours after the update. But had to factory reset my USG to adopt. All is good now!
Now to setup Pi-hole and Plex server haha!
You and your videos are amazing. Providing a great service to the community ❤
I can't figure out of I need a dream machine or a security gateway.
I get confused with the Mbps nomenclature. So if I have cable modem getting 300 Mbps speeds, the USG with threat protection turned on will be a bottleneck for me?
Thank you!
If you have a 300Mbps connection then the Security Gateway would be a bottleneck. You would be limited to around 85Mbps of throughput with all the services enabled.
Generally, I wouldn't recommend the Security Gateway these days with how good the Dream Machine is in comparison.
@@ToastyAnswers that's awesome, that means your videos are working if I understood correctly! 😀
I read your reply right away but only responded now, greatly appreciate the reply from the maestro directory.
Also, now was a good time to reply to say UDM is in stock today!
Just in time for the UDR to be released, derp
Thanks for the in depth video, I watched from start to finish and have one question. If I have IOT devices that are wireless, how do I set up a network for them? Can I just setup a wireless-IOT network. I am not sure.
I'm in the same boat with this question too
@@stamford70 I have done more research on this and all you have to do is set up a wireless network same as you did for the regular network and add the devices to the new wireless network.
@@davidwright6105 cheers for that info pal. I’m just in the process of getting almost the same equipment in this video so it’s a great help as I’m a nooob 😂
@@davidwright6105 You just have to take into account that per access point, the amount of "regular networks" (VLAN's) that you expose wireless is limited. If I am not mistaken, this is 4 by default. There's an option on the accesspoint that can be disabled (If I am not mistaken it is the option to act as a repeater), the max. amount becomes 8. If you want, I can look this up. I came across this restriction when setting up the WiFi for a friend of mine.
This was a great video on how to configure this network. I was looking to update my wifi device since I'm using a Asus router with wif. I have 2 questions.
1. What was the total cost of all 4 device is you don't mine me asking?
2. Rather then using the desktop switch for your computers can you use a regular linksys switch then configure everything like you did?
I'm thinking because of the cost on building this whole network.
Let me know when you have a moment.
1. The total cost of everything in this video was around $400 (USD), but this will depend entirely who you buy through and where you are located.
2. You can definitely use a regular switch if you wish. You just won't be able to tie it to the controller and manage it (if the switch is capable of being managed). The VLAN tagging on the switch will only be possible if your third-party switch supports this feature.
Recommendation: I would make a couple changes to the setup if you are looking to make a purchase. 1.) I wouldn't buy the USG (It's a bit dated and the features are found in other devices). I would instead get a UDM, which also includes a switch and access-point built-in to the device. You can build off this device later if you wish with additional access points and/or switches while still retaining all the features seen in this video. The cost of a UDM is typically around $300 (again, depending on seller/location).
@@ToastyAnswers Then you need to share where you bought all these items for $400. That's a great deal and would buy it right off the bat. Any kind of help would be awesome and maybe putting a write up on the update you did.
Great videos! I'm currently using an edgerouter x with 2 ubiquiti APs. Once is directly connected into my edgerouter and the other is downstairs and is not directly connected. Do you have any videos on how to properly set this up? I'm having some connections issues with the one that is not directly connected via ethernet downstairs.
Thanks!
Can you recommend a good video on configuring cameras within a network similar to yours? I assume that they would be on a specialized network similar to IoT, but I am not sure about the relationship with the remote access and if they would be accessible from inside a restricted policy.
As a note, I tested them by setting them up as IoT devices, and Unifi Protect can no longer access them. Also, the camera's lights are flashing green instead of white or blue (never heard of that before).
Hi @Toasty Answers in 29:11 we didnt see the map that is connected (we only see usg, switches and wifi router)
Editing mistake "/
Question about VLAN IOT network setup. For example if I had a Google home device on IOT network and a phone on main network, would they able to communicate with the firewall setting you used?
I tried to post a link but it wouldn't let me. Google Best Unifi Best Practices for Managing Chromecast/Google Home on UniFi Network
Watched the whole thing and I was a little confused about IoT. I understand Private network en Guest network, but what is the use case for IoT?
Some people have a dedicated VLAN for IoT devices so that it stays in their own segment.
You can then block internet or access to any other segment to your device.
For example: If you have a Tuya Bulb you don''t want that Chinese bulb have access to your server, or private network (vlan).
Hmm, studying it now. Got all the hardware in place. Now it's time to get to the software side of setting up my home network. First question: if I unplug my current wifi network (Airport) from my ISP modem, and also disable the network that the ISP modem is sending out by choosing it to bridg itself to the new USG, will I be able to access this explanation video for instance via the new USG that I would be connecting tot the LAN port of my ISP's modem? Just wondering (before I change everything and won't be able to change it back to start again....)
You should be able to. You may want to contact your ISP before putting the modem/router into bridge mode just to make sure it will work correctly. Your ISP may require you put the device into "pass-through mode" (Very similar to bridge, but with a couple provider-side differences.
Once that is done, everything should work fine off a LAN port of the ISP's equipment to the WAN port of the USG/UDM.
Plz u can make it hotspot about unifi if u the time design video
Hi. I just purchased a Dream Machine for home, later I will receive a Switch 8-60W. The configurations in the video applied to UDM/Switch 8?
Yes, the configurations are very similar between the USG and UDM. The UDM just has a few more features that can be enabled and also has a switch & AP already built-in (base model, not UDM-Pro). You will just start with most of the devices already adopted from the get-go.
Inquiry to Toasty: In the Routings & Firewall > Firewall > Lan In you added the 'accept' and 'drop' settings for the Main LAN, IoT and Guest networks. Why wasn't the Guest settings put in the 'Guest In' section? Is the Guest In/Out/Local sections of little to no use, or is it preferred to have all accept/drop rules put in one section (i.e. Lan In), or some other reason? Thanks in advance for the feedback.
This is actually a question I have myself. After setting everything up, I kind of wondered what the Guest tab was used for. I imagine the rules for the guest network should probably be setup here, but I just elected to put them all in one place. I'm kind of set in my ways when it comes to Firewall configuration.
I'll have to do some more research on that.
@@ToastyAnswers found this from UniFi's website (help.ui.com/hc/en-us/articles/115003173168-UniFi-UDM-USG-Introduction-to-Firewall-Rules ) however there was no date reference to when it was written, thought to share with your viewers for reference:
LAN Network
LAN Local Applies to IPv4 traffic that is destined for the UDM/USG itself on the LAN network (default accept).
LAN In Applies to IPv4 traffic that enters the LAN (ingress), destined for other networks (default accept).
LAN Out Applies to IPv4 traffic that exists the LAN (egress), destined for this network (default accept).
LAN v6 Local Applies to IPv6 traffic that is destined for the UDM/USG itself on the LAN network (default accept).
LAN v6 In Applies to IPv6 traffic that enters the LAN (ingress), destined for other networks (default accept).
LAN v6 Out Applies to IPv6 traffic that exists the LAN (egress), destined for this network (default accept).
Guest Network
Guest Local Applies to IPv4 traffic that is destined for the UDM/USG itself on the Guest network (default drop). Allows certain services/such as DNS and DHCP.
Guest In Applies to IPv4 traffic that enters the Guest network (ingress), destined for other networks (default accept). Drops traffic to other LAN (Corporate) networks.
Guest Out Applies to IPv4 traffic that exists the Guest network (egress), destined for this network (default accept).
Guest v6 Local Applies to IPv6 traffic that is destined for the UDM/USG itself on the Guest network (default drop). Allows certain services/such as DNS and DHCP.
Guest v6 In Applies to IPv6 traffic that enters the Guest network (ingress), destined for other networks (default accept). Drops traffic to other LAN (Corporate) networks.
Guest v6 Out Applies to IPv6 traffic that exists the Guest network (egress), destined for this network (default accept).
Kind of theoretical question Colon I have never built a net work with different IP ranges. Will devices from your Vlans interact with each other? In other words, if I have an air print printer on my private network and a guest comes over and wants to print to it, will that guest have access to it?
Without any firewall configuration, everything will be able to communicate. The only difference with different IP ranges is that the traffic will be "Routed" through the router instead of communicating directly between the two devices. Your guests will still have access to devices on a different network, but they typically will not show up as a network device unless configured specifically (Like the "Network" tab in Windows).
You can configure Firewall rules to allow/deny access between the different ranges which is one of the main advantages to having multiple networks, but by default everything is open.
if we dont use the security feature which limites speeds to 85mbs, would the security gateway essentially be the same thing as the edgerouter?
Basically, yes. The performance will be very similar.
Hi i like your videos. I want to configure new unifi edge switch and I want to add a ubiquity access point in to the switch. do you have a video which shows the steps or can you prepare a video? thanks
I don't have an edge-switch at the moment, but if I end up with one I will definitely make a video on it.
Hi, your explanation is great. I was wondering if I don’t have any guest internet, do i need the other switch?
You don't "need" the switch, but it is useful if you need more than the two provided LAN ports. Even without a guest network.
Hi, thank you for the answer. I currently own Fortigate 51E, paying every year for their support and service, they have web filtering and antivirus, spam services,. Would you by any change if this Unify would have that kind of service that I could subscribe, thank you
Wie kann ich von dem SG höhere mbs einstellen?
If I have a Pi-hole server connected on my Main LAN, and my Guest and IoT VLANs are isolated, will devices attached to Guest and IoT still be able to access the Pi-hole server?
(I'm trying to sort out this new network all at once, and it get's really confusing!)
It depends how you have your firewall configured. I assume since you say they are "Isolated" that you have firewall rules preventing traffic from passing between these two networks.
If this is the case, you will need to add rules to allow for communication with the Pi-hole. You can set a generic rule to allow traffic on port 53 to only the Pi-Hole on the Main LAN's firewall. This will allow DNS traffic from ANY other network to reach the Pi-Hole, but nothing else on the Main network.
My main network is actually configured like this and I have rules allowing traffic on port 53 to the Pi-hole's IP configured. All my other networks use the Pi-hole for DNS.
Doing everything at once always gets confusing. Try to take small steps and "add-on" later. One thing at a time ;)
I'm new to Unifi, what's a good way and not to expensive to get started with unify?
What is your opinion about the DreamMachine and a simpe POE switch? would that suffice for starters?
The Dream Machine is probably the most balanced entry point since it is essentially a gateway, switch, and AP all in one contained unit. I wouldn't worry too much about PoE unless you really want it. You can power the APs with injectors until you work up to a dedicated PoE switch.
The cheapest way to get started would probably be to just use the wireless APs along with existing routers and switches, but of course you don't all the features of a full-blown Unifi network.
@@ToastyAnswers can you please create like basic configuration of it and thank you very much
Great video, the new UI is not ready for prime time. Basic network VLAN options not showing have to go back to old UI. When you assign a VLAN ID in new UI it just picks the next subnet. I was ready to buy my Ubiquiti gear, but may stick with Netgear and their old school crude, but very functional UI. My Create Network does not have same options as in your video.
The new UIs and the direction they've gone have made things.... confusing to say the least. I'm not a fan of the new UI and I have a lot of issues when going between the two. I believe they recently updated it where you have to "disable" the new UI in order to see the classic menu now.
@@ToastyAnswers I went back and forth about expanding my network with Unifi or Netgear and the new UI and some of the quirks of how Unifi does things sent me into the Netgear camp for my switches. At least the Netgear switches I can pick cloud or traditional switch based management. I will stay with Unifi for my APs, but my core switches I just ordered Netgear. Hard to argue with lifetime and 5 year warranties. I will stick with Untange for my firewall as the UDM Pro still has some quirks with the rules and I want full control of what ports are LAN/WAN/DMZ.
nicely done, It is little over my head. Can some one explain your drawing what are those, Main Lan and IoT means?
Main LAN is your typical network. IoT is an "Internet of Things" network which most people like to have logically separated from their "day to day" network.
I have built a network identical to your plan in this TH-cam, except it is located in an adjacent building served by a nanostation bridge. The WAN will be in the Station nanostation with POE from the Ubiquiti switch. It is not practical to connect a POE injector to the nanostation. Since the USG does not have POE on the WAN port, i need to connect to the WAN port from the switch. Can I define two switch ports (in and out) to supply the WAN signal? Or can you suggest a better way?
I've done something similar to this in the past. The best way I've come across is just to create an exclusive VLAN for WAN traffic. This way the switch is acting more like a repeater (in/out) and the traffic won't be flooded needlessly.
Great video, today my “main lan” does everything and after this video would like to segment off similar to the video. Question is since all the IoT items are setup on the main lan can I keep this and just change your examples so main=iot and iot in video becomes main lan for computers and such?
Can you please help how to block multiple MAC address (wired/ wireless) from accessing internet by schedule?
I have several non Unify POE cameras that I understand cannot be adopted using the controller software. Before I setup a comparable network setup as is described in this video, will I be able to USE these cameras at all? Thanks.
You will. I have ip cams and works great with UniFi
@@isso013 - Ok. Thx.
How the hell can some people dislike this video ? Jesus !!!!!!!!!!!!
I know I should mount the Ubiquiti AP's on the ceiling but I am getting pushback from the wife on this process. Currently on our two story house on the 2nd floor I have a Nano HD and AC Pro wired and a AC Pro wireless and all are sitting on tables so they point UP.
I have one U6 wireless AP downstairs on the first floor. My question is since I have all the AP's upstairs pointing up how much coverage and I getting with these AP's or am I wasting them and need to bite the bullet and ceiling mount at the Nano HD in my office?
How do the Access points send out their wifi? Is it 180 degrees going straight up or does it still generate some wifi through the base?
I hope this is not to stupid of a question.
No. it is not a stupid question, I would like to know the answer myself. If I can't mount them on the ceiling maybe on the wall, but like you said, how does the signal spread out in these mounting positions?
From my understanding, the coverage area is an oval. You still get signal in the "front" and "back" of the device, but not as much as the sides.
For example, if the AP is mounted on the ceiling it will cover a "wider" area of the same floor, but if mounted on the wall it will cover more floors vertically.
I haven't really noticed a huge difference in reality. I've mounted them every kind of way (Ceiling, wall, laying on a desk, shoved behind a network rack, dangling from the ceiling, etc) and never really noticed one to be substantially better. If you are on the coverage limit you are most likely better off adding an additional AP.
The coverage is limited more by your building materials, existing interference, etc rather than the mounting orientation. For reference, I've always had my APs just laying back-down on a table at my house. They've covered the majority of both floors for me, but YMMV. One day I'll mount my own properly.
Couldn't you set your ISP's router/modem combo to 'bridge mode' and that way the unifi gateway would work properly?
Yes, you can and that is one of the more preferable ways to set this up. For the video, I was operating in a lab environment.
Hello a very good video. Here I have a project like providing Internet services to the University comprising of let say 3,000 student. Please can you suggest how to deploy this architecture with a strong networking devices and what or how many access point to be used.
When you get into high-density environments there are a few more things to be aware of. These deployments will depend entirely on the environment and highest density points. You will also need to start looking at access-points designed for more clients such as the UAP-AC-HD or BaseStation XG.
I am unable to give any kind of accurate information without knowing more.
Do i need a cloud key ? If yes where do i setup on the switch or usg ?
You don't "need" one. The Cloud Key is just a device that hosts the controller software for you. It can be more convenient, but it is by no means a requirement.
You would connect this device to the switch or any device you would normally connect any other PC. It is essentially like using a raspberry pi on your network.
Toasty can you chapterise this mate? having a hard time flick back to the parts that are the most important.
That's a great idea. I'll try to get to that soon!
I set up a network today following the guide, and afterwards I closed everthing (But I dont know if I should have pressed save somewhere before I closed everything?) Now I cant find the network I set up (The Site) where can I find it on my pc? (I use windows) I hope I dont have to do it all over again.
I need the sites so I can export it as a file.
You typically don't have to save anything in the controller. Once the changes are applied, they are considered "Saved". Is the site not appearing in the controller or can you not locate the controller files themselves?
On Windows, the controller should install to C:\Users\"YourUserName"\Ubiquiti UniFi
To run the controller, the file is C:\Users\"YourUserName"\Ubiquiti UniFi\lib\ace.jar
If the controller is running and the site is missing from the controller itself, there may be another issue or the wrong instance of the controller is running.
@@ToastyAnswers Unfortunately its both. When I open the program on my pc and launch a browser to manage the network, there is nothing and it just looks like the page you see when you want to create a new network (Name it and so forth).
When I search for it in pathfinder and type in the C:\Users\"YourUserName"\Ubiquiti UniFi\lib\ace.jar nothing shows up anywhere? I fear that everything I made is lost.
Can someone please just tell me where do i go to put my ISP settings
thanks
soft routering maybe a better alternative, more features.
If I’m trying to setup 3 APs, would I need to setup VLANs like you did for the guest network?
Better question is if I just want to setup 3 APs would I need to follow this whole guide or would something different need to be done?
You don't need more than a single VLAN to setup more than one AP. You can ignore the entire VLAN section if that isn't something you are wanting to setup. Connecting all three APs would simply add them to the main network and they'd function correctly.
You only need to mess with VLANs if you have a need for multiple "Networks" such as Main, Guest, etc... but they are not required.
Hi, in your drawing depicted no wifi on gateway but you still set it up. Is this necessary step? Or its ok to disable the wifi on gateway?
I set it up since we were deploying dedicated access-points to take care of the wireless. If you don't have a need for it, it's fine to leave it blank.
I see, thanks a lot @@ToastyAnswers
the security gateway is optional correct?
Correct, although you could say that any of the devices are optional. A "router", however, is not optional. You have to have something capable of routing in the network.
Bro don’t know if you read your comments but I follow everything you do but when it comes on to my access point UAP-AC-LR It’s saying ADOPTING/DISCONNECT AND I HAVE TYE USG THE 8port 150w those 2 have blue light but my problem is access point Can someone help me please
I try to read through my comments when I can. Thanks for following!
Have you tried updating the AP before adopting it? I've seen this happen and a firmware update sometimes resolves the issue. Also, make sure you have the latest version of controller installed. Sometimes, resetting the AP a few times will clear the issue.
If this does not work, there may be something else at issue here.
I tried that too, someone told me about my Verizon router and the USG as the same IP AND THATS CAUSING IT