Willie, thanks so much for doing this video. I was always a bit hazy about this and now, with so many IoT devices around which seem to be affected by more and more hacking attempts on a daily basis, I feel more confident about separating them all from the corporate network. I also agree with the comments below and have also learnt so much from you and Chris about these revolutionary networking products - Thanks again and keep it up!
Very informative and clear. However you say at about minute 4:00 "by default the traffic is routed between the corporate netoworks". I have a USG and a unifi switch set up exactly like what I see in your video and traffic is NOT routed between two corporate networks I set up. They are essentially invisible to each other, and I think I have the same configuration you do. So why is that? What could be causing the problem. Yeah, layer 2 and layer 3 are different. But you did say traffic is "routed" between these networks. Thanks
Great Video. question. dose the guest network you show here. would isolate each other.? ie if guest in VLan 2 and guest 2 on Vlan 5 can see and talk to each other? thank again..
Thanks for clearing up the various network types in the USG setup. I have a tricky situation with my ISP/Internet/TV-boxes which I would love to get some advice on based off this new knowledge but not sure where to post this?
Your videos are always very helpful and thorough. I have a question that you may be able to help me with. We have 49 UAP's that we need to split up into two groups because of performance issues. Here's my question . . . I am moving 30 of the AP's over to a new UCK Gen2+ and I am wondering how to incorporate the VLAN only option, since that is what I've been told would be the best way to approach this. I have moved four over for testing purposes and they are working great, but I haven't established the VLAN only setting on the new UCK. Is that something I need to do, and if so, can you give me direction on how to approach it? Thanks
thanks for the video. One thing I find unclear: If I setup a VPN-network for remote users on the USG, like you have shown, what do I need to do to get traffic from those vpn-clients to reach the servers on the corporate LAN behind the USG?
Great Video!!!! This should be must see video for anyone setting up ai network. If I was setting up a IP camera VLAN, would I want to enable IGMP snooping
Hi Thanks for your video. I didnt understand the VPN Section. is this also "locked" from the corporate network(s)? Or how do you allow it to be routed to the corporate network Lan(s)? Best regards Lars
Nice video! I have a question about USG, can you use LAN2 port for split your internet connection in two different networks and give group policies (download &upload speed) .
Wiiie, thannks for sharing youre vidio's! What do you recoment if i want te place my 2nd NAS at my parants house for backup, VPN client? Do i have to install Unifi equiptment at my parents house or can i use just the poort forwarding? (i'm calling from Holland so appologise fore the bad english :-))
How would I best isolate my networks from each other? Im using the guest Network and have the captive portal activated, bit that will cause a huge problem for all the other networks.
Willie appreciate the video as always. For further background…what is the benefit of creating a corporate network (and applying applicable network rules to segregate it) versus creating a guest network? Is it just two different ways of achieving the same thing, or are there other benefits to creating the corporate network?
Thanks Willie I got that. I was trying to ask whether there was an advantage to a) create a guest network (as I’ve done for my IOT kit) or b) create a corporate network and apply the firewall rules per your other video; or does that just achieve the same thing? Appreciate it sounds a stupid question but thought there might be some other advantage to b)? Thanks for the insightful video’s, much appreciated!
Willie, With the new UniFi Controller 5.9.x a lot of things were updated and changed. Do you think you can update the videos to address this in the near future?
@@WillieHowe My bad. This is the updated video. I appreciate everything you guys do. There is no true documentation for the USG. The Edge products have better docs. I run to separate networks with UniFi and EdgeMax. Ubiquiti definitely made a believer out of me. I'll also check out your Mikrotik videos for better insight as well. Thanks.
Willie Howe, the problem is that there isn't any literature on it and I asked you a few months back because I need a captive portal but can't get a static IP at my location. Might be common problem.
Hi Willie, thanks for the explanation. Clears up a few things already. I want to create a separate WiFi Network/Network for my Smart Home Devices. Could you maybe Explain, how to create and tag a Wireless Network to a specific LAN without being able to talk to each other? Currently I am using a Wireless Guest Network for this... Thank you, wolfster
I don’t know if I’m in the right place, but I need to setup a home network for 3 people who twitch stream. I want it to be secure that’s my main thing, but not be restricted if that makes sense. What would be the best setup? Modem-usg-switch/router-pc’s? Or I am just in the total wrong thinking...not a network guy lol
Thanks so much! The more I watch the more I learn..... Here is a question: All the videos on firewall rules are done on a USG. Can I take these same rulesets and apply them on an EdgeRouter X / Lite?
HI Willie Thx for all u videos. U the best. Got video request. Can u make a video about SAMBA and/or cross subnet network browsing with VPN LAN users and site-to-site LAN users and Local Network User computers and WINS?. All the netowrks can be mix linux and Windows. The browser network computer list should be all the same across all the subnets allowing users to see each other computers and ex. printers to share files etc. I have not dont it on the ubiquiti equipment yet, CAN THIS BE DONE? Will u use the feature ARP PROXY on interface to enable broadcast traffic to flow between sub nets. >Thanks
Tommy bee I’m still learning, but what you said just kind of defeats the purpose of investing in pricey setup. You could accomplish your goal with a cheap commercial router and be likely even more satisfied. When I lived at home I did just that with a nice asusac3100.., faster vpn, very easy to use, etc. it was a lot faster with the vpn, and quite frankly performed better. All the options a consumer would need, and if I remember right it actually a crappy VLAN setup. Hell they even had the AI-mesh technology of u were dying to spend money. It’s logging was far better and it even had a little IDS swtup. These ngfw’s are just needed when you have a lot more devices and ppl to deal with. Best part was is not only did that thing last roughly 10 yrs, it works the same now and last year when UniFi was really lagging behind I managed to create an isolated VLAN solely dedicated to that router. No extra rules. 2 separate routers that didn’t communicate with each other and I recall someone creating a script to make a site to site vpn using the 2. I’ve had sophos xg85 and controlled a much more exlenseive sophos utm at my job, along with the highest Rated net gear night hawk..500 bucks for pile a crap. I’ve solder all except my except my beat up ac3100 that’s down to its last antenna. Sorry for the long post but u must remember a firewall/router is just a router unless you spend a boatload of time working with it. Cough pfsense..however if you’re bent on spending a lot let me recommend UNTANGLE. Ngfw AND EASY AS HECK TO USE. hope this helped a little despite my monologue!
FYI pfsense is great..but I work in a different sect of IT and decided I’d try to make a house run off of sense using a laptop as the entire setup no switch because I saw some dude on TH-cam sorta pull it off had a single lan and)from 20 yrs ago. Bought 5 of them manuafacitred in 1999 for 200 bucks for the sake of cyber security labs. I will say this though. When I got it working it didn’t skip a beat for that whole 20 hrs of uptime. Was so jaded I went out and bought the super sandbox aka sophos xg and had them spoon feed me
This is like the first official guide to Unifi networks. Great video Willie.
Thank you Willie. I built my first Ubiquit network. This was the first video I viewed trying to learn how to properly use it. Thank you.
Clear video on a topic that remains confusing to many. I have an EdgeRouter Pro8, but the way you explained this for UniFi is excellent. Thanks!
Willie, thanks so much for doing this video. I was always a bit hazy about this and now, with so many IoT devices around which seem to be affected by more and more hacking attempts on a daily basis, I feel more confident about separating them all from the corporate network. I also agree with the comments below and have also learnt so much from you and Chris about these revolutionary networking products - Thanks again and keep it up!
This is perfect. These zones threw me for a pretty big loop when I first set up my network. Thank you
Very informative and clear. However you say at about minute 4:00 "by default the traffic is routed between the corporate netoworks". I have a USG and a unifi switch set up exactly like what I see in your video and traffic is NOT routed between two corporate networks I set up. They are essentially invisible to each other, and I think I have the same configuration you do. So why is that? What could be causing the problem. Yeah, layer 2 and layer 3 are different. But you did say traffic is "routed" between these networks. Thanks
Great video! How can you share a network printer across all vlans including guest ?
Thanks Willie. Your videos are very helpful.
This is a great video! Thanks for making it +Willie Howe. Your videos should the ones that Ubiquiti uses to train people on their equipment.
Great Video. question. dose the guest network you show here. would isolate each other.? ie if guest in VLan 2 and guest 2 on Vlan 5 can see and talk to each other? thank again..
Thank for the video. Can you do a tutorial on how to block traffic between LAN1 and LAN2 with both being cooperate?
Thanks for clearing up the various network types in the USG setup. I have a tricky situation with my ISP/Internet/TV-boxes which I would love to get some advice on based off this new knowledge but not sure where to post this?
Your videos are always very helpful and thorough. I have a question that you may be able to help me with. We have 49 UAP's that we need to split up into two groups because of performance issues. Here's my question . . . I am moving 30 of the AP's over to a new UCK Gen2+ and I am wondering how to incorporate the VLAN only option, since that is what I've been told would be the best way to approach this. I have moved four over for testing purposes and they are working great, but I haven't established the VLAN only setting on the new UCK. Is that something I need to do, and if so, can you give me direction on how to approach it? Thanks
thanks for the video. One thing I find unclear: If I setup a VPN-network for remote users on the USG, like you have shown, what do I need to do to get traffic from those vpn-clients to reach the servers on the corporate LAN behind the USG?
Great Video!!!! This should be must see video for anyone setting up ai network. If I was setting up a IP camera VLAN, would I want to enable IGMP snooping
Hi Thanks for your video. I didnt understand the VPN Section. is this also "locked" from the corporate network(s)? Or how do you allow it to be routed to the corporate network Lan(s)?
Best regards Lars
Easy to follow, thanks.
Nice video! I have a question about USG, can you use LAN2 port for split your internet connection in two different networks and give group policies (download &upload speed) .
Really Helpful
Willie could you do a video on cloud key dealing with the storage and how to delete some of the stuff that might be taking up that space. Thanks!
Thanks, very helpful!
didn't there use to be a "Voice" option? what happened to it? are they going to put it back once they introduce LLDP-MED to the GUI?
Wiiie, thannks for sharing youre vidio's!
What do you recoment if i want te place my 2nd NAS at my parants house for backup, VPN client? Do i have to install Unifi equiptment at my parents house or can i use just the poort forwarding?
(i'm calling from Holland so appologise fore the bad english :-))
How would I best isolate my networks from each other? Im using the guest Network and have the captive portal activated, bit that will cause a huge problem for all the other networks.
Willie appreciate the video as always. For further background…what is the benefit of creating a corporate network (and applying applicable network rules to segregate it) versus creating a guest network? Is it just two different ways of achieving the same thing, or are there other benefits to creating the corporate network?
Thanks Willie I got that. I was trying to ask whether there was an advantage to a) create a guest network (as I’ve done for my IOT kit) or b) create a corporate network and apply the firewall rules per your other video; or does that just achieve the same thing?
Appreciate it sounds a stupid question but thought there might be some other advantage to b)?
Thanks for the insightful video’s, much appreciated!
Excellent
Thanks for the videos they are great! Have you thought about lowering your resolution on your screen so everything would be easier to read on our end?
Willie, With the new UniFi Controller 5.9.x a lot of things were updated and changed. Do you think you can update the videos to address this in the near future?
@@WillieHowe My bad. This is the updated video. I appreciate everything you guys do. There is no true documentation for the USG. The Edge products have better docs. I run to separate networks with UniFi and EdgeMax. Ubiquiti definitely made a believer out of me. I'll also check out your Mikrotik videos for better insight as well. Thanks.
Can you do a video on how to create a MGMT VLAN?
Did you do let's encrypt with Google domain and Cloud controller on Google cloud console?
Willie Howe, the problem is that there isn't any literature on it and I asked you a few months back because I need a captive portal but can't get a static IP at my location. Might be common problem.
I've done let's encrypt with unifi but haven't found a way to script it.
Hi Willie, thanks for the explanation. Clears up a few things already. I want to create a separate WiFi Network/Network for my Smart Home Devices. Could you maybe Explain, how to create and tag a Wireless Network to a specific LAN without being able to talk to each other? Currently I am using a Wireless Guest Network for this... Thank you, wolfster
I don’t know if I’m in the right place, but I need to setup a home network for 3 people who twitch stream. I want it to be secure that’s my main thing, but not be restricted if that makes sense. What would be the best setup? Modem-usg-switch/router-pc’s? Or I am just in the total wrong thinking...not a network guy lol
Thanks so much! The more I watch the more I learn..... Here is a question: All the videos on firewall rules are done on a USG. Can I take these same rulesets and apply them on an EdgeRouter X / Lite?
Sorry, I do not understand your reply
Got it! Thanks a bunch! (any thought on part 3 of Edgeswitch Setup Guide?)
Thanks so much!!
HI Willie
Thx for all u videos. U the best. Got video request. Can u make a video about SAMBA and/or cross subnet network browsing with VPN LAN users and site-to-site LAN users and Local Network User computers and WINS?. All the netowrks can be mix linux and Windows. The browser network computer list should be all the same across all the subnets allowing users to see each other computers and ex. printers to share files etc. I have not dont it on the ubiquiti equipment yet, CAN THIS BE DONE? Will u use the feature ARP PROXY on interface to enable broadcast traffic to flow between sub nets.
>Thanks
Tommy bee I’m still learning, but what you said just kind of defeats the purpose of investing in pricey setup. You could accomplish your goal with a cheap commercial router and be likely even more satisfied. When I lived at home I did just that with a nice asusac3100.., faster vpn, very easy to use, etc. it was a lot faster with the vpn, and quite frankly performed better. All the options a consumer would need, and if I remember right it actually a crappy VLAN setup. Hell they even had the AI-mesh technology of u were dying to spend money. It’s logging was far better and it even had a little IDS swtup. These ngfw’s are just needed when you have a lot more devices and ppl to deal with.
Best part was is not only did that thing last roughly 10 yrs, it works the same now and last year when UniFi was really lagging behind I managed to create an isolated VLAN solely dedicated to that router. No extra rules. 2 separate routers that didn’t communicate with each other and I recall someone creating a script to make a site to site vpn using the 2. I’ve had sophos xg85 and controlled a much more exlenseive sophos utm at my job, along with the highest Rated net gear night hawk..500 bucks for pile a crap. I’ve solder all except my except my beat up ac3100 that’s down to its last antenna. Sorry for the long post but u must remember a firewall/router is just a router unless you spend a boatload of time working with it. Cough pfsense..however if you’re bent on spending a lot let me recommend UNTANGLE. Ngfw AND EASY AS HECK TO USE. hope this helped a little despite my monologue!
FYI pfsense is great..but I work in a different sect of IT and decided I’d try to make a house run off of sense using a laptop as the entire setup no switch because I saw some dude on TH-cam sorta pull it off had a single lan and)from 20 yrs ago. Bought 5 of them manuafacitred in 1999 for 200 bucks for the sake of cyber security labs.
I will say this though. When I got it working it didn’t skip a beat for that whole 20 hrs of uptime. Was so jaded I went out and bought the super sandbox aka sophos xg and had them spoon feed me
Thumbs up
You stated gives us a ‘Class C’.
This will cause a lot of confusion because routers do not operate classfully anymore.
You said. Break up a ‘broadcast domain’ and a ‘collision domain’.
There are no more collision domains anymore with full duplex Ethernet.
Throw a hub in the mix and see what happens. And don't tell me the hubs don't exist because they surely do
0 likes tho🔥