Wow! Thank you. I've been struggling to figure out how to make my UniFI VLANs work. Creating them is the easy part. Your clear step by step examples have cleared up my confusion.
A lot to learn from this video. I’m still a newbie at this but would love to set up my network as secure as possible. With different vlans. Running 9 axis cameras, synology 1517+ nas, UniFi switches, aps, and such. As of now I have everything on 1 vlan. But want to segregate everything. Thanks for the video.
Great video! I followed a lot of the steps, but i'm stumped on the port connectivity from the UDM port to my non Ubiquiti switch Cisco Catalyst 1000 and getting my vlans working. I'm be happy to answer questions.
@Tech Me Out: At 18:12 - Am i wrong or should Rule 2007 be the first rule ? I thought you should block all at first an then open up ports / ranges / etc. Normally firewalls work from top to bottom. This would block rule 2001 - 2006 ! Or am i wrong ? I am puzzled.🙃
I am still confused why some TH-camrs are creating firewall rules to allow established and related traffic. What's the point of creating that rule and putting it on top of every other rule.
How does a unifi wap gets an IP? The switchport it’s plugged into would be defined as the default native LAN network? Does that switchport have to be trunked if your SSID or WiFi network is a different vlan?
Excellent question. the answer is much simpler than you might think. first, the access points gets their ip addresses same as any other computer or other devices you plug into a switch. if you enabled dhcp, the access point will get an ip address from the dhcp pool you configured. if the switch port you connected the AP to is on the default ALL profile, than the ip address the ap will get will come from the LAN network. its recommended that after getting an ip address set the ap's to a static ip address. as for when the SSID and the AP itself need to be on separate networks than yes, the switch port will need to be trunked. the minimum setting you will need is a native vlan for the AP itself and a tagged vlan for the clients to connect to. (most people just select the "all profile" but your mileage may vary)
Certainly. please join our unifi facebook group. from there you will be able to PM me. i will then give you my email address. facebook.com/groups/ubntusergroup
I watched the video and there is something that I feel like I missed I don't want my IOT to have access to my router for example yet somehow they do. I am testing it on the my phone and my phone is able to reach all the way to the router. According to the rules it should not be able to reach it or is there something wrong.
Hi. you are raising an excellent question. a basic thing like not reaching the firewall ip address that is blocked by default in many other vendors is open by default in unifi. i can assist with that but lets try this: join our unifi facebook group, then PM us on facebook, from there i will try to assist you in blocking the access to the firewall. facebook.com/groups/ubntusergroup
@@TechMeOut5 so long story short I'm somehow got unsubscribed and never got to see this response and I still have the problem. I don't know how this happened.
Hi and thank you for the video, the only problem I have after setting up the Vlan is the WiFi Vlan, I have tried both on Laptop and Phone but cannot connect.(Could'nt get IP Address) I am using Unifi gear.
Nice video, but if all I want is a NAtive VLAN and NO Tagged networks and the UI does not let me do that. I can only select ALL or a specific tagged network.
Hi. well, if yo just want, on one specific port, to only allow the native LAN to be passed and no other tagged vlans all you have to do is not use the "all" profile and just select the specific vlan or lan you want to pass. if misunderstood you, i would be happy to offer a remote session or a zoom call
@@TechMeOut5 I think I get it, thanks. Just a bit confusing as the UI with having the field for source and destination and it does not all WAN as an option in the destination. I will give it a try, thanks for the reply. I like your videos.
Doesn't work. It keeps saying "The profile overrides form has been reset with the default values from the selected profile. Any previous overrides will be lost upon saving."
@@TechMeOut5 I followed your video step by step and then attempted to set the switch profile on one of the ports on my 24 port switch. I have a UDM Pro. If I attempted to select the new profile on one of the UDM pro ports then it would work but not on any of the switches.
@@EscapeEFT alright, so i know for a fact that many people including myself were able to assign the switch profiles just fine. so there is definitely something we are not seeing here. if you would like, i am offering to do a zoom call, you and me and maybe we will be able to sort this out
*Are you using vlans in your UniFi network? let us know in the comments section*
Hey big guy.. thanks for the videos… I think there’s another channel called “tech me out”
Just a thought, the music is a distraction. Otherwise, thank you for your work. Much appreciated.
Wow! Thank you. I've been struggling to figure out how to make my UniFI VLANs work. Creating them is the easy part. Your clear step by step examples have cleared up my confusion.
thank you. lost the vlan capability ever since ubiquity upgrade to 6.
You are the first I've been able to find to explain how on ver 6
Glad i was able to help!
Thanks, this was most helpful.
Excellent video, and excellent demonstration of how to manage the traffic between vlans
A lot to learn from this video.
I’m still a newbie at this but would love to set up my network as secure as possible. With different vlans.
Running 9 axis cameras, synology 1517+ nas, UniFi switches, aps, and such.
As of now I have everything on 1 vlan. But want to segregate everything.
Thanks for the video.
Seems like an excellent network to introduce vlans to. A vlan for your cameras for example would a good idea
@@TechMeOut5 Yes.
I need to watch this video 100 times to be able grasp 😁 and learn so I can configure my setup.
Super-helpful setup overview. Thanks for pulling this together
Thank you for watching!
I love the way you walk it through, really good thank you!
I love it when i learn new things! the firewall concept - loved it!
Great edu video. Clarified a lot things for me. Keep up the good work!
Thank you very much. Glad you liked it.
I'm Using Vlans now. Thanks for your help.
Great video! I followed a lot of the steps, but i'm stumped on the port connectivity from the UDM port to my non Ubiquiti switch Cisco Catalyst 1000 and getting my vlans working. I'm be happy to answer questions.
Thank you for this video.
@Tech Me Out: At 18:12 - Am i wrong or should Rule 2007 be the first rule ?
I thought you should block all at first an then open up ports / ranges / etc. Normally firewalls work from top to bottom.
This would block rule 2001 - 2006 ! Or am i wrong ?
I am puzzled.🙃
Great video, thank you for sharing.
Thanks for watching!
I am still confused why some TH-camrs are creating firewall rules to allow established and related traffic. What's the point of creating that rule and putting it on top of every other rule.
Excellent video, many thanks :)
Thanks for watching. Please consider subscribing
How does a unifi wap gets an IP? The switchport it’s plugged into would be defined as the default native LAN network? Does that switchport have to be trunked if your SSID or WiFi network is a different vlan?
Excellent question. the answer is much simpler than you might think. first, the access points gets their ip addresses same as any other computer or other devices you plug into a switch. if you enabled dhcp, the access point will get an ip address from the dhcp pool you configured. if the switch port you connected the AP to is on the default ALL profile, than the ip address the ap will get will come from the LAN network. its recommended that after getting an ip address set the ap's to a static ip address. as for when the SSID and the AP itself need to be on separate networks than yes, the switch port will need to be trunked. the minimum setting you will need is a native vlan for the AP itself and a tagged vlan for the clients to connect to. (most people just select the "all profile" but your mileage may vary)
@@TechMeOut5 awesome!!! Thanks for your video. Helps a lot as I’m coming from the Cisco world but want to do unifi for my home network
Glad i was able to help out! Please consider subscribing.
@@TechMeOut5 will do!
Awesome video. thanks!
Loose the music
Can I email you some questions on how to configure VLANs for multicast (IGMP snooping) on a USW-Pro and create a firewall for point of sale stations?
Certainly. please join our unifi facebook group. from there you will be able to PM me. i will then give you my email address. facebook.com/groups/ubntusergroup
I watched the video and there is something that I feel like I missed I don't want my IOT to have access to my router for example yet somehow they do. I am testing it on the my phone and my phone is able to reach all the way to the router. According to the rules it should not be able to reach it or is there something wrong.
Hi. you are raising an excellent question. a basic thing like not reaching the firewall ip address that is blocked by default in many other vendors is open by default in unifi. i can assist with that but lets try this: join our unifi facebook group, then PM us on facebook, from there i will try to assist you in blocking the access to the firewall. facebook.com/groups/ubntusergroup
@@TechMeOut5 so long story short I'm somehow got unsubscribed and never got to see this response and I still have the problem. I don't know how this happened.
Excellent vid! helped me a lot!
You're welcome. Glad it helped
Hi and thank you for the video, the only problem I have after setting up the Vlan is the WiFi Vlan, I have tried both on Laptop and Phone but cannot connect.(Could'nt get IP Address) I am using Unifi gear.
Hi. Thanks for watching. Have you taken a look at your dhcp settings?
Nice video, but if all I want is a NAtive VLAN and NO Tagged networks and the UI does not let me do that. I can only select ALL or a specific tagged network.
Hi. well, if yo just want, on one specific port, to only allow the native LAN to be passed and no other tagged vlans all you have to do is not use the "all" profile and just select the specific vlan or lan you want to pass. if misunderstood you, i would be happy to offer a remote session or a zoom call
@@TechMeOut5 I think I get it, thanks. Just a bit confusing as the UI with having the field for source and destination and it does not all WAN as an option in the destination. I will give it a try, thanks for the reply. I like your videos.
Doesn't work. It keeps saying "The profile overrides form has been reset with the default values from the selected profile. Any previous overrides will be lost upon saving."
Hi. can you be a little more specific? what exactly doesn't work? what did you try to do? create a vlan or create a switch profile?
@@TechMeOut5 I followed your video step by step and then attempted to set the switch profile on one of the ports on my 24 port switch. I have a UDM Pro. If I attempted to select the new profile on one of the UDM pro ports then it would work but not on any of the switches.
@@EscapeEFT alright, so i know for a fact that many people including myself were able to assign the switch profiles just fine. so there is definitely something we are not seeing here. if you would like, i am offering to do a zoom call, you and me and maybe we will be able to sort this out
Can you make a video of filtering content?
Hi. Thanks for watching! already have one: th-cam.com/video/m_YZXMaboKQ/w-d-xo.html
How can I get in touch for a more specific question ?
Hi. join our Facebook and post your question. i will find you there. facebook.com/groups/ubntusergroup
Giveaway campaign! I’m a subscriber and a Facebook group member. please send me the access point.
WHy dont like you using the auto configure DHCP
In more complex networks...network admins usually like to set the subnets and dhcp scopes on their own.
Can you please show us how to create Radius? different VLANS on one SSID?