Complete UniFi Setup Guide (Dream machines for beginners)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right how's it going yall So today we're going to be going over a complete UniFi setup right here so this is going to be assuming you've got like a dream machine or any of their similar equipment and this is going to go over setting up from scratch we're going to touch on very briefly at the beginning here what these three components are and what they do so we will be having chapter markers below because if you already have your equipment and kind of already know how you're set up you go ahead and Skip to those but we're going to start by just kind of going over what these three pieces are and how you can use them as well as what different options there pretty briefly at the beginning here and then we're going to go all the way into setting up this dream machine pro Max all the way till we have Wi-Fi running and even a guest Network up and running without going too too in depth to keep this short and then UniFi has a ton of features there is a ton you can do with these systems and so I'm going to talk briefly about the most common things I do with them and what other options there are but this video is going to be everything you need to get started and actually get up running and if you like these videos I'm planning on doing a fair amount more of them so go ahead and put any suggestions you got for me down in the comments below and subscribe we're trying to hit 100,000 subscribers and we've got a lot more unified content coming on out all right so to start off let's talk about what these three things are and so at the very bottom right here I've got a dream machine pro Max and for most people it will really do three specific things first off it is a router or a firewall those two are more or less interchangeable terms technically as you go larger they are completely separate units but for most medium-sized businesses a router and a firewall are essentially the same thing and what they do is they take a public IP address and they create a local network behind them or multiple local networks behind them and so most people have a Wi-Fi router their house that's actually all three of these things in one but routing in of itself is just the act of essentially taking one public IP address and creating an entire network behind it as well as saying what can and cannot come in and so this is used to protect your network and can actually be used to block threatening traffic and so if somebody goes to a bad site with a known bad IP address that may be trying to deploy malicious code this can actually sever that connection and just not let those packets in at all and so it is going to be basically what runs our Network and so the next thing this also is is a UniFi application server or UniFi console essentially what this is is it runs all the devices all the UniFi devices on your network so these are two independent UniFi devices on top of it a switch and a Wi-Fi access point and it is going to essentially aggregate all that information and have one pane of glass to control all of it and so it actually controls everything and gets metrics on hey which ports are running fastest and things like that now the last thing that does in a lot of people's cases is actually act as a NVR or a network video recorder so we're actually not going to be deploying this in this case but these things have built in hard drive base up front to actually have security cameras that can record to them UniFi has a massive line of security cameras and they work very well and they're a great Bank free Buck especially if you only need to deploy maybe four or five of them something like this is a great setup because you can have it all in one place and not have to have a separate NVR and just record directly to your router and so that's what this is It's really three applications in one you could split them off but in general it's a great place to start and they also sell ones that include Wi-Fi such as the just standard dream machine and so that is where if you didn't want to have a separate Wi-Fi access point or one at all this is also rack mountable which is very nice and so mine that's in my rack behind me is nice and rack mounted and it really controls the whole network all right so that is what a dream machine is they can do a ton and there's a lot of different versions of them next up what we've got up here is a switch this is actually one of their ether lighting Poe switches so this is the pr Max 16 and it's got ether lighting so I'm going to show that later basically it can light up different ports it's very fun but more importantly it does a few things here it is actually a Poe switch and what Poe is is power over ethernet and so this not only gives devices hooked up to an Ethernet it also can give them power which is what we're going to be using in this case right here so this is a Wi-Fi access point that generally you need to have both power and ethernet to it but instead they use what's called power over ethernet and so this switch actually just supplies both ethernet and power to our Wi-Fi access point so we only have one cable having to go to it and it is very useful Poe switch is going to be used to power a ton of different things but the most common things you'll see are really three of them you'll see Wi-Fi access points phones and security cameras are by far the most common things you see being Poe powered but there's tons of other options you can do and you can even have like an iPad being Poe powered with the right adapter and so this switch essentially takes in the network connection from the router and allows everybody else to talk it's not really in control of the network but rather it just spreads out the network and lets more devices talk anything that's plugged in the switch that is on the same network can pretty much directly talk to each other increasing speed this one has two different speed of ports and that is how fast the two different devices can talk to each other if they've got it most of the ports are 1 gbit but on the far left hand side they have 2.5 gbit ports which is very useful for these faster Wi-Fi access points or even having a Nas hooked up and then on the very farthest left those two weird ports are what's called sfb Plus or 10 GB fiber optic cables and so the switch essentially is just there to allow everybody to talk and communicate and it also can help us segregate out our Network and it's also going to be powering our Poe access points which are Wi-Fi access points as well as any cameras we add in as well finally we have an access point this is as I said earlier a power over ethernet access point and so what this is is this is Wi-Fi it is not a Wi-Fi router because if you just plug this into your Charter modem it wouldn't do anything instead it is just an access point so it takes all the commands from the dream machine below it and it is told hey this is how you set up the Wi-Fi this is your IP address this is how you do everything and that is all it does and so you can have multiple of these and as you're walking around the house your phone will hop between them based off of what has the best signal at that time and there's a ton of stuff you can do it this right here is one that is ceiling mounted but you can get them in pretty much any size shape and form that you need with different speeds as you can see it's just being powered with a single cable and so if you have a switch that does not support power over ethernet you have to buy what's called a Poe injector which will basically go between it and the switch to just give it power so you plug it into an AC outlet plug it into the switch and plug it into the access point and this Poe injector will inject power over ethernet into that cable so that it is nicely powered and so those are our three things that we've got here there's a whole bunch more custom configuration you can do and a whole bunch more stuff but this is really like the base three components then if you see this big blue cable right here that is my w connection and so this is what you would plug into your your Charter Spectrum modem or your AT&T router basically that is the WAN cable that comes in and gives internet and if you look there is a port on there that is labeled when on the dream machine and what that does is that is the outside Network and then all the other ports are the inside Network that's the Lan and so that's what I've done I've just hooked it up in there and then if you see this Thin Blue cable it is going to be hooked up to my laptop and I've just got a easy adapter on it right here and so that way we can set up all this directly and have a really easy hookup to it all right so now let's go ahead and get started if we wanted to these can actually be set up over Bluetooth so if you don't have a built-in ethernet adapter where you can use that you can actually just set up on your phone and set up your Wi-Fi via that but so you all can see it really easily I'm just going to go ahead and plug my laptop directly into the udm all right so now the very first time you set this thing on up we should be getting a 192.168.1 IP address from the udm and the way we can verify that is all we do is we go to 192.168.1.1 and if you see it this connection is not private you know you're in the right place this is actually Totally Secure anytime you put in a local IP address in a browser window you'll never get a this is secure message and so we're going to go ahead and say show details and continue Firefox Chrome and Safari all have different versions of this so you just need to figure out how to click through and join it and just like that we have found it and now we're going to go through and do the first time setup guide for the dream machine pro Max and this is really going to be the heart of our entire Network that runs everything so I'm just going to create one called space Rex demo you can name this whatever and so now you can actually hook this up to a UniFi account and follow this through or you can proceed to just have a local connection if you want to be able to do these settings remotely or have a remote backup you can sign in with a UniFi account and I'm going to go ahead and sign in with mine as well to show how that backup process works but if not they do allow you to set this up locally so I'm just going to go ahead and sign in with my account here that's going to get all blurred and in my case I actually just formatted this thing so it's actually asking me to restore from backup but we're just going to say continue without backup to set this thing up new right here this is where we could set up really easily as a NVR to actually record footage but we're just going to go ahead and skip that and now right off the bat it's going to go ahead and test my download and my upload speed and as you can see we've got very nice internet speeds here here and now it's just going to go ahead and do the basic setups right there if you've been looking there's a little screen on it that tells us exactly what it's doing and it is essentially just doing our first time install now the very first thing we should always do whenever we set up a network like this is by default it is set us up with a subnet that is 192.168.1 and you want to change this this is the first thing you should change every time you set up a new router is never have it on 192.168.1 honestly I just avoid the 192.168 network entirely and instead I always set up stuff on the 10. networks there's way more of them and nobody else uses them and so you have the ability to customize your subnet however you like to and the reason you really want to do this is you want to make it so that when you inevitably set up a VPN or maybe you want to connect your work and your house together you want to everything to be on different subnets to make it very clear about who can talk to who and I'm not going to go super in depth with what subnets are but we're going to go ahead and just say anything that is on the same subnet generally can talk it's generally on the same local network we're just going to go ahead and show you how to change it on over and so the first thing we're going to hop into before we do a single other thing is to come in here and change our Gateway IP and so to do this we're going to come in over here we're going to go to settings network and we are going to change the default Network subnet and note when you do this everything else is going to shut down and have to be reset and so that's why I've not adopted anything yet because we're going to redo everything and we're just going to power cycle all this stuff afterwards and we're also going to have to pull the ethernet cable out of my laptop and plug it back in So as I said earlier we are on that 192.168.1 Network horrible idea stay off that because you want to be able to VPN in later on and do a whole bunch of fun stuff so we're just going to change our default Network to 10 do anything between 0 and 254 so whenever I'm setting up a network I basically give it a 10 do something number and then all the networks within there are going to be in that same subnet we're going to start very very very basic here not really go super in depth with that but I want you to basically pick a fun number in between 0 and 254 really basically one and two 54 just to decrease a chance of overhead and so in this case we're going to do 70 we're going to do 10.70 0.1 now you can use that I'm going to choose zero as my third octet because that way I can use 1 2 3 four five for all my different vlans and we're going to talk about that all later now one last thing to know is make sure you always start with 10 if you're going to do this or use the other local networks because anything that starts with 10 with an IP address space is guaranteed to only be a local IP address so you won't mess up the internet I've actually had clients who had setup like that where it was an 11 and essentially they could not access random internet sites who had that IP address so you're always safe whenever you start with a 10 or 192.168 so this is a great place to start and you can customize this however you like to but if you want to use 10.70 that's totally fine too and we're just going to hit apply changes when we do this we are going to lose internet access and this connection is no longer going to work because now the udm is no longer living at 192.168.1.1 and instead we'll be living at 107.0 do1 so I'm going to do two things I'm going to unplug the ethernet cable from my laptop and plug it back in and that will tell my laptop to get a new IP address then I'm going to reset these guys right here and do the same thing by unplugging power all I've got to do is unplug power from the switch because it's also powering the Wi-Fi access point and just pluging it back in by doing this everything will request an IP address from the udm so now I'm just going to go to that 10.70 10. 70.0 do1 and just like that I can go ahead and log in again and this is the new location of my dream machine so that is the most important thing to do when you you start out always always always change that subnet I've seen other tutorials that say it's because hackers know you're using 192.168.1 that's dumb really it is because you want to be able to customize your subnets and use sight to site vpns and vpns where if you've got overlapping numbers weird stuff happens it gets very complicated so always the first thing you do should be to change that and if you're setting up a business and your house make sure they're not the same numbers so that way later on if you want they can actually talk and do some really cool stuff all right so now we're going to go ahead and just enable our auto updates and honestly for the longest time I did not have UniFi stuff on auto update and then they've not had a real issue in the last two years so I'm now on auto update train I would recommend keeping it to official and we're going to go ahead and just hit update on our Network as I said earlier we can also install protect right here as well as a bunch of other applications that UniFi can do and so that is all going to be for another tutorial this unit can also do a really cool thing called Shadow mode I'll leave a link down to my tutorial on that but it essentially gives you high availability where you can fail over from one to to the other so if your router fails it doesn't take out your whole network while we're in here and waiting for our Network to update we're going to go into our console settings and we want to make sure that we've got a automatic backup and right here it set set up automatically for weekly and that is perfect and here if you want to you can actually disable remote access entirely we're not going to do that because honestly it helps a lot with configuration there's a lot of great stuff I can do but if your compliance requirements require only local access to a router which some of them do that is where you would do that all right so now we should be back on in and we can see that our network has updated so we're just going to go ahead and see that we are running 8.29 3 and we're going to go ahead and click on and we should see everything we got here so now I actually want to give a bit of a demo on everything you'll see that my w IP is 10.30 that is not a public IP address as I said earlier that's because I'm actually hooked this up to my router itself and so that way I can do this without exposing my public IP address and just have a little demo landan you can also already see all the stuff that's coming through the network because the dream machine is actively checking what sites things are going to all right so now let's go ahead and let's adopt our devices so we're going to go into our UniFi devices right here and we're going to see that our switch and our access point are both ready to adopt and all we have to do is Click adopt on them adopting essentially takes control of the device and allows it in this dashboard so we're going to adopt both of these guys right here and that's going to take a minute it's going to go through and do their updates and all that stuff and that way all all these devices that you've got are just controlled on one pane of glass right here now I'm in wired ethernet right now so we don't have to have Wi-Fi set up but we are also going to want to set up Wi-Fi so to do that we're going to go into settings and Wi-Fi and this is probably the very first thing you want to do so that way you can stop being on wired ethernet and actually go use Wi-Fi now one other thing to note if you are doing this on your phone via Bluetooth you will have had to do this earlier on so now just go ahead and name our Wi-Fi this is going to be the SS ID or what shows up in the side and go ahead and come up with a fun password now there are a ton of options here for customizing your Wi-Fi if you're a business and you want to do a hotspot they've got this hotspot portal you can choose what bands to operate on which also includes the new 6 GHz Wi-Fi 6E and 7 spectrums band steering generally leave on that'll tell devices hey use 5 gigz don't use two and a half gigz client device isolation actually allows you to essentially have devices that are hooked up to Wi-Fi not be able to talk to anybody else and this is really useful for whenever you're setting up like a guest Wi-Fi or an iot Network depending on what you need BSS transition frame this should be the very first thing you disable if you're having any weird issues so if you've got an old device that just does not want to stay connected to Wi-Fi very well disable this and another really cool thing you can do is for those devices that are really awkward and slow and have problems you can actually create an entirely separate Wi-Fi network that actually has all the settings configured for these weird devices that don't need that much speed and instead making this really fast then we also I always like enabling fast roaming as well as getting matter devices multicast enhancement can really help with matter devices and so that is the basics here for getting started there's a whole bunch of options and this is our first Wi-Fi network future ones can also be set to different networks and so we're going to talk through creating a guest Network as well all right so now that we've set up our Wi-Fi we should be able to go back into our devices over here and we should see that our device have updated well they've not quite adopted just yet our Poe switch had to reboot as part of the update process and it took out our Network so we're just going to go ahead and wait for that to come up and then we should be able to start connecting our devices to Wi-Fi and as you can see The Ether lighting is very fun all right great so now all of our devices have been adopted and so now we can manage them we can see what's going on and we actually even get this great topology graph that shows what everything's hooked up to so we can see exactly what you see in front of you here is my router right here that's the dream machine and then my laptop plugged into it and the switch is plugged into it and then the poe access point is plugged into that and so it gives you a very nice diagram you can also come in here and actually see everything you can look at your Port speeds there's a ton of stuff you can do here you can even power cycle specific devices that's one of the really nice things about power over ethernet is it controls the power so if you've got a device acting up or anything like that you can just click on it and hit power cycle and just like that it turns off it turns the device off because it's essentially just unplugging the power and plugging it back in and so there's a ton of really useful stuff you can do here and now we want to go in and set up our really basic security settings for this so we want to use some of the really nice threat monitoring and threat detection that UniFi has built in and it makes it just really easy to setup configure and even be able to see what's going on and so that is all under this security tab right here so the ones I use a lot of time is DNS Shield this will basically encrypt your traffic before it ever leaves the network specifically your DNS lookups which traditionally actually happen unencrypted and so this is a good way of making sure your ISP does not know what website names you're going to the ISP will always be able to tell what websites you go to based off their IP address if they wanted to unless you're using a privacy VPN and a a Honeypot honeypots are very useful because they can allow you to figure out if something's in your network looking around trying to find stuff and so essentially what this is is this is a ghost device on the network that if it gets pinged or has a port scan on it it will alert you and that way you can kind of tell if somebody's scanning ranges trying to see what devices are open which may make you think hey there might be a virus or something like that so it's useful to have a Honeypot and it just needs to be outside the dhp range then the next and probably the most valuable side is going to be under Internet safety this is one of my favorite features on this and I always go to Advanced no F and block and high you can also customize everything under Sun you like here but this actually uses sakata to go through and do threat detection and threat monitoring and can actually block ious IP addresses or known exploits to see hey if somebody clicks a bad link your router can actually kill that connection before anything ever happens it is super useful to have and UniFi makes it incredibly easy to set up and use you can choose what networks to run on and you can choose between notify or notify and block notify and block is supposed to be a little bit slower but honestly these things are really fast so I've never seen a big issue and you can see all the devices over here that you want to and what I normally do for people is I will start with the most strict setups and then as you find stuff that is false positive or hey I know this is kind of sketchy but I'm doing anyway I trust it you can either come in here and whitelist them remove these out entirely or also just go ahead and they've got an option to say hey let's allow this traffic in the future so that's a great place to start and dark W blocker will block any tour addresses so if you're running tour node or you want to use something like tour browser you have to uncheck that and then malicious IP addresses I always leave on and this right here is your allow list for security detections so if you got one device that you just want to expose to the internet without any kind of protection you can do that here as well this is super useful and just can block a lot of stuff out of your network from ever even getting into the network country restrictions it's up to you I very rarely ever use that and if you're going to use it I do not recommend blocking both directions or outgoing and only blocking incoming because outgoing can wreck websites so I've had clients who like block to Germany and there's a server hosted in Germany that now they can't access and so if you're doing that be very very very tight with those and in general if you can only block incoming I personally don't find that too useful unless you you've got a specific use case for it now ACL rules and traffic and firewall rules we're not going to touch over right now because there is so much stuff to do there we really just want to keep the very Basics on this but this is where you can customize everything and create iot networks create specific vlans and have all these rules about what can talk to what and how so I'm going to leave that for another day but these basic settings are a great place to start for protection and you'll also start seeing trigger and you can start acting upon them VPN teleport is actually awesome it works really well they finally got Mac OS clients working okay and it just allows you a OneTouch VPN to set up but there's also this VPN server which can allow you to run wire guard or openvpn and that works great and it's really useful for getting remote access to your network and being able to access things securely from outside the local network wire guard is great for that it does take a little bit of configuration an openvpn you can set up where you've got multiple usernames and passwords all this is very easy finally there is also sight site VPN and VPN client VPN client is if you want a privacy VPN sight site VPN is if you want two devices to talk though if they're both UniFi check out site magic it works so easily but if you want to hook this up to like a AWS server or maybe even a PF sense box at another site you can do that with IPC or openvpn all right so now we have the basic setup of our Network we should be able to turn on Wi-Fi now and we should see that Wi-Fi SS ID that we created so right here we can see space Rex demo we can just go ahead and put in our password and now we are hooked on in so now we should be able to go ahead and actually see who's hooked up to what and how they're hooked up so we can see right here that my MacBook right here has two different connections one of them is via Wi-Fi and one of them is via wired ethernet so one device can be hooked up multiple ways depending on the different connections and so now those are our Basics we've got our Network set up the next thing we want to do is just let's set up a guest Network and this can also double as a basic iot Network for something like a Roomba that just needs internet access we're going to go over that in future tutorials for even more in-depth options but starting out we're just going to keep it nice and simple and set up a BAS basic guest Network and so we're going to do this in two different ways we're are first going to create the VLAN which is basically the network is a virtual landan and that is where you can allow or restrict things from talking to each other and we do that under the network and this is where we can create it in the subnet or in a different subnet so let's go ahead and put this on the 10.7.5 subnet so we're going to go ahead and create new virtual Network work and we're going to call this guest choose our router as the udm I guess the udm pro Max now and we are going to go ahead and give it that subnet that we choose we're going to go ahead and choose 10. 70501 and so that way it is a different subnet than our main landan and that way traffic is all segregated out based off of that now we can go ahead and assign a VLAN ID I normally do something like 750 for that kind of thing but automatic is always fine so whatever is there if you're only using UniFi devices then you don't have to choose it VL ID it takes care of it all for you and now we can do our very basic settings here where we can say it's a guest Network which means it's going to be isolated out so it's essentially going to go ahead and not let it talk to any other devices and they are only going to be able to communicate with each other and the internet you can also create a hot spot right here so this is a very easy way of just creating a network and it's basically going to be restricted on out we've cre the network now we need to create the Wi-Fi to go along with it so I'm going to go ahead and create space Rex guest and when we're choosing our network instead of putting it on default we're going to put it on guest so we can create a hotspot portal and a whole bunch of stuff but we can also just leave it on straight Auto so now let's go ahead and make sure that this thing actually works so let's go in and what we want to happen is we want our guest Network to not have the ability to talk to anything other than the internet which is the most secure way of doing it so I'm going to go down and we should see our space re- guest and so now just like that we've got our basic login and if we try to go to the router we can't so it will not let us talk to the router and do any settings but we can go to the Internet which is exactly what you want so now any devices on there cannot talk to anything but the internet which is very useful you can also choose instead of creating as a guest Network and I'm going to hop back into our main one where we can talk to the router you can also change this network from being a guest Network to something a little bit more basic where it's a isolated Network and so by isolating out stuff from this network essentially you can choose to not let it talk to anything else and that way it can still hit the router which is not too big of a deal because these can be publicly exposed and we can also include firewall rules to limit that but you don't have to have things like a hotspot portal or anything like that to actually log in and so I isolate Network can be really useful for just spinning up a quick and easy iot Network where essentially if you look it creates a firewall rule that says hey anything that is on that 10705013 but if I try to Ping that switch it will not but if I switch back over to that main Network it will let me well once it joins back in properly and so that is the difference between the hotspot and the guest Network all right so now we pretty much have the basics of our system set up there's a whole lot of stuff you can do with playing with the Wi-Fi playing with your subnets playing with your vlans tons of stuff but this is a pretty good stopping place for setting everything on up go and leave any other tutorials you like to see me making this in the comments below I'm planning on doing a big old push with this just because finally UniFi has gotten a very stable setup and it doesn't change that often and so it's really easy to make tutorials in it now that'll actually last more than 6 months and so there's a ton of stuff here and so go ahead and leave those down in the comments below and have a good one bye [Music] l [Music]

Info

Channel: SpaceRex

Views: 6,777

Rating: undefined out of 5

Keywords:

Id: N2uDLXqipCs

Channel Id: undefined

Length: 33min 3sec (1983 seconds)

Published: Tue Jun 25 2024