Complete UniFi Setup Start to Finish 2019

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

Thankyou all. Completely clear now.

Is it worth the usg / usg pro nowadays? I’m on a 600/600Mbps connection.

Or better wait for the udm/udm pro?

What will I be able to do more that with my actual isp router?

πŸ‘οΈŽ︎ 10 πŸ‘€οΈŽ︎ u/zzgus πŸ“…οΈŽ︎ Sep 28 2019 πŸ—«︎ replies

For the average home user, is IDS and IPS really necessary? Given that most consumer grade routers do not include this type of functionality. Thoughts?

πŸ‘οΈŽ︎ 7 πŸ‘€οΈŽ︎ u/kevtoms πŸ“…οΈŽ︎ Sep 28 2019 πŸ—«︎ replies

Does anyone have a link to a decent video that dives into proper firewall/vlan setup on a usg? This is one area that has eluded me in my setup and I can only put it off so much longer now. I’ve got a decent guest network setup, I believe, but I’m confused by how to isolate my connected devices (got some cameras, a printer, voip phones and some other equipment) from my computers in a sensible and proper way.

πŸ‘οΈŽ︎ 7 πŸ‘€οΈŽ︎ u/Apptubrutae πŸ“…οΈŽ︎ Sep 29 2019 πŸ—«︎ replies

Just saw this. Exactly what I needed.

πŸ‘οΈŽ︎ 2 πŸ‘€οΈŽ︎ u/TheGooseey πŸ“…οΈŽ︎ Sep 28 2019 πŸ—«︎ replies

I saw in the video that USG had the 192.168.1.1 address that is the same my router have.

How I deal with this ?

Do I have to put my router to bridge mode?

Who will do the DHCP?

What are the benefits of the USG?

Thankyou

πŸ‘οΈŽ︎ 1 πŸ‘€οΈŽ︎ u/zzgus πŸ“…οΈŽ︎ Sep 28 2019 πŸ—«︎ replies

I have a USG and 8-port PoE switch. I use a SmartThings setup for WiFi and automation because I can’t run cat5 through my house.

I don’t have a cloud key and simply run unifi interface on my pc when I need to.

I’m starting to need more ports and was going to pick up a cloud key and switch but think that maybe the UDM they’ve been beta testing is actually a better deal (if I sell my old equipment). That makes all this considerably more compact....

πŸ‘οΈŽ︎ 1 πŸ‘€οΈŽ︎ u/coalescent_code πŸ“…οΈŽ︎ Sep 28 2019 πŸ—«︎ replies
Captions
welcome to crosstalk solutions my name is Chris and today we're going to be doing a complete unified set up including a segregated guest VLAN using all of the latest ubiquity software and hardware let's start by taking a look at the hardware that we're going to use for this video to start off we have the unify USG now this is the firewall that I'm using here however you could also be using the USG pro it's gonna be the exact same setup for either one of those firewalls my sort of cut off on when to use the USG versus when to use the USG pro is if you have an internet connection that is greater than 100 megabits you probably want to go for the pro if you have 100 megabits or less the standard USG is fine then we're using this unify switch 861 this is the u.s. - 8 - 60 watt this switch has four standard gigabit ports and then for additional gigabit ports that provide 802 3 AF p OE output which is going to be used to power up our gen 2 cloud key as well as this nano HD access point now this nano HD access point along with the switch can be exchanged for other unified products and it'll be the exact same setup so if you have the us 8 150 watt switch for instance or if you have a UAP AC pro access point it doesn't matter it's literally the exact same thing that I'm gonna be doing here today as far as which access point you should use most people wouldn't need this Nano HD it's kind of overkill unless you have a ton of clients that are connecting so if you are gonna ask me what would be the best access point to get for home I would say you can't go wrong with the UAP AC Pro it's absolutely one of my favorite access points and it's the one that I personally use in my home I just have one of them to cover my entire household area and it works just fine I will have links to all of this equipment down below in the description now those are Amazon affiliate links if you purchase anything through those links I do get a little piece of that profit but if you find this video valuable and you to support the channel I would certainly appreciate you using my affiliate links below okay with all of that being said I'm going to bring the camera in close so that I can show you how we're gonna wire all of this stuff up initially for the initial deployment and then we're gonna switch over to the laptop to start actually configuring the network okay so here we have a look at all of the equipment that I'm going to be using for this video I also have a wiring diagram I'll put it up on the screen now if you guys are interested in downloading a copy of this wiring diagram just for reference I will also have a link to that down in the description below this video to start off we first need our internet connection now this gray cable here is my internet connection and I have it plugged into the LAN port of the USG this is basically coming straight from your ISPs modem and then plugged into here however in my case I actually have it plugged into a different interface on a switch which is you know essentially mimicking an internet connection without actually being a direct internet connection from there you want to take a cable and plug into your land port of the USG and then we're going to run that over to the eight port switch and I'm just gonna plug it into port one there we go here now this yellow cable that I have plugged into port two on the unify switch is going out to my laptop and then we're gonna plug in two more devices now keep in mind on this eight port switch the first four ports are not powered and the second four ports are powered right so if you're going to plug in something like an access point or your cloud key it has to go into these this second set of ports over here that's labeled p OE out with this black bar okay so let's go ahead and plug in the cloud key gen 2 if you have the cloud key Gen 2 plus this will also be a very similar setup except you will have unified protect in addition to just unify on the cloud key one of the nice things about this cloud key and a big advantage over the previous generation of cloud keys is that there is an onboard battery so if you ever lose power from the p OE or if you have a power outage or something like that this device gracefully shuts itself down as opposed to potentially just cutting the power to it which can corrupt the database so the first generation cloud key had some database corruption problems this one is much more solid highly highly recommended okay so finally we are going to plug in our nano HD this is of course with the black skin on here I think it looks really super cool with these skins we're going to plug this one into port seven okay so now what we're looking for here as these are booting up is we want to see solid white lights on all of this equipment it'll be the same with any of your ubiquity gear so I have a solid white light on the top of the USG I have a solid white light on the cloud key Gentoo and I have a solid white light on the access point I also have a solid white light on the side over here of this u.s. eight sixty watt switch okay so once all of your equipment has been plugged in and you have solid white lights on all of your equipment you want to come over here and one thing you're going to notice right off the bat is that assuming that you have a dynamic internet connection or in other words when you plug into your ISPs modem it automatically gives you a one IP address an external IP address for use on the Internet if you have a one IP address you should already be connected to the Internet at this point so for instance if I say ping one not one not one not one we can see here that I'm getting replies from one dot one dot one dot one because again my internet connection is dynamic if you do not have a dynamic internet connection meaning that if your ISP tells you to use this specific IP address information on your firewall equipment then you're going to want to go into the USG first so let's do that next again this is an optional step this is only if you have a static IP address from your ISP you want to open a browser and go to one ninety two dot one sixty eight dot one dot one this is the default IP address of the USG firewall we're gonna click advanced we're gonna click proceed and here we can see our USG interface now this is a very very basic interface this is basically just here to allow you to put in some IP address information if you need to we can see in my case it says this green bar up on top congratulations the Gateway is connected to the Internet and we can see that my when received an IP address of 192.168.0.1 hundred again that's an internal IP address coming from some other equipment in your case that would likely be an internet IP address not an internal LAN IP address however if you do need to set that statically you can come over here to configuration and then under when settings you can change this to pppoe if that's the type of internet that you have or static IP and with static IP this allows you to put in an IP address a subnet mask and a router which is also known as the gateway and that information should have been supplied to you by your ISP if you have a static IP address okay so if you put in your static IP address you can apply those changes otherwise I'm gonna hit cancel and the next thing that we want to do is we want to go to the interface of our cloud key now how do we know where our cloud key is in this network well luckily the Gentoo cloud key has a display screen right on the front and on that display screen I can see that its IP address is one ninety two dot one sixty eight dot one dot eight so let's go ahead and bring that IP address up in our browser next there we go and so now if we click on advanced and proceed we have the interface of our cloud key now at this point this gives us two options this access point option says that we can log into the unified network and start configuring it and this cloud key option or icon means that we can figure the actual settings of the cloud key itself so let's go ahead and start there now here I am in the cloud key by default the username and password is ub NT and ub and t so we're gonna say ub NT you BNT the first thing that it's going to have us do is set a strong password instead of the default okay so if your password if your passwords match it'll give you the accept button we can click accept and here we can see some information about our cloud key we can see that our firmware is a little bit of an older version we're gonna run all of the updates for this equipment later in this video and if we click on performance we can see the CPU the RAM the memory etc if we click on controllers we can see unify if you have the cloud key Gentoo plus you're gonna see unify as well as unify protect in here we can see that our unified network is 5.10 version which is also I think one version back as of the recording of this video if we click on network this gives us the ability to set a static IP address on the cloud key if we want we're not going to do that in this video however I will probably be doing an advanced configuration video as a part two to this video coming out very soon so make sure you subscribe to the channel if you would like to see that and then if we click on settings the only thing that you're really going to want to do in here is just make sure that your time zone is set correctly so for me my time zone is US Pacific that is already correct so I am good to go on my cloud key configuration so now let's go back out to the actual cloud key menu where we have the choice of going to the unified network or the cloud key and we're going to click on unify Network now at this point it's gonna start putting us through the unified wizard so the first thing that it wants us to do here is upgrade firmware it says there's a new firmware for the cloud key that's available we're gonna skip that for now and we're gonna come back later once we've done all of our setup and then we're gonna upgrade everything then okay so for now we're just gonna skip the upgrade and here it says thank you for purchasing unify you will be able to setup your controller in a few minutes which is true it only takes a little bit now on this page you just want to set your time zone I would recommend enabling auto backup and then finally if you wanted to restore a unify configuration from a different server this where you can click restore from previous backup and then upload that backup file to you know restore your configuration in our case though we're just gonna do a fresh configuration so I'm gonna click Next and here we go so they make this really easy for you so it's already detected all three of the devices that are going to be in this unifying Network we have our unify switch eight 60-watt our USG as well as our nano HD so I want to adopt all of those into this controller so I'm just gonna check this box here and we're gonna say next now we have the option of setting up both a standard wireless network and a guest Wi-Fi network that's gonna be the most common configuration now we're gonna go ahead and set up the guest Network we're later going to go into the guest network and do some changes to make it a little bit more secure later in this video so for our secure SSID we're gonna call it Y v fo thumb and a security key we're gonna use is a very strong one it's 1 2 3 4 5 6 7 8 9 0 obviously put a stronger password on your own wireless network we're gonna enable guest access and the guest SSID we're gonna call Wi-Fi guest very imaginative name we're gonna click Next and now we can create an admin so for the admin or the administrative name I'm just gonna use u BNT you can use whatever name you want there's an argument that says you should use something other than you B and T since that's the default it makes it easier to guess for people that are trying to compromise your network but for the purposes of this setup I'm just gonna go with u BNT administrative email u BN t at whatever comm it doesn't matter and then this is gonna make you put in a strong password so for the password and the password confirmation make sure it's a very strong password you know at least eight digits in length combination of upper and lower case letters as well as numbers symbols make it strong okay and then there is this option down here to automatically optimize my network you can turn this on or off it's not going to make too much of a difference but basically this turns on band steering it says this it may enable features such as blocking specific clients from connecting to 2.4 gigahertz and blocking multicast /a broadcast traffic based on network usage now this is basically just automatically setting a couple of settings that you could set manually later if you want I would recommend just leaving that on and then we're gonna click Next so there we go here's our conformation we're now gonna click finish and it's asking us for our cloud login so I'm not going to do a cloud login in this case but if you have a ubiquity single sign-on account and you want to connect your unify system to the cloud I do that on most of my standard production installs but since this is just a test setup I'm not gonna bother and I'm gonna click skip but again if you are running this in production up to you whether you want to do it or not I typically do now once you've clicked finish out of the wizard you might have to wait one to two minutes for all of the equipment to turn solid blue so we can see my USG the cloud key the access point as well as the switch 8 60-watt now have a solid blue light instead of a solid white light meaning that everything has been successfully adopted at that point you will also be switched over to this page here this is the welcome back here's what's new information screen we're gonna close that out in my case the unify interface had also told me that there was an update available if you do see an update we're gonna run those updates in just a second here so just ignore updates for now and we will keep going through here and here is the main dashboard for unified we can see that everything is great everything looks good we've got one switch one access point if we click on devices down here we can see all of our equipment however this is not a very friendly name so let's go ahead and name our equipment for the USG I'm gonna click here on the MAC address we're gonna click on config and then for alias under general I'm just gonna call it USG and safe then I'm gonna click on the access point same thing config we're gonna call this nano HD under alias and save and then finally the switch same thing and save okay so now let's go ahead and run our updates now the way that I run updates is I always update the cloud key firmware first okay I do the cloud key firmware which in most cases updates unify for me so let's go ahead and go back to the cloud key interface and we're gonna click on our cloud key G to settings log back in and we're gonna click on settings and firmware and we can see here that we are on I think with 0.9.0 at version 11.04 doing a click update now and then confirm that by clicking ok there we go firmware update finished your device will now reboot we're gonna say ok and you want to give it about a minute or two to reboot and then come back up once the cloud key reboots you're going to be redirected back to the login page but you actually want to wait until the light on the cloud key stops blinking white and turns solid blue one more time once your solid blue again we can log back in and now we can see that our firmware is version 1.1 dot 0 we can see that the unified network has also been upgraded so we are now 5.11 dot 39 so let's go ahead and log back in to unify there we go we are back in unify and let's check our devices to see if any of this equipment needs firmware updates and notice here that the not only has the layout change right you have the old list layout but you also have a you know this sort of block layout as well we can see the two of the devices the USG as well as the Nano HD have firmware upgrades available so when I do firmware upgrades on unify I always start with my access points then move on to the switches and then I finally do the firewall last so let's do that now we're going to do this nano HD upgrade we're gonna click upgrade and we're gonna say confirm here on this screen you're gonna see the status it says updating now keep in mind you don't want to now update the switch or the firewall while you're updating the access point because if it's downloading a file or installing and it loses power because you rebooted the switch or something like that you can possibly brick the access point so click update on the access point you can do multiple access points at once but wait for them to completely finish updating before moving on to the next pieces of equipment alright so my nano HD is showing fully up to date be light is solid blue once again so I am now clear to go ahead and update the rest of my equipment my switch has already been updated but I do need to update the USG firewall so we're gonna do that next keep in mind that when you update your firewall you are going to lose Internet connectivity because the firewall will reboot as part of the process so we're going to go ahead and do that now understanding that we're gonna lose Internet while we upgrade the firewall upgrade and confirm USG is done updating so now we are completely up to date now you're gonna want to repeat this same process anytime you have updates for your unified system but since we are all updated let's go take a look at some of our settings so if we click on settings in the bottom left-hand corner here we have our site configuration and I'm not going to go over too many of these settings but I did want to touch on if you click on controller you can name your controller so if you don't want to just call it unify if you want to call it your company name or your household name or something like that you can change the controller name here same thing with the controller hosting so if you're like unified company comm or unify dot whatever comm if you have a fully qualified domain name for your unify controller you can enter that information there for the purposes of this video the last thing that I want to do is make our guest Network a little bit more secure right now we have guest policies in place which enables client isolation on anyone that connects to that guest network however we haven't throttled the network so basically anyone who connects to the guest network can use up all of your available bandwidth if they want plus they are still getting an IP address in the same network as our internal or quote-unquote secure land so what we're gonna do here is we're gonna take our guest network and by the way this step is completely optional you could consider yourself done at this point but we're going to take our guest network we're gonna segregate it out into its own VLAN or virtual land and then we're going to apply some guest policies to that network so that we throttle down the bandwidth so that someone coming by connecting to our guest network can't take up all of our bandwidth okay so let's go ahead and do that next if we come over here and click on wireless networks we can see our existing wireless networks we have Wi-Fi fo fum which is WPA PSK secured meaning that it has a password on it and then we have our open guest Wi-Fi network where it's not connected to a VLAN but it is considered a guest network and being considered a guest network basically means that we've enabled client isolation anyone who connects to that guest network cannot get to other devices in our land but they can still get out to the Internet okay so we're going to separate that out though so let's come down here first to networks and we're going to create a guest VLAN so we're gonna say create new network we're just gonna choose corporate network we want to give it a name I'm gonna call this guest for the VLAN ID I'm just gonna call it VLAN ID 100 again you can make the VLAN ID whatever you want for me it makes sense to make the VLAN ID the same as the third octet in the network that I'm gonna create which is a private network in the range of one ninety two dot one sixty eight dot one hundred so there's that VLAN ID dot 1/24 now a slash twenty four basically means a Class C subnet or all of the available IP addresses between 192 168 dot one all the way up through 192 dot 168 to 54 ok so once we've done that I'm gonna click update DHCP range which is going to populate some values down below the DHCP range are the available IP addresses to hand out to clients that are connecting to this network so your iPhone or a laptop or something like that so let's go down here we're gonna change that though I want the entire network available to clients so instead of one i to 168 100.6 I'm gonna say 100 dot 2 being that 100.1 is the inside interface of that VLAN or the USG interface of that VLAN and then down here for a DHCP name server you can leave this Auto if you want I'm gonna set mine manually and I'm gonna make the first DHCP name server one ninety two dot one sixty eight dot 100.1 that's the USG the Indy VLAN interface of the USG and then I'm gonna have a secondary backup DNS server of 1.1 1.1 so just in case the USG isn't resolving DNS requests for some reason we have a backup that is a publicly available DNS server for the DHCP leased time I'm gonna set this down to 4 hours which is fourteen thousand four hundred seconds okay so that's it for creating our VLAN we're gonna say save and now we can see that our VLAN has been created the next thing I want to do is click on user groups and we have one default user group in place I'm going to add a new user group we're gonna call this user group a guest and then we're gonna check both of these boxes and we want to limit the download bandwidth again this is whatever you want to limit it to for me I'm gonna let it limit it to 10 megabits per second and for the upload I'm gonna limit it to 5 megabits per second so that means that any single client if you connect with your iPhone or your laptop or whatever if you connect to my guest Wi-Fi network the most bandwidth that you're gonna receive is 10 megabits down and 5 megabits up so you can't suck up all the bandwidth in my network we're gonna go ahead and save those settings and now let's go back to our wireless networks click on wireless networks we're gonna edit our guest Network and we're going to open up Advanced Options so under Advanced Options for the user group we're gonna choose guest ok so that's going to apply the bandwidth throttling to this network and then we also want to check this box that says use VLAN and we're gonna say VLAN ID 100 so we're gonna say save and now if you click back on your devices we should see that the Nano HD is provisioning ok so that means that those settings that I just created are being pushed out to my access point so that that network is going to be available very shortly once the access point has finished provisioning if you open up a phone or a laptop or some sort of device that has wireless connectivity you should see two networks you should see your in my case is the Wi-Fi fo fum network and the Wi-Fi guest network I'm gonna click to Wi-Fi guest I have connected to Wi-Fi guest and let's take a look at our settings okay so according to the Wi-Fi analyzer program I have received an IP address of 192 168 102 which means that I am successfully on that new VLAN that I created for this guest network now let's go ahead and run a speed test as well speed test is done and I know you're not gonna be able to see this but download speed was nine point five three megabits upload speed was four point six two megabits so our our bandwidth throttling has worked ok so you can do your own test you can set your own bandwidth throttling to whatever is appropriate for your own network you can see here also now on nano HD I have one connected client if we click on our clients we can see a crosstalk iPhone is connected 2 minutes and 20 seconds if we look at the list view we can see that crosstalk iPhone is connected on the Wi-Fi guest network alright so we are done at this point with one huge exception and that is that you should always take backups of your configuration so let's go ahead and download a back up of the configuration that we just put into place so that we have it in case we screw something up ok so we're gonna click on settings and we're gonna on backup now under backup you have the auto backup settings now this is going to automatically backup by default once a month and it's going to back up to the slash data slash folder or directory in the backend of Linux on the cloud key if you have a micro sd card plugged into the microSD slot on the cloud key that automatically mounts to slash data slash if you take a microSD card put it into the cloud key it doesn't have to be a very big one you can use like an 8 gig card or smaller that's going to be perfectly fine then once a month it's going to take a backup of your configuration with 30 days of data retention which you know you can choose how much data retention I usually do either none or like 7 days because it's not that important to me but if you want to take a manual backup you under this backup restore section you can say download backup last 7 days I'm just gonna say settings only since I don't have any actual history that I need to retain and I'm just gonna say download file so there we go I have a backup downloaded I'm gonna take that backup save it in a secure location and now I have the initial configuration back up from my unified controller and my whole unified setup here I would recommend taking a new backup anytime you make significant changes to unify ok there you go guys again links to all of this equipment is down below in the description if you have any questions leave me a comment or if you have any suggestions about how I can improve this video or the initial setup of the unified controller other people are gonna find that helpful as well so put that information down in the comments below if you enjoyed this video make sure you give me a thumbs up and subscribe to crosstalk Solutions if you're not already subscribed we're gonna do a part two talking about more advanced configuration of unify coming up real soon ok that's it for this video we'll see you guys in the next [Music]
Info
Channel: Crosstalk Solutions
Views: 703,842
Rating: undefined out of 5
Keywords: ubiquiti, ubiquity, unifi, complete unifi setup, unifi setup, unifi configuration, how to install unifi, usg, usg pro, uap-nanohd, uap-ac-pro, us-8-60w, us-8-150w, us-24-250w, crosstalk solutions, crosstalk solutions ubiquiti, ubiquiti unifi, ubiquiti usg, unifi security gateway, ubiquiti cloudkey, cloudkey gen2, cloud key, unifi controller, unifi switch 8, home network
Id: f_-iuY_xxFY
Channel Id: undefined
Length: 28min 37sec (1717 seconds)
Published: Fri Sep 27 2019
Related Videos
Best Home Network 2021 - A Guide to the Best Available Network Equipment
Crosstalk Solutions
116K
Ubiquiti Access Points Explained
Crosstalk Solutions
1.2M
New Square Dish! Major Starlink Updates
Crosstalk Solutions
140K
Cloud Key Gen2 Plus
Crosstalk Solutions
249K
USG vs. EdgeRouter
Crosstalk Solutions
597K
Secure IoT Network Configuration
Crosstalk Solutions
319K
We *ALMOST* Got Scammed! Here's the story..
Crosstalk Solutions
60K
UniFi Network Deployment Tutorial & In Depth Look At The Platform / Port Forwarding, WiFI, & VLANS
Lawrence Systems
222K
UniFi Dream Machine Pro (UDM-Pro)
Crosstalk Solutions
518K
Part 2 | Ultimate Home Network 2021 | VLANs, Firewall Rules, and WiFi Networks for IoT UniFi 6.0
The Hook Up
243K
Unifi Complete Network Setup
Toasty Answers
423K
VLANs in UniFi - Setup & Configuration
Simple Networks
36K
Part 1 | Ultimate Home Network 2021 | WiFi 6 and UniFi Dream Machine Pro
The Hook Up
322K
Unifi AP - First Time Setup
Toasty Answers
646K
Ubiquiti Breach Update - Mind Blowing New Info!
Crosstalk Solutions
86K
Definitive Guide to Hosted UniFi 2021
Crosstalk Solutions
35K
UniFi Guest Network with Captive Portal
Crosstalk Solutions
408K
Ubiquiti Mesh Wireless
Crosstalk Solutions
528K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.