UDM Pro Full Setup And Configuration For Home Or Small Business

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone cody from mac telecom networks in this video we are gonna do a udm pro full setup from start to finish we'll add some networks we'll add our wireless access points and then we'll do some firewall rules if you guys are new here please hit the subscribe button make sure to hit the like button if you'd like to hire me for network consulting visit www.mac telecom networks.com you can visit us on instagram at mac telecom networks okay so on screen here you can see this will be my actual network so we're going to create five different networks so one will be the admin network then i'm gonna have a guest network we'll have an iot network for all my iot devices and then last but not least we'll have a camera network so on the top floor of my house we have a uap nano hd in actually that's in this office here then we have a uap ac light on the main floor we have a uap flex hd which is in my garage in the basement the uap ac pro and then in my living room i have a uap in-wall hd so i have a 24-port 250 watt poe switch this is a gen 1 switch and that's connecting to our udm pro through a dac cable so the dock cable is connected to the s p plus going into one of the sfp ports on the actual switch so this switch only is one gig but the udm pro does 10 gig sometimes the auto negotiation doesn't work so we'll actually hard code these ports to run at one gig so now that you see the network setup let's go ahead and get into my udm pro so to get into the udm pro you need to be on the same network as it by default it is 192.168.1.1 that's the udm pro so i've set my network interface card to be on this uh same subnet and how you do that you just go down to the uh little where your internet would connect go to open network and internet settings click on the ethernet go to change adapter options find which ethernet adapter you're using i'm using this ethernet right here right click go down to properties and then you'll want to look for ipv4 so internet protocol version 4 click on that and then go properties again right here you want to uncheck obtain an ip address automatically and then use the following ip so it could be any address 192.168.1.100 is just what i choose and then you want the subnet mask 255 255 2550 that's a slash 24 and then the router ip which is 192.168.1.1 all right so now we'll open a chrome browser and we'll go over to 192.168.1.1 and that should launch our udm pro so i'll type 192.168.1.1 and now you can see the udm pro is popping up and it's showing us that it's connecting to the internet i have static ip so it may not connect to the internet until i actually input my ip address all right so mine didn't actually connect so i'm going to go to advanced internet options and then you could specify your connection type so my connection is actually static so i'm going to go static ip the interface will be my wan interface if you have a fiber directly connecting into your udm pro you will want to select the wan2 sfp now i'm going to put in the ip addresses that my isp have given me i won't be showing this on screen but you need to put in your ip address the gateway the subnet mask and then dns servers okay after i put in my ip address information it's going to try to connect to the internet once again and you can see after we put in our static ipa connected to the internet if it doesn't connect to the internet and you're using dhcp just give it some time and it should connect i'm going to press next okay so now it says name your unified dream machine pro i'm going to just name it mac telecom and then i'm going to agree to the terms and conditions and press next so here you need to create a ui account if you don't have one you could click here uh to create ui i'm going to put my details in here and then we'll press next so this is an update schedule keep your network up to date provides with the latest security performance and features so this will do it every day i'm going to disable it i like to actually auto manually push out the firmware that after i know it's been tested and it's not going to break any of my devices so we'll press next so for the configuration we will auto optimize i'll just press next for the defaults and now it's starting an actual speed test of my network okay so now my test results are in from my isp i'm getting about 900 megabits per second down and 37 up so it will just adjust the actual download and upload speed i'll leave it at that i pay for a gig down in 40 up it's pretty close so we'll press next and then here we'll just review what we've actually put in and we'll press finish so now it's going to set up our device okay so now our udm pro has actually done updating you can see all the different controllers that it has on it so we have our network controller which we'll be using to do all our network configurations there's protect which is for the unifi nvr if you want to add some cameras it has access which is for access control systems and then it has talk which is for voip systems which is in beta still i have not tried the access or talk but i'm hoping to eventually so down below you can see the version of the firmware that the controllers are running on so this is at 5.14.22 so i'm going to go ahead and i'm going to click the network all right so now we are on the the network controller dashboard the first thing i'm going to do is actually change it to dark mode it's easier on my eyes we could see that the unified dream machine has utilization of 18 and one switch we can't see anything else connected and that could be because the auto negotiation from my uh s p plus port on my unified dream machine pro connecting to my usw 24 250 watt um the auto negotiation isn't working so we need to hard code that so i'm going to go ahead and click on the udm pro i'm going to go over to ports and right now under the port 11 which is our uplink to our unify switch is down so i'm going to go over click the little pencil icon go to profile overrides and instead of auto negotiate i'm going to turn to one gigabit per second and press apply so now it's provisioning and we can see that the uplink is green now so we should see our switch come into this list which is now pending adoption all right so now our switch is adopted into our controller we need to actually adopt the rest of these access points um the uap ac light is already adopted so we'll go ahead and do the pro we just need to click on it and then press adopt and then we have to do that for the uap c flex for some reason it's showing a wireless uplink it is cabled i'll have to figure that out later but we're going to press adopt and then our uap hd in wall we're going to press adopt on that as well and then last but not least is our uap our unifi ap nano hd so i'll press adopt on that so this is going to take a few minutes and they should all be provisioning and then it will show up in our list all right so now all of our access points and all our devices are adopted into our unifi controller i have already done the firmware upgrades for these four access points i'll show you guys how to do it on the uap ac lite all you need to do is click on this little upgrade button and then it's going to tell you are you sure you want to upgrade from 4.3.20 to 4.3.21 i'm gonna press confirm you want to make sure that you're always up to date with your firmware as it gives you new features and brings out new security patches okay so now going back to our diagram we need to actually we have all of our devices connected into our unifi network controller we need to create these four networks so how you do that you go down to your settings wheel and then we want to go to networks so we'll go local networks so our base network is 192.168.1.0 we want to change that to 192 168 10.1 so i'm going to go in i'm going to click edit and i'm going to put it 10.1 we're going to auto configure so that the dhcp range actually takes and then we're going to want to apply that so that's going to switch all of our access points ip addresses as well and i'm actually going to give them static ip addresses so i'll press apply and our udm pro won't be reachable at 192.168.1.1 anymore it will be reachable at 192.168.10.1 so now we have to go in back into the udm probe by going to 192.168.10.1 and we'll go advanced and then we'll proceed we're gonna have to enter our username and password yet again and then we click on our network controller so we're gonna go over to devices and these devices will start taking new ip addresses i'm going to click on them and i'm actually going to give them their own uh their own static ip so we'll start from left to right i'm going to click on the apac light i'm going to go to configure and then we're going to go down to network under configure ip we're going to go to static and i'm going to change this to 192.168.10.2 and the the subnet mask will be 255.255.255.0 the gateway will be 192.168.10.1 and our dns will be 1.1.1.1 and the alternate will be 8.8.8.8 and we'll cue the changes and apply so we're going to have to do that same thing for all the other access points so right now you could see some heartbeat misses on the devices that's because they are getting a new ip address from the udm pro dhcp once they are back up we will actually provision these with their ip address all right so all the access points in switch have been uh provisioned with the new ip address so this one has 10 192 168 10.2 3 4 5 6 and then seven we're gonna use the 192 168 10 network as our management network so that will have my computer on it my synology nas and all the unified devices so next up we need to create the guest network at 192.168.20.1 so i'm going to go ahead click on the settings wheel we'll go to networks we'll collect local networks and then we'll create a new local network so from here i'm going to create an advanced network we want to give that a name so we're going to call it mac telecom guest and it's going to be a corporate network with a vlan id of 20 so we'll just follow the octets so the guest network will be vlan 20 iot network will be 30 and the cameras will be vlan 40. so will be vlan id of 20 it will be a small lan and then the gateway will be 192.168.20.1 we need to click auto configure so that it updates the dhcp range and then we can press done so now now our guest network is actually set up let's go ahead and create the iot network so i'll go create advanced network again and it will be called iot it will be a corporate network with the vlan id of 30. same all our networks will be small lan and then the enter the gateway will be 192.168.30.1 we'll click on the auto configure and then we'll click done so the last network that we're going to create is our camera network and it will be a vlan id of 40 and the gateway will be 192.168.40.1 will auto configure the dhcp range again and then press done so our networks are actually updated we have all our networks created now we actually have to create our wi-fi networks so how you go and do that you we're going to go to wi-fi networks we'll create a network a new wi-fi network and then i'm going to go to advanced so i'm just going to call it mac telecom guest and the security protocol for this will just be wpa personal you want to make sure that you put in a strong password for the purpose of this video i'm just going to put test1234 so i'm not going to add guest policies we will create our own firewall rules after if you turn this on it will create firewall rules for you not allowing the guests to talk to any network so we are using the vlan id of 20 so you need to make sure that you specify the right vlan id or specify a vlan or it won't get an address from the 192.168.20.0 or dot one if you don't specify a vlan it will get an ip address of the 192.168 10.1 address so now that is uh vlan id 20 we're gonna just scroll down and we'll press done so the mac telecom uh mac telecom guest is up and running we need to do our iot so i'm going to click create advanced wi-fi and enter the wi-fi name so the wi-fi name for my iot network is actually called dolores i'm going to put it enter my password and then down here use vlan id and this is going to be vlan 30. so for our guests or for our iot network we want to enable multicasting as a lot of iot devices require multicast and then go down and press done so the last one we need to do is my camera network i do have one camera that is wi-fi it's a solar panel wi-fi camera which i'll be adding to my network later so i'm going to create a new wi-fi and we'll just call it camera i'm going to end up hiding this uh ssid so we'll go under wpa personal want to put a strong password and then under here we could hide the ssid so it doesn't show up and then we'll use vlan 40 and we'll press done so now that our networks and our wi-fi networks are created we want to go ahead and do that bandwidth limiting for our guest network and how we do that we just go over and down to the side and go to configuration profiles go to client groups and then we're going to want to create a client group so from here we're going to call it guest and limit download bandwidth click that button and we're going to limit it to 20 and we'll switch this to megabits per second for their download speed and then their upload speed and then their upload speed will limit that to five megabits per second and then press apply so we have to go back to our wireless network or our guest wireless network so we go to wi-fi networks go over to mac telecom guest press edit go down and then where it says client group we want to specify the new client group that we created which was guest and then press apply so this will only allow them to have 20 megabits per second download speed and 5 megabits per second upload speed the last thing we need to do is create some firewall rules by default unify allows inner vlan routing so right now the camera network the iot network could actually talk to my admin network which we don't want so for this i'm going to go over to classic mode i'm going to go to routing and firewall we're going to go to firewall and then we're going to be focusing mainly in the lan in and here we're going to create a new rule and this rule will be allow all established and re related traffic and we're going to press accept so this will allow all the um connections that we currently already have established and they won't drop those connections so we'll go establish and related and that's all we need to do so i'm going to press save and that firewall rule is in next we have to actually make a group and this group name is going to be the all private uh ip addresses for the rfc 1918 so this will cover all the private ip addresses so the first one will be 192.168.0.0 16. and we could end right there as i don't have a 172 subnet or a 10 network but we never know what we're going to do in the future so we're going to add these uh private ip addresses as well so 172.16.0.0.12. and then 10.0.0 and then we're going to press save so we're going to want to go back to our firewall rules so we'll go to rules ipv4 go back to lan in and our next rule is going to be to allow allow my admin network to be able to talk to every single vlan so we'll go create new rule i'll allow mainland to access all vlan so we're going to press apply under actions so the network it's going to be the lan and the destination will be an ipv4 group address of the rfc 1918 and we'll press apply so now the mainland could talk to whatever it wants so our next firewall rule will be to block all inter vlan traffic so the camera network won't be able to talk to the min network or the iot network or the guest network and same with the guest network it won't be able to talk to any other network except its own so we'll create a new network block all inter vlan communications so we're gonna drop and then under source address we're going to go address or port group which will be the rfc 1918 group that we created and the destination will be the rfc 1918. so let's say that you need a device that's on your guest network to be able to talk to something on your admin network or on your iot network we need to put an allow rule in so i have a synology nas that's sitting on 192.168.10.114 i'm going to switch my connection over to the guest network and then see if we could ping that we shouldn't be able to hit it because we put that block rfc 1918 rule in so i'm gonna go to my udm pro that's where my computer is currently connected on port one and if you need to change physical ports into different vlans this is how you do it so my computer is on port one i'm gonna click port one click the little edit button under switch port profiles you click that and then here is where you're going to specify which network or which vlan you want that physical port to be on so i'm going to put it under guest and i'm going to press apply so if i open up a command prompt and type ipconfig we'll see that i'm still in the 192.168.10 network i'm going to go ahead and go ipconfig slash release and then ipconfig slash renew and now you can see that we are on the 192.168.20 network which is our guest network so from here we shouldn't be able to ping or access my synology nas so i'll ping 192.16 and we could see that the ping requests fail so we need to create a rule to allow this guest network to actually talk to the synology nas so how we do that we go into settings we go into firewall go into firewall rules and then go to lan in here i'm gonna actually create a group and i'm gonna call it nas going to give it the ip address of my synology which is 192.168.10.114 and i'm going to press save so i'm going to go under rules go to lan in create a new rule and allow guest to nas and we'll press accept so the source ip or the source will be a network of guest and the destination will be the address port group of nas and we'll press save one really important step that people forget to add in after they create the firewall rule to allow is to actually drag this above the block all inter vlan communications if you don't do that you will never be able to hit the nas and i'll show you right now that we can't do that so right now the traffic is still blocking i'm gonna go ahead and then i will drag this uh rule 203 above the block all inter vlan communications and now we should be able to actually hit the nest so i will ping 192.168.10.11 and you could see that we could actually access my synology nas now so one other set of firewall rules that we need to create right now all of my networks could actually hit the gateways of the other networks so we're on the 192.168.20 network we could ping the 192.168.10.1 network which is the gateway of the lan network we could do the 30.1 network which is of iot and the 40 which is of cameras so we we don't want them to be able to access that because if we go up here and type in 192 168 40.1 we're going to be able to access our udm pro we don't want anybody to actually access our firewall so we're going to have to create some more firewall rules and where we do that is under the lan local so we're going to want to create some actual groups to block all the gateways except their own so for uh guests we want to block all these gateways the 192.168.10.1 30.141.1 for iot we want to block these networks and then for camera we want to block all these gateways you also want to create um some other rules like blocking ssh into the udm pro but in this video we are not going to cover this so we're going to block guests to all these following gateways so let's go ahead and create a new group we're going to call it block guest to all gateways so the ip addresses will be 192.168.10.1 192.168.30.1 and 192.1 and press save now we need to create two more and i'm gonna fast track this while i make them okay all our groups are created let's go back to the firewall rules go to land local create new rule so our first rule is going to block guest network to all gateways so we're going to want to drop we're going to want to specify our network which will be the mac telecom guest and then our port group will be block guest to all gateways and we'll press save next we're going to go ahead and create another new rule go block iot to all gateways so the source network will be iot and the port group will be the block iot to all gateways and press save and one last rule we're going to do the block cameras to all gateways so we'll scroll down the source network will be our cameras and the destination will be blocked cameras to all gateways and we'll press save so i'm going to move this computer over to the guest network and you'll see that i won't be able to hit the other gateways on the other networks okay so now it is switched over let's just do an ipconfig to make sure we're on the guest network so we're on 192.168.20.87 so i'm gonna go ahead and try to ping the admin gateway of 192.168.10.1 and we're unable to do that i'll be able to hit 192.168.20.1 because that is the guest network gateway we'll try to hit iot and we won't be able to do that and then we'll try again to hit cameras and we won't be able to actually hit that so now we've blocked out all the gateways and we've blocked out all inner vlan routing so that's it for this video we will dive deeper into firewall configuration in future videos if you guys like this video please hit the thumbs up button if you guys are new here please subscribe and hit that bell icon alright guys thanks
Info
Channel: Mactelecom Networks
Views: 85,493
Rating: 4.9654841 out of 5
Keywords: unifi dream machine pro, unifi udm pro, unifi udm pro setup, unifi udm pro firmware, unifi firewall rules, unifi firewall rules between vlans, unifi ap ac lite, unifi ap flex hd, unifi ap hd in wall, unifi ap nano hd, home network setup 2020, unifi dream machine pro setup, unifi dream machine setup, unifi dream machine pro review, unifi dream machine pro vlan setup, unifi dream machine pro home network, unifi dream machine vlan setup, unifi dream machine with access point
Id: xEdEaMcUAv0
Channel Id: undefined
Length: 26min 25sec (1585 seconds)
Published: Mon Sep 28 2020
Related Videos
Installing UDM Pro and Cable management
Mactelecom Networks
19K
Optimizing Your Unifi Network
Mactelecom Networks
32K
Unifi Small Business Setup. Cabling, Components and Configuration
Mactelecom Networks
11K
UniFi Dream Machine Pro (UDM-Pro)
Crosstalk Solutions
495K
Full Unifi Configuration with New Beta Controller 6.0.41
Mactelecom Networks
11K
Review: Ubiquiti UniFi Dream Machine Pro (UDM-Pro)
Lawrence Systems
210K
Part 2 | Ultimate Home Network 2021 | VLANs, Firewall Rules, and WiFi Networks for IoT UniFi 6.0
The Hook Up
203K
UniFi vlans , Wifi and switch port profiles
Mactelecom Networks
32K
Secure IoT Network Configuration
Crosstalk Solutions
308K
UniFi Dream Machine Pro - Ersteinrichtung und Grundkonfiguration | haus-automatisierung.com [4K]
haus-automatisierung.com
86K
2021 Complete Unifi Setup Guide
Miller Technical Services
216K
Home Network Cabinet Build - Powered by UniFi
Tomas Villegas
120K
Unifi USG and UDM Firewall Rules 2020
Mactelecom Networks
32K
Ubiquiti: UniFi Dream Machine Pro (UDM-Pro) - Worth it? Setup & Install (2021)
IBRACORP
7.3K
Part 1 | Ultimate Home Network 2021 | WiFi 6 and UniFi Dream Machine Pro
The Hook Up
286K
the UniFi Dream Machine Pro....the nerdiest home router
NetworkChuck
448K
Setup IoT VLANs and Firewall Rules with UniFi. ULTIMATE (Smart) Home Network Part Three
The Hook Up
306K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.