UniFi Network Deployment Tutorial & In Depth Look At The Platform / Port Forwarding, WiFI, & VLANS

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Maybe cut the videos down into 10-20 minute chunks so when someone is searching for port forwarding or the like they can watch just what they need.

Good work on the video.

👍︎︎ 19 👤︎︎ u/nb2k 📅︎︎ Dec 03 2017 🗫︎ replies

I will be adding a time index to the description shortly. :)

👍︎︎ 7 👤︎︎ u/flipsideCREATIONS 📅︎︎ Dec 03 2017 🗫︎ replies

The USG adds some really nice features. All my networks have a pfsense box at the headend but I'm pretty impressed. I like the Unifi dashboard a lot better than the Meraki one. I was not impressed when I had to configure the Meraki gear for our Ham Radio club install. I got some freebies from attending webinars so I thought i would give it a go. I'm tempted to replace it with some Unifi gear though.

👍︎︎ 3 👤︎︎ u/awstott 📅︎︎ Dec 04 2017 🗫︎ replies

Awesome. I have been meaning to do VLANs for a while.

Any hardening tips?

👍︎︎ 2 👤︎︎ u/Ut_Prosim 📅︎︎ Dec 03 2017 🗫︎ replies

Captions

[Music] so all this pile of networking gear here is actually going somewhere so while it's going somewhere we decided to do a video before it all gets deployed so I'm going to do kind of an in-depth video on the unified but I thought why not take it another step further and build it all out and mount it all the things yeah plug all the things in we'll show you how it mounts how it works and kind of media djw so once I get this mounted I'll show you kind of what it looks like physically then I'll do a little network map of how we're gonna do this and then I'll show you how we deploy a unifying network so I'm gonna do this in a way that gives you an idea of what it looks like installed but then we're gonna get into the software details but I've done reviews in detail on these switches specifically this is what they look like mounted we didn't put all the screws in it so someone points out that I missed a screw I know these are temporarily sitting in our studio here anyway so we can get that out of the way this is a feed line from my lab that's going to feed the internet to our USG that's the head under the system is going to be the USG after the USG we got the 24-port switch so we come on with a land port on the USG go to port 1 on the 24-port switch and we're gonna cover this with the whole schematic when we're done one where you actually see how the software is set up then out of here we got port 24 we got this red wire and we fished it down here and it comes back up here I would love to use the SFP ports on these I just don't happen to have any handy right now so we're out of port 24 and into port 48 these other two lines that you see what our one here and one here go to power bricks on the back and these power bricks on the back power these two unifies so we have and slightly older this is your standard APL our beautify and then this is the APA CLR right here this is the newer AP AC model this is the older one we plug both these in this is all part of our demo when we show you how we hook all these up I mean ideally these things would be installed at different points in an office but we're doing this all in my lab and my studio here but I just wanted to mount it all it's also keeping it off the table while you all this testing is there's some other stuff on a table going on so I figured to put all up here we have this APC rack that we had laying so I mounted that up here but it kind of give me an idea of what it looks like mounted up I mean normally we'd have a bunch of stuff in this 48 port I'm not gonna run and punch a bunch of wires for the demo but I think a few of us and maybe we're gonna do some videos like in our lab to kind of walk you through how you sell a patch panel you normally have a lot of patching in between here I'm just gonna plug a handful of devices in around the office for some of the demo purposes as we dig into how the software works now all these are factory reset fresh with the latest firmware so the next thing we do is start with how we load the UniFi software and then go from how to load the unified software to set up the US chain to set up the 24 the 48 and then the subsequent UniFi Wireless and how we set all this up and we'll go over how the VLANs get set up and how the separate networks get it stopped so now that we've looked at this whole rack here where it'll sit let's jump into the software side of this and show you how to actually all the configuration works ok everything's plugged in everything's hooked up and because I wanted to do this review as a full top-to-bottom review the first thing we're do is install the unified software so the default IP address of the USG which is the head end of this network is 192 1 6 8 1 1 you can go to it but you can't really do much other than get it online and it wants you to install the unified controller software to manage gateway it links here and we're gonna be loading version 5 point 6 point 2 to my preferred way to do this is in a small virtual machine on the same network it has to be on the inside same network as you're setting network on for setup purposes and for the purposes of this video yes you can use external controllers yes there's other ways to manage it now you have separate videos on net you can find in my unified list but this is specifically setting up a top to bottom network and you're controlling it let's say you're the only one networking out a multi hosted system externally so we have the Debian controller it is version 5 6 to 2 so it's the latest version of the software I've already got it here now something interesting whenever you download the software clear this real quick it always calls it unify underscore or sis be in it underscore all dot Deb when you're downloading it no matter what version it is so just a little side note when you it will tell you what version one is installing but it will when you download it always call it the same file name so it's front of the Installer real quick I'm logged in as root and I've done a video on how to install this but I'll still walk you through it unpacking and it should give me an error and it did now it's just telling you there's a few things and dependencies and that it needs this is my reason for loving Debian and I switched to it like seventeen years ago because I can do this apt-get install - chef it's gonna find those dependencies yep I'm just gonna press ENTER whoops I need to add DNS to this my bad let me fix that real quick I looted this up it did not this is actually the config didn't have a DNS setting so he's gonna add that into this particular machine one second apt-get install - chef just says find all those dependencies and loads all the extra things needed to get the unified system up and running and after a few seconds here with this small VM it'll be up and running now it doesn't take a lot of power to run the unified controller software this VM has a gig of ram dedicated to it and like a single processor it's very low powered I think I've seen some people even come up with ways you can run this on like a Raspberry Pi that might be a little bit slow so you want something rot moderately fast or and play with some of the more advanced stuff in here but it really is not much of a processor hog it's a it's a pretty small system here okay we have the machine up and running like I said it's barely using anything we're about to go through the setup it runs in its own Java VM and it's using all of about five hundred out of the gig of ram I have assigned to this virtual machine so it's like I said not real intensive processor wise alright let's jump over and start logging in now no matter what you install the unifi on the IP address you want to go to is whatever the IP address of the server is you load it on : h 443 but don't forget to start with the HTTPS so here we are first time logging in gonna get the error from the self-signed certificate and we're gonna run through the wizard now I just want it finds all the devices that we have plugged into the network and wants us to say hey do you want to adopt these in we're actually going to go ahead and skip this and we'll adopt and once we get into the system itself we'll skip the Wi-Fi setup as well we'll do that all inside the system now I use a so-so password that was easy I guess I won't let me even do it so so password that's actually a next feature I didn't know they added this we mostly have been upgrading our in-place insulation and I use LastPass but apparently with this it's won't let me just use a bad password so come up something little better there you go finish and she bring me to the login page I'm not gonna we're not going to do the cloud access I may do a separate video in a cloud access but I don't really use it what it does is allows you to tie into their cloud systems like late to keep everything self-contained and self hosted which is one of the reasons I really like the unify software you can host your own cloud controller and server which is exactly what we do all right logged in with the good password I had and it's not gonna have much in here because now we could start adopting devices now I'm not gonna save that devices now there's some firmware updates which is cool so we have some firmware we can load on here we have found in the past most of these can be updated to new firmware with out doing the adoption process but I go ahead and adopt them first unless there's a problem as we've actually run into with the USG where it does not like to do an upgrade not adopted but it's not a big deal we're just gonna start adopting them and setting up the network in here so first things first get this done now something I'm gonna change in here you can change your preferences and I'm gonna add a feature enabled a refresh button see even close and this refreshes by itself on its own timer but this is how you can actually say update this page now this is not always a need for it but if you want to know if it's only refreshing every two minutes and it's done you have to wait another two minutes for it shows something on here you just go here and you can set preferences on a per account basis so right now it's going through the provisioning mode so refresh it again all right it has been adopted now we're gonna adopt all the other devices and then we'll start rolling through the upgrades adopt adopt adopt and look what out so now it's adopting and provisioning all those now you may have noticed down here to my wired connection deactivated when it provisions these which is also why I don't want to do the upgrades you wanted to stage the upgrades based on this when it's provisioning it restarts each of the switches the 24-port switch and a 48 ports which are gonna get restarted and that's what I'm plugged into so obviously I don't want to be pushing firmware to devices connecting to them while those are getting provisioned and restarted so now this one's connected and provisioned this one should come next and that needs to be provisioned now when I do the firmware upgrades I'm gonna start with the connected devices then do the switches last you just got think about the order you're doing you want to push all the firmware at the same time because it's smart and it should stop it from doing something stupid but just in case anything's overlooked why chance firmware you know running into an error with that so now I'm gonna run through the upgrades we're gonna start with the peripheral devices I'm gonna update this and then this particular ap CLR needs an upgrade and then lastly I'll do the switches all right now I have all the units adopted and I realized I made a mistake and I'll actually cover it in videos when you first see me adopting him you've seen them all require mout great and I wanted upgrade them and they wouldn't upgrade that was completely my mistake because I had statically assigned the names server when I loaded the Debian virtual machine so when I loaded it it was on one network and when I moved over this network it was looking for the wrong name server and it turns out because it didn't have the right name server when you logged into it it couldn't go to the internet and make sure each of these had the latest firmware so just by putting in the right DNS server they all have the new firmware so I thought they did and now it actually has the option except for this one we've unit one does need an upgrade so I'm gonna head up raid this one and go ahead and hit confirm and it'll provision the upgrade on there so we have everything adopted everything is up-to-date all the latest firmware versions and the network is fully connected but we haven't set up anything else let's start diving into the unify software and kind of walk you through how it works now this is the latest version as of December 1st which is 5.6 to 2 we were on the device manager which is where we adopting get everything set up and now we're going to jump over here to the dashboard so here's how it looks from the dashboard we have one active way in here land of ice land away so what we're actually seeing is the layout of the network is how this is - so here's another land of ice here's the one in here let me you just jump over to the map and show you how that worked this is the mapping function now the maps interesting because this is the default image that they throw in here and what we can do is drag where they are in your office and say alright we have this switch this maybe this is a room there we go we have another switch in this room over here and we have one of the wi-fi's we'll put it in this little conference room put another one over here and we'll say that this one's in this room here now this is kind of neat because what they're letting you do is map out where things are physically this is a fault image but you can add a new map and edit the map and upload different images for different floors and zoom in and out and lay out all your devices in reference to where things are so you have a drawing every building you can upload it on there and it will then you know overlay these this makes it really easy we've done this with like it's a lot of deployments in schools and if we have a schematic of the school we can put it on there and we can drag all of them and a nice thing is the controls - can do things on these is actually gonna be right here to get statistics to get information on them and how it's set up topology this is so cool that it does this it says okay the internet comes in from the USG here and I can move these around it goes into the 24-port switch here's the one Wi-Fi unit plugged into 24 per switch like we showed you the beginning then the 24 purse which goes into the 48 port switch and then we have another Wi-Fi unit plugged in this system will actually show you all the devices as they get connected like this it's really rather clever right now I click on 2g coverage 5g cover there's nothing here and we're gonna jump real quick and just add a network to this to show how that works so we're gonna go over here to settings wireless networks and so far I've left everything at defaults these are so the box things everything is very customizable in here all right now we can create a new wireless network and we'll call this one studio Network one and we're gonna go ahead and set a WP personal security key we can sit wherever you want and nice thing is you can click here I just said to be password 1 2 3 for this demo and we're gonna leave everything in default but you do have Advanced Options and we'll get into that in a second here so it save and now we're gonna jump over to devices to show you what's going on these have now switched into provisioning mode it only takes a second and what they're doing is they're provisioning out these settings so these are in provisioning you notice how there's no options to click on anything alright so now that we're back over here at maps i refresh the page and you can see here's my 5g coverage because only this one's 5g this one's not here's our 2g coverage now granted it's making estimations based on size as you put into the building to try to determine the coverage and of course with any Wi-Fi we can't determine what's in the walls and what the penetration level will be whenever we do Wi-Fi testing we literally bring these units on site set them in the offices where we plan to use them and see how far the reaches that's a separate video for Wi-Fi deployments but there's no magic sauce that will determine the exact construction of a building and absolutely give me a clear picture without taking a Wi-Fi unit there - just how far the reach is so these are best guess estimates now it granted if you are doing the estimates in an open area and open field you obviously get a lot better coverage and you can kind of guesstimate those but how often are you deploying Wi-Fi in an open field not that often usually you're dealing with buildings and everything else but what this does is gives you kind of like a heat map to where the coverage should be estimated to be and you can change and adjust the receiver sensitivity over here this is the physical map though for how we can take a look at things and look at the devices let's jump over to the other type of map that's in here which is a topology map and while we showed that you can see the linking between the devices this is a visualization for the linking between devices so right here's the wavy there we fee there and then we can also hit show clients so there's the unified controller the VirtualBox there's my laptop and how it's connected currently we have nothing connected through here and here and a nice thing is if I move my laptop and I plug this in to this switch within about a minute or two it will read eight and show my client going that way also by clicking these you can expand and contract things now I'm going to go ahead and connect my phone to this unit right here alright so now I connected my phone so here's my phone and it just has an ID there now if we go over here to the clients here it is studio Network 1 and how it's connected overview of it statistics packet inspection with nothing's available yet but you get the idea that each of the device is plugged in oops go to the map here again change it to topology and you can see how the clients connect now like I said this updates about every two minutes and you can get insights into each device connecting now that's really nice because if you're trying to trace out problems it lets you go there and when you double-click on any of these devices and we'll go over here for example let me close these real quick so you can see what pops open so we'll click on the unified controller here it brings up these property dialog boxes and we can pop them out just like we did with the switches and you can also name them if you want so you can get statistics on on what they're doing where they're going information history of when they connect it if it has any of that information and then you can give them an alias so you can understand where they are or even create groups that they belong to and this is where you can assign a fixed IP address now because of the way the unified software works it's kind of nice but maybe a little bit different because you're used to going to everything to a series of tables they have this design concept gives you everything through here that okay I want to assign a fixed IP address 2:49 is what I want to assign to this save now I've statically assigned that device to that address so it's almost a little bit confusing how it works but it's also a little bit more intuitive if you're you know if you're used to doing networks it's hard if you're not used to it you're like oh I just click on it and assign an adjust and hit save right it's it's a little bit different how some of the network works but it's also really convenient once you're used to it and makes managing things you know really good and while we're here we'll name this this is actually my laptop Tom's laptop notes if you want to put them in there Tom's ThinkPad save clothes refresh this I think it should actually change it in here as well I have I think Joe jumped in our pager takes a second cause it's probably versioning some of information there we go now it's refreshed and we can see Tom's laptop right here now we'll go step further because it says 24-port switch in rack number four what this is actually telling us and you can see which on the rack I'm plugged into port 4 so I can actually then go in named port 4 as well Tom's laptop apply yeah I'm not getting the same port the controllers in because it realizes the controllers in this port it does give you a warning which I think is really smart because if you were about to block this port for example because one of the other options we're going to get into here is how you can change VLANs and ports if I were to block this port I would have a real big problem because I would be blocking the port that the unified controller itself is plugged in you don't get that message on any Airport but only if unifies senses that this but what your changes could possibly disrupt it not that the change I did was disrupting but when you're making a change to a port for example turning a port off that would actually be the last thing you did then you'd have to plug into a different port to get back on the network so you don't want to do that so she goes we manage a lot of these remotely I like these little warnings so they make me go huh hold on before I change this let me make sure and double check all the settings because you can't twitch it back because it's the controlling port so can it's kind of the rough overview of how things are connected let's get a little deeper and show you into the settings so we've already seen the Wi-Fi up here so we're gonna start with this is the wireless network and this is where we created one and we'll get into creating more of them but we've got to do a few other things first I haven't any problems doing it but there is a warning because it's some of this stuff's in beta like the speed tests and some of the port remapping features and what this actually lets you do for example like there's three ports on the USG this allow you to take a port labeled as VoIP and turn it into like a second land part for example and this actually would also allow you to have some of the automatic uplink fail overs and what this is a really weird but neat feature if you have a device a wireless device that gets broken off from the network but it's within range of another Wi-Fi device that is on the network which means it got disconnected still powered on and of course with their p OE that doesn't usually have them buddy can it can then identify diagnose and then set to a bridge mode across the Antanas to keep extending the Wi-Fi network without a physical network connection it's kind of like a mesh system it's kind of clever that they built these in I find it really interesting I don't really I haven't really used the feature I do like it though that it monitors them and what happens isn't actually I'll show you this as a test that tells you that they're in working that the unit's still working but it's an isolated mode and will simulate that failure here during this tutorial so here's all the if you want to enable SSH you can set an admin and password for that I believe the password default is the pastor I just set for the system and anytime I change anything here I have to click apply and then it provisions out to this particular USG let me close this on the side it's not relevant jump back over to the wireless networks now ready deployed a wireless network and it seamlessly deploys it across as many devices as I have connected so we have two of them here for this demo but if I add another network setting I can force it to only be on one or the other but the default is to create a seamless network across all of your sites so we called the studio network one and we're gonna go ahead and create a new wireless network and cleverly named it studio to set a password for it now here's where the Advanced Options come in we've got more fine control like if you want to put this on its own VLAN enable fast roaming some of the devices this helps enable like the handoffs between devices when you're wandering around it'll jump over them you can by default it's a ESC and pwp - you can control and if you had to unfortunately have a client even though it's broken they have to run things in TK IP because of the old devices they have on a network so we created a separate network just for those devices to be on it's a it's all we can do because they can't afford to buy the devices that are on this because it's a big industrial controller but you can't also roll back to WP one but by default good news that's disabled you can also prevent the SSID from being broadcast here these were you can start applying groups to it I haven't really tested the power saving but the schedule is really clever because you can schedule what time you want your wife I had turn on and off way she did her store when we're not here we just had the Wi-Fi we have multiple networks but we have one of the networks that's generally our customer side network land we just have that turn off and keeps things separated and no one even knows the Wi-Fi is there once your once it's after hours then you have all kinds of rating beaking controls waitlist blacklist Mac filtering so you can't create Mac filters and say only this type of filtering and it's on a per network not up her device so as I create each Network and create a Mac filtered network if I want more security where it only allow these macros and yes I know you can spoof a MAC address but it adds another layer of trouble it is to jump that network so you can keep it very filtered it also has radius authentication support so you can use radius authentication determine what is going to get on there with with an extra level of security now let's look at the network's themselves so we're going to create a new network is here but we're gonna go back I'm gonna just go back and edit the existing one we have Seoul and corporate you want to be a guests and you can't really choose these other options VLAN only remote user site-to-site you have to do all that within the next ones it needs a primary land and this is where you're gonna set the settings and this will cascade all the things across now I've had it assigned the manual this night the 999 server you can leave it to auto for testing I was putting it in here but you just took just Auto it'll act as a DNS forwarder you can set the domain name whether or not you want I G and peace to snooping on it does support DHCP relay is a beta feature but I thought that's kind of nice that ahead in here I've had not often but I have our ninja time just when we need that if you want to enable UPnP on the land you can do that not usually in a corporate environment but if you happen to be using a USG at home if you're running gaming systems especially like the Xbox or the Playstations their popular need is having that on there then set your lease times and you know what or not you want things just to be as they are let's go back over the networks let's create a second network cancel create new network some guests will call the network and there's one physical port so we're actually going to go ahead and give this a VLAN ID of ten you and when you take this innit let me automatically have CP range and just followed suit here and I'm gonna customize it 100 to 200 and what I did here was VLAN ID 10 so it's gonna have physically the same interface 1 9 2 1 6 8 10 dot 1 will be the IP address it's a slash 24 Network you just type it in put the notation in there we'll call it guess as the domain and I'm gonna leave everything else as is hit save VLAN ID 10 and we should go back over here to devices and it's provisioning it out right now and now it provisions it out to all the other devices that need to have versioning all right so everything's provisioned and we have that second network we created on VLAN 10 now let's talk about actually how we push that across the network so let's go over here and look at the clients cuz I plugged in our laptop in and it's called the name of the system happens to be equal top and it's 48 ports which studio rack number 6 now let's just jump over here to map real quick and I was going to show you that the way the clients look topology so comes from us she goes that the 24 goes here so this is where it is and we can get statistics what it's doing configuration network and jump over here to clients and we can see the IP address 192 168 106 it's still on the dot 1 network and we want to get this over on the dot 10 network so we're gonna go click on the switch here and it brings us because I clicked on it here right to the port that this is in so we're gonna go here and it's actually Steve's laptop I took C's laptop and we want this to be on some guest 10 and with this let me know gives me a warning is going to be overriding any of the customizations I had to this and I covered this in the full switch review it just real quick you can edit any individual port to function differently a mirroring port an aggregate port manual link you can go into and you know get all the detail set up for each of these ports but we're taking this and we don't care about the profile overrides we want that port to be belong to the some guests feel and ten that we created now all we had to do is create that in the network if this option to change any port to belong to a VLAN is universally everywhere it's all the switches if we had 20 switches it gets deployed that's what the provisioning was when you change your network is pushing all these configuration settings so when I want to create a new VLAN I go ahead and create the VLAN and all of my network that's on this network all the devices on this network get that VLAN information now obviously is tedious to edit individual ports one at a time but yes in case you're wondering you can select multiple ports like this and select them and edit group supports at a time like this and assign those groups of ports to a particular setting so that is that is an option to see you know if you're don't want to go through tediously doing it especially if you have like 2048 port units you're like okay these group this way these groups that way you notice how when I selected these it lets you select group supports that is an option when you're doing it but we set that one so now that laptop I may have to refresh the IP address on it all right just took a second to refresh here in our network so now we can see equals hop is on the one 92168 10 network the connection is the some guess so it's a studio one network or just our standard LAN it gives the VLAN name pretty straightforward to follow and now I can move anyone I want now this also applies to wireless let's go back over and look at our topology again and so we still see the same connectivity physically where he's at so it's going from equal tops at a forty persisted 24 switch to the USG when we double click it we can see that it's on the some guests network so we can sell it picked up the name of it and we can still rename it and call it something else different friendly name whichever we want a group name it to for convenience and follow that device now please note because the naming is tied to the MAC address whenever it moves to another port it will move the name as well so if I move my computer to a different port it'll move over and my name because it's named based on MAC address will follow suit and that took about less than a minute from when I moved to maybe almost two minutes I'm unplugged it remind from the 24 plugged it into the 48 port switch and you can see where my system now moved over I kind of like the animation for one things are moving over as you get a larger network it's crazy how this looks because you can drill down a lot that's also why you have the show clients and not show clients on there now we also have the ability to have link labels on here so when I add the link labels it gets that much more interesting as equal top port number six into the 48 Tom and the unified controller works is actually running on my laptop in a virtual machine are both plugged into port 32 so it very cleverly lets you know which network that device is connected to and how it's connected so in it and let you know that this goes from 48 to 24 this goes into one and goes here now let's take a look at the switches real quick and start looking a little bit in the details of how those switches appear the switches are smart and they know which ports are for what so it realizes and it's kind of small but it's got a little up arrow this is the uplink port so it knows that this is where the port is up linked to the other switch and then the green ones represent other devices we plugged in and the orange just means things connected but because that Wi-Fi you and it's older it only links at a hundred so that's the label right here that's the hunter mag versus a gigabit connection now let's take a look at the 24 port switch same thing different though cuz it realizes that the uplink ports here to the USG and now this is kind of neat it doesn't give a symbol for the downlink port but it has it here it lets you know the uplink and downlink for it now so right here's the downlink to the 40 port switch it knows that's the next device in the network so you can look at it from a non graphical version by opening up each switch and determining this but I just really love the way it maps things out for you as all the devices get plugged in because if you're trying to trace things out on a network that maybe becomes a really handy thing to do so let's go back over to the network settings again down here at the gears while your list networks studio network 1 let's go ahead and create one call it studio network 2 we didn't hit save last time that's why it wasn't there from before options we're gonna use a VLAN and we're gonna put this one on that VLAN 10 that we created save now we have two separate networks and this one's on VLAN 10 look over here devices and you'll see the Wi-Fi units provisioning any provision really fast now there is a slight disruption every time you provision a Wi-Fi even because it adds a setting so the Wi-Fi units do drop and disconnect briefly all right so my phone's reconnected I realize I called it studio Network not I forgot the key and network but it's on VLAN 10 and it's getting the dot ten address which is the network we assigned for that particular VLAN so B jump back over here to the map again and there it is connected studio network to that's was kind of clever is it shows which Wi-Fi network you're connected to so you have each one and now we see on this one now let's talk about the failure mode I wanted to show you kind of an interesting demo of so this unit right here is connected this is Wi-Fi unit 1 and here's Wi-Fi unit 2 and this is this is a feature of the newer Wi-Fi units I mean I don't know that all the early models are supported in this particular feature and what it did is it realizes that this is isolated right now and what that means is it's on but not connected to the network it's disconnected so it was plugged into right here but then it's unplugged because they reached over and unplugged it so by doing that it just goes into an isolated mode because the other Wi-Fi units can see it but it can't see the network so this is a really helpful diagnostic tool because there's disconnected as in you don't see it'll give you an error for that until you missed heartbeat and says you know device is offline but this one it realizes the device is on the network in terms of power but not on the network in terms of connectivity so it sees it's broadcasting but it's not actually connected to the network now this is where it gets another step of cool to me is if you wanted to bridge this and create like the mesh network you can actually have the units talk to each other and then create a uplink between them by selecting this and now it's going to attempt to create the bridge for you so this device will still work kind of like a repeater mode I've actually done very little testing with this because generally I'm not the biggest fan of mesh networks I've worked with them a few times and we've been called in to replace them because they've never seen one that works as seamlessly as I think it should and generally hard line to each one is just way faster and less prone to problems especially because most of these networks that we put in have a lot of user so handing things off from mesh to mesh becomes kind of tricky it says not a valid target I have a feeling it doesn't want to work because it's the two different models I have to try this sometime it's a separate video with two new models I just don't happen to have any in stock right now so I'm gonna plug this Wi-Fi back in and we'll get to some more settings the nice thing is it's pretty fast from the time I plug it in until going back to connected and back up and running now a couple side notes here as I had said you can custom config one this is where you can override what the radios are doing and what W lands are on there so by default it gets each one of these I can edit and override so this particular one does not get a particular Wi-Fi setting I usually don't have a lot of use cases particularly for but definitely an option if I wanted to where I can customize each one generally when we put these in we assign a couple different networks maybe a couple different VLANs to them and disperse them throughout the companies or the areas we're putting them in and we want them all to be on the same network so that generally that's the deployment but you can override that configuration and change things around all right so let's go back into the network settings here I will cover a couple things I'm not gonna do in-depth today but this does have the option if you've seen it in air I'm gonna do separate videos because I'm just not real adept at the VPNs I've not actually done I've had a few friends who have but I have not done anything with the VPNs on here for remote user VPN I was told it's pretty straightforward on these I'm gonna do a separate video on how to handle VPNs it does have a remote VPN site-to-site VPN or acting as a client I've been told it's fairly straightforward to do but I have not actually tested it so I'm I can't comment on that at all at this moment any of the deployments we have for VP annum as you may know if you watch my channel at all I'm a huge fan of PF sense and that's where I always deploy my VPNs we put these in some clients networks that don't need VPN we primarily use these in small business networks where VPN is rarely even something they're talking about they mostly just need connectivity and a nice interface for us to manage things so I'll close this one now way to the next part of networking because this is something we do a lot of creating firewall rules and port forwarding this was confusing if you look at my previous us.she video I think someone who commented that it didn't have a lot of features that video is also old the nice thing about the way unified works they get the product out there and they kind of listen to people which is rare and for a technology company and they look at what features we're looking for and start adding them in in the latest version of the unified software I believe is the first time they moved it to here they moved all the part porting roles to a place that makes more sense to me it was a little different the way you did it before now it's nice because we can just go create port forwarding rule and we're gonna have a pretend camera well we'll put camera system from any one port number seven four four three if you didn't know that's the one for there that's the one for the unify cameras for two IP twenty-two one six eight dots will say 1.10 we're making it up because it doesn't exist seven four four three t CP u p and whether or not you went logging turned on save and we've over here two devices you can see it's provisioning that port forward to the USG and the provisioning happens fairly fast and as you can see we jumped over here and it provisions fairly fast when you make a network change like that it doesn't take long at all it doesn't disrupt the system while it's doing it it added to port forwarding rules that are added so back over here to the rules port forwarding and you're done now if you wanted to create a restriction and will edit this rule real quick again to say limited and only allow from a certain IP address that's easily achieved in here this makes so much more sense and I don't recall exactly if I remember being a lot more complicated the way they had it before and kind of buried in some menus this is a really simple port forwarding system it's not as advanced as some of the other firewalls but it gets the basics tons a lot of times it's all we have to do the most common deployment we see is maybe a camera system or a couple little things and they're now the only thing I'm not as clear about is will it let me forward to the other network or will it ask me questions and does it do that automatically so let's test this real quick if I hit 10.10 anywhere okay let me do that now let's try this if we put it in the doubt 20 Network we should give me an error saying that network doesn't exist it does not so I wish it was a little bit more a little bit smarter and would actually allow me to forward something to a specific network and as she asked me what that network was but it doesn't appear to care it'll let me type in whatever want for the forwarded IP save now if you want to see if the rule actually works we're gonna do a quick test here something simple so I'll create a test rule and we'll create a port number one two three four five put in the IP address of 192.168.1.2 happens to be my laptop's address and hit save so there's rule we're gonna provision to my laptop which is the dot 66 now couple side notes so you notice I gave my laptop a friendly name those friendly names don't work or show up when you're doing port forwarding rules it would be kind of nice if they would so if you name the devices it would be nice if they showed up here so if unifies listening or watching my video maybe this is something that they'll do but it does not autocomplete so you don't have that really as an option in there so well that's provisioned let's look at the devices and we need our way on address here so we're gonna go over here to our USG expand out the land address and we see it's 172 one 16.9 dot 102 and like it said this is not really a way on address anyone knows that's actually in a private range we're gonna do hostname that 1 2 3 4 5 has the port and with this is part of my lab so it's gonna be the I call it VLAN 69 lab it's a veal and I have just for doing this we're gonna go over to my system we're gonna do a net cat - l4 listen 192 168 1.66 my IP address 1 2 3 4 5 port and you see up test this before it said to hit up arrow tests and test port was successful we look back over here and when it sends the command it actually closes it so we can see the net cat is done listening so definitely it works it easy way to test it real quick and kind of get an idea but obviously it doesn't care if I put in a different IP address it doesn't give me a I'm sure it cares and it won't go to the right address but that is kind of interesting thing about the weight of the port forwarding worse let's back over your settings and let's talk about the firewall so the firewall itself has a couple of its own rules to accept and drop and you can create each one of the rule sets one out when in land in land out and local guests in guests out and guess local so if we go to ran in and here is the rules Auto created for the camera and the test rule so we can't actually edit those but we can't create new rules this is a nice thing about the port forwarding is that it does allow for automatic rule creation of firewalls so I only had to create it once under port forwarding and it automatically creates a matching firewall rule to allow the traffic but if you wanted to do everything more in a manual way you can go through here and do more detailed work for distant destinations as your address group destinations different types of filtering drop except reject and another thing is kind of neat you have over here more detailed tuning of like state timeouts protocol options if it's sip whether or not you want ping or receive redirects or send redirects or send you can they have some decent firewall rules in here now I have not mess what much with it but if I understand correctly because these are all built on a custom Linux kernel you can get in there start manually writing and mainly editing final rules so you can go beyond what the interface here will let you do goes beyond the scope of this talk here in this tutorial but to give you an idea definitely if you have those advanced skills and you want to do it yes you can override what's in here by logging in directly to the unit itself so icons getting over there and this is of course is where you can just add some static routes this is the final thing in the routing firewall so if you had some custom routing options you can't add them here and create static routing now guest control this is interesting because if you wanted to create as the guest portal guest network that's actually an option on here so people can get on and it will create this now this applies to the Wi-Fi rules so you start with I want to create a guest Wi-Fi or even a guest network and I want people when I get on the network to have to log in there's an entire module here and it's kind of cool it actually gives you some editing options so you can put what you want to have in here and you can edit this and it has a mobile preview what it looks like on phone what it looks like on a desktop and what it will show them when they get on the network and this is where you would upload it or add your own terms and conditions to to determine it also where you're gonna set your guest network so your guest network can be separate and the default guest rules keep the network off of your other network so if you create another Wi-Fi or you apply a land rule or a port rule or a separate VLAN for all of your guests you can funnel all of it right here and it's pretty straightforward to do so jump over here wireless create a new wireless network advanced and we'll call it the guest and then we check the box that says apply guest policies and I'm just going to you don't need to go to any of the Advanced Options nothing unless you have something more advanced you want to do so we're gonna apply the guest policies its provisioning it and this is back to where we finished setting all that so we just created an open network we're gonna go ahead and able the guest portal do you want no authentication simple password hotspot now I have not tested this I'm gonna do a separate video just to test this because I was told it's still a little buggy of course it isn't beta right now but they have the Facebook login so one of the options is for guest options you can force them to login to Facebook I not as clear someone said it's not working well with the iPhone based on whatever in forums I will do my own testing with this has a separate video because it's a beta feature it was just introduced in this version of the software but once they put this in here they're gonna work on it listen to feedback and this feature is kind of up-and-coming so we're gonna nail guests we're gonna hit apply changes also because of things like this this is also why I've mentioned a VM you may not want something to slow as a VM because these are moving reasonably fast but if you ran this on a Raspberry Pi as a back-end you want it doing guest authentications this all runs inside the VM module that is the unified controller software and I will note you don't need the unified controller software running 24/7 unless you want to gathering statistics and everything else these that these machines if the unified system goes down or you're upgrading that particular virtual machine it goes offline Wi-Fi and everything still works you just don't get to provision anything new and nothing changes and collecting any stat statistics also the guest portal runs inside of this so the guest portal will go down though if the unified controller software goes down so I sign my phone into the guest network and I this is a quick screenshot I describe for my phone and it says sign into guest so pretty straightforward there and once again we can't look at my phone we see the link labels we see it's connected to the guest network all right so you're given a big overview of all the settings and getting a Wi-Fi deployed in some of the changing app or creating a VLAN moving things to that P LAN and how you deploy the Wi-Fi across multiple including how we do a guest network now let's get into the insights because that's of course it's really important when you're trying to diagnose a larger network is what are the insights the things going on so we go over here to insights and because we just did this R actually switch to something simple first before we cover what all this is and we'll start with Pascal guest authorizations now we just loaded this right now and for this whole video so there's not a lot of data but you get all these statistics and data inside of here that allow you to determine like you know I can look at history of one guest logged in and when things started happening so close that out here's the guest here is me doing the authentication there that I'm online so you can see which is a guess there's a lot of information in here so this is really novel as well this is the neighboring access points and what the Wi-Fi units do is they look around and go what's around me and they see all the different Wi-Fi access points this one's actually interesting Dericks silverado guess someone's vehicle has an access point in it like a mobile one it sees different things that come by so this can give you access information and statistical information about things that sees in the area and it's grouping some of them together then you can also go in here and pull down known clients here's some of the ones that are known on our network and once again you can filter this for different time periods past connections things that were connected now this is interesting to get a history of what was connected when has all the date and time stamps in there switch statistics and what's in there this is really neat because he got the information about what's going on in each switch port a history of it what was plugged into it if you have POA we know these are POA that we did in our test here but those are options and here's what we give you the POA information it can give you the counters for statistics and then we can say link status only show me connected devices so we can filter this real quick and make it a lot cleaner and I like the way they do this because it's now giving me a lot of information and I can't really start diagnosing the network and this is the beauty of the way unified works one dashboard to consolidate it if I had two switches like I have here or if I have 20 switches or 200 switches I have all these different informational things I can do to start you know diagnosing and digging things and here's we didn't do anything this is our pretend port and this is the one we tested so we've got eight packets that went through from that test that we did and go back over here to known clients actually to show you a little bit more data let me jump over to our network so here's a look at like the stats for our network and you can see you know different connections and the amount of data going across which is of course a whole lot bigger if we do things like pass connections there's a lot of information here and then we can jump backwards for different time periods and show what was connected like for that so we can drill down and see the different IP addresses that were assigned based on the different networks and you know trace things out also I have my networks up a little difference I don't have all unify switches so unified does something a little bit different when you don't know when you have some dumb switches in between so we're gonna go to maps and I have only one unify 8 port switch on our network and then some dumb switches but they're veal and off so I'm using this as oom in and out here's some of the Wi-Fi clients but it thinks they're all connected directly to the obviously you can't have this many devices on the 8 port but switch but port number 2 is connected to the dumb switch so it sees all those devices and it says they're all on port number 2 now my network is headed by PF sense which means I have none of the deep packet inspection features you get with the USG at the head end but what it does do is it still has the switch tracking all the MAC addresses and the assignments through the switch and through the Wi-Fi unit to understand where my phone is physically connected because it can see the MAC addresses that pass through the unit so I kind of clever the way all this works and yes our case you're wondering our Wi-Fi name for our business Wi-Fi is notice me senpai so we go ahead and close this out and we'll finally take a look at the dashboard what that shows us and the deep packet inspection system now the deep packet inspection system by default is turned on so we're going to jump back into here deep packet inspection and it allows you to create categories and restriction groups based on the categories and restriction orders they came up for example social networks enable restrictions you can block everything on there you can add but we get a social network people who bypass proxies we're gonna go ahead and hit save on both of these actually I forgot to check the block matching traffic and we'll go ahead and log it so we hit save now this is where you can choose where that rule gets applied so I want that rule applied to the guest network of the land network or the Wi-Fi networks you can apply this rule to that we're gonna apply it to the land default you can create more groups and get fine-grained control and segment this out so in theory this should not even test to this and we're going to test it live here once this is done provisioning I should no longer be able to get to Facebook on here across this network provisioning and here we are stuck in the establishing here secure connection I can get to Google not that I ever use it but I wonder if I can get to plus.google.com or if it restricts that I guess they don't see Google+ as a social network so I am online and Facebook is timed out so they have decided to block it so when we take a look now I can't get to Facebook and I see Facebook's in red here so I'm guessing that means it's blocked I'll have to read a little more on the deep packet inspection I haven't really used it much because we don't deploy a ton of us cheese out there nor do we really get into the filtering like this like I said mostly pf' senses are headed sorry about that last thing I guess I probably should have covered here is the events thing the events listed over here so I call it a thing the events list here and this actually gives you some warnings errors in history of the events but it gives you all the events that occur so you can kind of tracked out the history of things and you can it actually logs all the different settings that were done was adopted provisioning when we add different things in here so you actually get a nice his three that's searchable and we can search for example of everything about the 48 ports which that was done errors with it warnings or back to just general I'll close that I guess the last one other thing is the maintenance on it these are fairly maintenance-free but you can do things like download the backups from here so once you get it all configured and all setup the backup is really straightforward to do download backup not much to that and if you ever have to move this to another controller you just go to restore or if something happens to this one choose file restore it restarts and everything just goes right back to normal and it has some data retention because obviously branches backing up the system you're actually backing up the data the logs and everything else so there's some options in here to determine that part of it alright so hopefully this was helpful and getting you set up with unify and if they said there's something you want me to cover something more in detail I'm overall really happy with unify devices I think the u.s. cheese are getting a lot better especially since the first time I reviewed them but on the bigger side of it they're not really in-depth and features like I said that the firewall it'll get you going but the firewall rules aren't for advanced obviously it didn't even give me an error when I try to drop something out of network that doesn't exist yeah not that that's necessarily a deal-breaker at all but it's something to keep in mind and it's something they could improve on but overall this system does work very well and you can't beat the price point of these you're the USG I mean I'm knocking it a little bit but you're also talking about a device that's only you know right a little over a hundred dollars to purchase the basic USG miles so you get a lot of features for a hundred bucks that is for sure the Wi-Fi and the switches all working together with this software outstanding being able to track your packets and figure out where everything's going and how everything is getting there and the auto drawing of the topology being able to trace out a device that's just I love that being able to map these out being able to see the connections over you know this map here so laying it out over a map your building or being able to do the topology and have it drawn in real time to go okay this is my network connection that's some amazing stuff right there that's that's gold as far as I'm concerned so as much as I'm mediocre on the USG a lot of times we have a PF sense firewalls I love all the features and VPNs that come with PF sense so that's often a head of a network but the rest of the network we love deploying unified because this system works it works really well it's really solid but for the price point I don't think you can really beat the USG and if the client doesn't have a lot of crazy firewall configuration rules that you need to do the USG works really good for dropping it in and just needs to route traffic it will do that excellent so and that's aspect of it I think it's great soulfully this was helpful if you like the content here like and subscribe if there's something you want me to go in more and depth on let me know if it's the VPN that's gonna be a separate video I don't know when I'll get that done I want to I got to get more than one USG in here and I'm not the biggest fan of them so I don't know when I'm gonna do that but if someone's a male you wanna I'll definitely do it I just don't know if I wanna buy one right now all right thanks for listening if you like to count here like subscribe

Info

Channel: Lawrence Systems

Views: 237,455

Rating: undefined out of 5

Keywords: Ubiquiti Unifi Security Gateway, Ubiquiti Unifi Ap-AC Long Range, UniFi 24 Port Switch, UniFi 48 Port Switch, unifi, ubiquiti, ubiquity, ubiquity networks, ubiquiti networks, ubiquiti usg, ubiquiti networks unifi, ubiquiti unifi, ubiquiti debian, unifi cloud access, setup unifi cloud access, unifi port mirroring

Id: 5N12jkGpasY

Channel Id: undefined

Length: 62min 26sec (3746 seconds)

Published: Sat Dec 02 2017