Unifi Network update 8.1.113 : Switch ACLs, OSPF

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone Cody from Mac Telecom networks yesterday ubiquity released UniFi Network application 8113 this is still in release candidate so if you want to get it you need to go over to your UniFi OS and then change the release to release candidate and then press apply changes with release candidate they still can pull this back into Early Access so you need to be careful about that but usually it is pretty stable and this is a fairly big update so if we scroll down you can see they have added a ton of different things which we're going to go over I'm not going to read the release notes but if you want to see the notes I'll put a link down below now if you'd like to support my channel I do now have ubiquity affiliate links that I'll also put in the description if you'd like to hire me for Network Consulting visit my website atmack Telecom networks.com and we do have a Discord server now let's jump right into this update now the first thing that we're going to look at is this new network viewer if you look over on the left hand side it will show us our networks and we could see the viewer and then inspection all inspection is is it's showing us our threat blocks our ad blocks and traffic rules enforced which we previously had before but if we go back to viewer we could see a couple new things we first have this AI detections so I purposely made a loop in my network just to see if this would work and you can see that my Pro Max switch on Port 23 is being blocked by spanning tree protocol and it will be automatically re-enabled when the loop is no longer detected so I do like that they added that feature right into the network viewer now below the AI detections we could see everything that we have configured within our Network so we have our Wi-Fi networks which you could see I have four ssids we could always configure which will bring us to the Wi-Fi network page or we could hide this column all together below that we have our networks that are configured so every single VLAN and you'll be able to see the VLAN ID the least IPS and the usable IPS now if we keep scrolling down it's going to show us our internet and right now I only have one W connect plugged in but it will show us the IP it will show us the VLAN ID if there is one the port that it's on the uptime and the utilization as well as latency we have 12 milliseconds latency this is a copper connection next up is our VPN servers and what we have configured I only have the one wire guard configured so that's all you see as well as sight to site there's nothing there and then we have the VPN client the VPN client that I'm using is openvpn and it's just connecting out to my nordvpn but if we did have other things like policy based routing and port forwarding it would all show up here so this really gives us a quick overview of our networks just by looking at this one page now the one thing that I will have to read off this page is for the GP pooling as I don't have a block of ips I won't be able to show you here so it adds the ability to natat traffic to a pool of addresses on specific networks so if you have multiple IPS you'll be able to tell it where to go so configure Nat poool using the internet source sln option on the virtual Network and you'll see that there's this internet source slat this will only show up if you have multiple IPS so if we close this down they also say this option will appear when additional IPS are configured on your Wan so if we go back to my udmc you can see that I don't have that option here because I don't have multiple IPS they also say that there's going to be an addition of custom source and destination not rules in scheduled upcoming releases so watch out for that now the next thing we're going to look at is the access list for our layer three switches ubiquity has finally brought this to the guey you used to be able to do it through the command line if your switch did a reboot all the access list would disappear as it was saved in memory so I'm really glad that they've added this feature even though we can't do a whole ton with it yet besides isolate a few networks so what you can see here though we have our router and it's all showing the Mac Telecom SE so on this YouTube test what we're going to do we're going to click and go to the router hit the drop- down and this is where I have all my layer three switches for the YouTube test we're just going to put it on the pro Max 24 Poe you can see here that it comes up with the popup saying layer 3 Network migration are you sure you want to change this router to this network of the switch client devices connected May temporarily lose their internet connection in IPv6 configuration will be removed from this network and we'll press confirm once we press confirm this new network is created and this is for our inner VLAN routing and that's what it's called and it has VLAN ID of 4040 now before we do the layer three three isolation I want to show you that I could still hit my sonology Nas I turned all the blocking firewall rules off to make sure this works but I am sitting on that YouTube test Network and if we go ping 192.168.1.2 120 we will be able to go through now let's go back into the YouTube test Network and if we scroll down we could see isolate Network ACL so this is going to isolate the ipv4 subnet from all other virtual networks this doesn't give us any options to just do a couple selections to block but we can do that as well and I'll show you after but first we're going to hit this check off and then we're going to press apply changes now let's bring up a command line again and try that so I'm going to go ping 192.168.1.2 120 and we could see that the requests will be timed out so those access lists are working from isolating us to any other network but say we didn't want it to block every single Network out we just wanted it to select few well we could also do that I'm going to go back to the YouTube test and uncheck this and then press apply changes so now that access list will be gone and we have access to everything but if we just want to do custom ones we could just look under our Network and scroll down here we could see layer 3 Network isolation ACL and if we check this off we're going to be able to create an entry so we could see what network we want to have as our source which will be the YouTube test Network and then the destinations that we want to block it from going to so I'm just going to say the default Network cuz that's where the sonology Nas is sitting and we'll see if we could hit something else on one of these other networks so we'll press create now with that new access list created saying that the YouTube test Network can't reach default we still shouldn't be able to hit the 192.168.1.2 120 and we still can't do that but we should be able to access any other network so I'm just going to Ping this Google mini nest on the top we'll go ping 192.168.100.1 and press enter and we could see that the IC MP messages are being returned to us and this is working how it should now another thing that's new that we could do right under the networks instead of creating firewall rules is to allow network access we can't do this on the layer 3 switch so we need to drop down that and put it back to my Mac Telecom se you would see here we have allow internet access so if you have a subnet that you don't want going out to the internet we would just uncheck this for now I'm going to press apply changes make sure we could still get out to the internet then we'll turn this off to make sure that we're getting blocked so I brought up a command prompt and we're going to Ping 1.11.1 and you could see that that's going through now let's go back to that YouTube test Network and we're going to turn internet access off and apply the changes now if we bring up a command prompt again we shouldn't be able to Ping Google or any site like that and you could see on the UniFi dashboard it says network is offline so let's ping google.ca and you could see that it's not even finding DNS if I ping 8.8.8.8 we're not getting through on that as well so any subnet that you don't want to go on the Internet it's just one checkbox instead of making firewall rules now this next one is a small change but I think it's going to make a lot of people happy and that's the ability to be able to turn the topology view this is the normal standard view that we used to have so it goes from left to right but now we could do up and down so all we need to click is this button up top on the left and it's going to change our topology which to me is a lot easier to read than going from left to right now we're going from the top down to the bottom to see all of our clients and our switches I'm really glad that they added this in and I think people will be happy about it as well now the next one we're going to do a full video on but I'll show you where you could find it and that's OSF Dynamic routing so if we go under our settings and then we go over to routing we're going to see it right here OSF they finally did add it in and the next one to come is bgp which they are working on but if we want to add OSF we could do everything here and there will be a full video video so watch out for that now let's quickly take a look at our firewall rules so if we go over security and then traffic and firewall they've changed it a little bit so we have our simple which means this is our traffic rules and then we have our Advanced which is our firewall rules they have changed the design of this quite a bit at the top you can see this allow establish and related and the icon is a wall so that means that it's a firewall rule if we look and we see this little icon that looks like a traffic light that means that it's a traffic rule which is really great that they brought that in on the right hand side we could see all these different IDs so these are firewall IDs now another great change to the firewall rule list is the tool tip so I created a profile for the RFC 1918 group of ipv4 addresses you could see that we have this I icon and when we hover over it it's showing us everything that it's in that group so it's all our rfc1 1918 addresses if we scroll down we can see I made another one called VPN users and we go over top of it and it will show us that subnet or the ports that you put into it so it's really great to have a quick glance at what was being done on that firewall Rule now again I'm probably going to have to make another full build video as they've changed quite a bit let me know in the comments down below what you'd like to see now the next things that we go over are just minor changes that they've made we've already talked about all the major changes but one is to have side tabs so when we click on our switches right now it just goes and it picks which switch we have but we could turn on tabbing so that we could see or go back to our previous Network device so how you do that you click on settings go to system and then we go over to advance we have this side panels Tab and we could click that on and press apply changes now going back to our devices if we click on one switch and then we go to the other you could see that they're tabbed up top which makes it easier to change between the two now the last thing that we're going to talk about in this video is if you have a pro Pro Max switch so clicking on the prax switch and then going over to the settings we now have this option to do breathing mode so breathing mode is the standard that it came with so you could see in this video here that the lights go on and then they go off and on and off and that was bugging some people so now you could turn it off and they're just going to stay a steady LED as shown here now that was a ton of things to go over and there's even more in this release so go make sure you read the release change notes I'm really glad that finally added access list within the guy we've been waiting for that for a very very long time let me know what else you'd like to see down in the comments below if you like this video hit the Thumbs Up Button if you're new here please subscribe and hit the Bell icon all right thanks

Info

Channel: Mactelecom Networks

Views: 48,630

Rating: undefined out of 5

Keywords: ubiquiti networks, unifi layer 3 access list, unifi acl, unifi ospf, mactelecom networks

Id: wzeQUZLbgSs

Channel Id: undefined

Length: 11min 15sec (675 seconds)

Published: Fri Mar 15 2024