- I like that, I mean, I think Cisco, and I mean, I'll say this just as David giving Cisco feedback, they really have made
a lot of people angry with their subscription service. It's a nightmare, the licensing. People always complain
about the licensing. - Oh yeah. - It's a nightmare. - You spend any time
in Reddit, and there's, this is a hot topic and plenty of memes making jokes about how
complicated licensing is. - [David] It's crazy. - [Tom] For Cisco. (dramatic music) (logo crackling) - I really want to thank Packt
for sponsoring this video. I've collaborated with
Packt over the years. They have some fantastic books, "Privilege Escalation Techniques" written by HackerSploit. I interviewed HackerSploit,
you can watch that video below if you're interested. Here's has another great book by Eric. Eric has written a few books, including "Mastering Python Networking." Another great book, if you're interested in learning about network automation. So I really want to thank
Packt for sponsoring this video and also collaborating with me. If you're interested in
purchasing these books, you can use the links below. Hey everyone, it's David
Bombal, back with Tom. Tom, welcome. - Hey, great to be here. - So for everyone who doesn't know Tom, Tom has his own business. He deploys UniFi equipment all the time. Tom, you can probably
explain it better than I, so tell us a bit about why you like UniFi, and you know, the kind
of stuff you get up to? - So UniFi is really
an interesting product. They are, you know, we always
use the term as we see them, this is a market disruptor. That's every click bait headline, right? - [David] Yeah, yeah. - The difference with
UniFi is they actually really have put pressure on
some of the other companies to do things a little different. If I were to ask you something simple, like, hey, how do you do a VLAN in Cisco? You know how, but you're also like, yeah these are all the steps. And with UniFi, there's
a little pull-down menu and you can just choose the VLAN, and they have a whole concept of just making networking a lot easier, and also allowing you
to host the controller. And those two little
dynamics are actually, they sound simple, but every other company has such a playbook of you
gotta put it in our cloud, you should get certified, you should get your engineering
degree and everything else, which it's not bad to have
a deeper understanding, I always like to do that, but some people just want to get the equipment
working in an easy fashion. And this is what we were
really fascinated by with UniFi is the fact that wait, I
have the controller software that does a lot of features and lets me host it myself internally while also making it, generally speaking, way easier than any other company to do things like changing out VLANs, building out network rules,
with just a really nice UI. Now UniFi was actually founded by people that all used to work for Apple. And my understanding is they
specifically used to work on what was a really successful
product for Apple. And I don't know why they
discontinued it, but their entire, I believe it was called
the AirPort Extreme, the whole Wi-Fi series from Apple. For years it was really popular Wi-Fi 'cause it worked so well. And then Apple just kind of
abandoned it as a product. They kind of said, we're
not in that market. And my understanding is some
of the people from that team said, well, we are in that market, so we're gonna go build a company. And that's how UniFi has, well, a pretty broad product base. When we talk specifically about UniFi, we're talking more broadly about Ubiquiti as the company, UniFi
is their product line. - Yeah, I wanna talk about that. I mean, you can see this is
like one of the access points, so it's very Apple-ish, isn't it? Looks kinda like an Apple product. So what's the difference
between UniFi and Ubiquiti, because you know, those terms
seem to get bandied around. - Yeah, and they do. And if I keep calling them UniFi, there will always be someone
in the comments going, no you're talking about Ubiquiti. So Ubiquiti as a company
is a pretty broad spectrum and they occasionally have been accused, and rightfully so, of just
kind of throwing it at the wall and figuring out what other products. They've jumped into solar, they've jumped into a variety of things.
- Oh wow, okay. - So under the Ubiquiti moniker, we're seeing a lot of products. And some of those products
have since been abandoned, or sometimes they get
abandoned and reinvented, like their voice line of
phones, which their first ones, they barely made it out
of like a beta phase. And then they kind of abandoned them, and now they've got another phone line. But specifically the UniFi line represents things that are
part of the UniFi ecosystem and the UniFi controller. So I used to always call
it the white box stuff, because like you said, it's
the Apple-looking boxes. The unpackaging of it, you're like, this is actually pretty nice. Even the screws are on
these nice little holders. And I don't know, they made
an actual product experience out of something that's gonna
get mounted to a ceiling, which is weird. The same thing with.
- It is, yeah. - Any of their switches
and things like that. But they're all controlled
within that UniFi platform. And they adopt, they
have no local interfaces. So you have to use the
UniFi controller software. Devices without local
interfaces is not a new concept. There's of course, Meraki, being one of the real popular ones in the market where you tie everything
to the Meraki dashboard. But of course that's
all in the Meraki cloud versus the UniFi is,
you can host it yourself or you can host it in your own cloud server to controller software. Now the other Ubiquiti line of equipment, where Ubiquiti has another
big market under that name is even some of the boxes, and most of them are these black boxes, and more generic looking, are the Edge line of equipment, and they are bigger in the WISP market. So the wireless internet
service provider market, they make a lot of really
nice site-to-site equipment all under the Edge line. So that does not, it does
not allow for adoption into the UniFi controller system. This is sometimes where
the confusion starts, where Ubiquiti makes some products that adopt to a controller. You just have to remember
those are in the UniFi line, but then the other Edge equipment
has a separate controller, but also has local interfaces. So it's more common to
see those for people who want like a traditional switch, where I log into interface. As a matter of fact,
it has more traditional where you can set VLANs
up from the command line. It's not Cisco, but it's similar in a way, if you're familiar with VIOS, that's essentially what they
had forked the Edge OS off of. So it's, you know, command line driven, being able to do things,
has a basic web interface, but for the real advanced features, you're pretty much going
to the command line on the Edge equipment. So that's their other line of equipment. - That's like ISP, as you said, yes? Like more for guys like
who wanna run an ISP rather than a home user
or a small business, yeah? - Right, they're really focused on that. But I mean, the difference they make and why they're so popular
in the home user market is if you wanted to just have
one switch in your network, well now you gotta run
a controller software that maybe you have spin
up in a virtual machine or install a device you can host it on, referred to as a Cloud Key. And if you're only running
one piece of equipment, that seems not, you know,
seems a little overkill, but for people who will, even home users, because the Edge equipment is
also relatively inexpensive, you can go, I want something with local interface that I can control. And I'm only gonna have one device on this particular network. Then sometimes still
people will go for that, even in the home lab environment. The big difference of course, is some people wanna build all
their home lab environment, but their goal isn't to build a network engineering learning lab, they wanna get things working, create some separation with
some VLANs, and then focus on, maybe they wanna write stuff in Docker. They wanna do some programming, but they just wanna
create network separation. That's where UniFi comes in and makes everything a whole lot easier because there is no figuring out how to tag or untag a trunk port, that's all done through
a little pull down menu where I can choose a
particular VLAN and go, all right, here we go, this
is, you know, simplicity. - Yeah, I mean, 'cause my
very first question is, can you configure devices individually or do you need a controller? And I think you've kind of answered that 'cause I'm just.
- They need. - Just for everyone who doesn't know, I'm approaching this like from
a Cisco mindset, if you like, it's good for us to see the differences and why this has become so popular. And I can understand, you know, Cisco's very much CLI-driven
or individual device driven, but Tom, Cisco have introduced a well, they've got a range of
products called Cisco Business. And they've actually asked me to see if you want some of
them so that you can like determine if they're as good as UniFi and perhaps change your mind. I don't know if you've seen them. - I've thought about
it, which model is it? - So what I, so I spoke to the, I actually spoke to the Cisco
Business unit yesterday, so this is called like Cisco Business. I don't think it's a great name, I think they should have
called it Cisco Small Business. So this is like a Layer
3 switch, has a CLI, it's not Cisco CLI like
I, as a Cisco person refer the full-blown
Cisco CLI like on a 1000. And we can talk about your
experience about that, and it has a GUI, so you
can configure it locally, but it also has a controller
that you can download and configure devices with it. So they asked if you want some, so we'll talk about it after this call and I'll get you shipped some. And see if you actually like it because, so they're sort of
positioning as Cisco Meraki, which is the cloud managed
thing as you spoke about, and then this is like locally managed. So you can manage them either
through CLI, individually, or through a GUI, or
through like a controller. Seems very similar to UniFi. - No, and I think that's
really interesting that Cisco's creating more stuff that's very similar to that. And I actually feel a lot, this is a market pressure
created by UniFi. UniFi, people throw it out there, oh, it's just some consumer
product and things like that. But honestly you get a company that has a 12 billion market cap. That's a decent size in the market. I mean, no, that does not put them in the same category as
Cisco, they're not that big, but 12 billion's not small either. So it's not a mom and pop shop. It's not a two-person
operation hacked together. You know what I mean? They're, you know, a relatively competitive
force in the market. - And you deploying this in
businesses, sorry to interrupt. - Oh, absolutely. That's the thing that a lot
of people don't realize, is coming back to the
way you configure them. Now if you were to say, I want to take, and obviously this is
completely possible with Cisco, but a little bit more in depth to do this. If I have 45, 50 switches,
maybe 200, 300 access points, which is one of our deployments we did, where I've even done a whole video and followed up on that
particular aspect of it, that how many we had deployed
was 300 access points and I forget how many switches. But if I wanted to change a setting, I wanna add a VLAN across
that entire platform, that entire deployment, it's the same menu that
it is for a home user. I go to the same Ubiquiti
menu, I'm gonna go, type in create the new VLAN,
create a tag, hit save, and it will propagate
within about, under a minute to every single switch in that network. Give me a status update that
they all completed the change. They've all recognized it. I didn't go to the command line. I just went through a
really simple UI and added. That level of flexibility
handed to an internal, 'cause this particular
company we did this for has an internal IT team. They just weren't
confident in the product, on them setting it up. So they brought us in to bring it in, set it up, configure it. And this is a common thing
we do where internal IT teams are a little nervous. You know, they're like, you know, we've heard this company
doesn't have great support. They're right, that's
where my niche comes in is actually supporting a
lot of the UniFi equipment 'cause there's a. - Yeah, so UniFi doesn't do
support do they, not like Cisco? - They do terrible support. So that's one downside
with the UniFi stuff is their support is iffy. They have forums, they have
a lot of documentation, but that's one of the
things that's a trade off. They also, without
charging licensing fees, this is just a business thing they did, there was a decision made. We're gonna not charge any license fees. Everything's unlimited. That's gonna have a problem, 'cause we have to keep selling product, but we also wanna sell
product at a low price. Well, you sacrifice something. We all know support is expensive. It's the reason we charge
so much for support. That's just the way things work. That's the most expensive is taking up any of my technicians' time to
help troubleshoot a problem. So we charge for support for Ubiquiti. And I just tell people
that's kind of the option. You can get the product, I
have entire tutorials on it, there's lots of
documentation you can find, there's good forum posts and write ups on how to get a lot of
things done with Ubiquiti. Ubiquiti's own documentation
is actually really good. I don't think enough people realize when you start going through the site, just how well-documented everything is. And their goal is to make
it as easy as possible to make a product easy to
use so it needs less support. But if you don't have
the concept in your head of how to trunk a port, even though it's not
that hard in Ubiquiti, people make things harder. And we always find, because if there's extra
buttons they can click, and if they don't know what
they do, they click them all. - No, no, come on. That is so annoying. - And so. - I think you said in another interview that you often go back and
just reset to defaults. - Yeah, I've joked and
posted jokes on Twitter. I say, you don't realize
how much money I make resetting things to the default. Like that is so much of what we do. People are like, well,
how hard is a consult? I said, first we set a default. And then often is almost
where you can stop, 'cause. - That's funny. - Yeah, there's a. - Let me quiz you from
like a Cisco mindset. Okay, so do the devices have a CLI? I think you've kind of
answered that already. I mean, these devices don't is that right? - Loose term there. So can you access a CLI, yes. Can you make changes there, no. So you can do things like, for example, they're running BusyBox,
they run a Linux kernel, they have things like tcpdump. So you can even connect
Wireshark via SSH right to them and start pulling packets. So functionality from that, yes. Changes from the CLI, they
won't survive a reboot. So you could modify things and
modify some of the functions or change features, but once
you push another change update, the change update from the controller always overrides any settings you may have done from the command line. So I don't wanna say no, but I don't wanna say
that you should do that. There's ways that people
have modified these to hack them essentially, but
the default configuration, no, it's not something supported by Ubiquiti. It's not documented by
them that you can do that. - And you don't open up a
web browser to the device, you open up a web browser
to the controller, yeah? - Correct, there is no web browser on any of the UniFi line of devices. They have to have the controller. They don't, I mean, they work as a, like the switches will route
traffic as a dumb switch by default out of the box, so you could just use it as a dumb switch, but you didn't buy it for that, so you have to use a controller. - And so, I mean the worry
about controllers always, and I think you've addressed
this on your channel. So, I mean, I'll just say this. Anyone who wants to really get into it, go and have a look at
Tom's YouTube channel. It goes through crazy amount of depth. The controller, it can
be hosted in the cloud. It can be hosted locally, yeah. - Correct, you can host however you like, they do offer Windows support, but we try to push people away from that. So it's written in Java and MongoDB. So it's two platforms
that are very compatible to move over to Mac, Linux, or Windows. We have found though, and
this is just part of the way it integrates with the
Windows network stack. For scalability reasons, we shy away from ever running
it at scale in Windows. If you're a home user and wanna run it in Windows, no problem. And one other myth that I like to break, if you're not using specifically the captive portal portions, the controller collects data,
gives you status updates, but turning off the controller does not stop the devices from working. They will lose their telemetry, they won't have any stats
that you can collect, 'cause they don't do much on their own. They send everything
back to the controller. So you can spin up the controller, talk to the devices,
and then shut it down. And the devices will
continue doing what they do. The only exception is if you
turned on something like a guest captive portal, that
does talk to the controller, 'cause the devices don't
have enough processing power to run anything like an
actual captive portal, that gets redirected to the controller. So the controller doesn't
need to be on all the time. Our preferred install
is running it in Linux. So you can run it in Linux, you can run it in Linux in the cloud. It really doesn't matter where you put it. And HostiFi is one of
the options for people that want to create automated. My friend Riley Chase started that company and he's now seeing some
competition directly from UniFi, which comes back to an interesting thing. UniFi used to offer, so you could host it
for a fee if you want. It's the same software,
but you would pay them to take care of the
hosting in the back end. And now the other side is they stopped it. And that's where HostiFi
says, well great, I win because they decided to completely abandon all their customers. They said, basically
you have this many days to get off of our controller. They're starting it up again, now they're doing the same thing again. But of course that doesn't
sell consumer confidence that they're going to continue it. So HostiFi is still doing
really well for people that want a hands-off experience for someone else to do the controller. 'Cause the controller doesn't
just magically update. You can turn it onto auto update, I always recommend you update it manually. And of course telling
someone update it manually doesn't mean they will
update it as you know, so. - [David] Exactly. - It's something we maintain
ourselves for it, so. - Is it an OVA or do you just
download software and install? - It's download software
with instructions. They have good documentation
and prerequisites. Like you have to have this
version of Java installed. You'll have to have this
version of MongoDB installed, and then a software set. It's got an installer
that's relatively easy. They've got like a Dotdeb package. The Debian version is the one
I usually recommend to people. The reason why is because the Cloud Keys, loosely they're basing it on something close enough to Debian, but that's why they offer
it as a Deb package. I have videos and tutorials
on how to get it set up. Make sure you have the
proper dependencies in Linux, but it's relatively easy to set up. - And then what's the console about 'cause I see on the website, they've got like the Cloud
Gen2, Cloud Gen2 Plus, and they've got the Dream Machines, and stuff like that.
- The Dream Machines. - What is all, what are those? It's just like, when I
started looking at UniFi, there's like all these
products and it's like, how do they fit together? - Yeah, that is a challenge.
- And how then you can do the controller and you know, sorry, go on. - No problem, you're absolutely
right, you nailed it. This can be a little bit confusing. So if you don't wanna run the controller, you don't wanna run it
on your own Linux VM, you want to manage it with
something that's simple. The Cloud Key is their solution to that. That's one of their
solutions I should say. So the Cloud Key, you spin
it up and you set it up and it's got the
controller loaded on there and it has an auto update mechanism. They actually make it
relatively easy for an end user to get it going, get it set
up, plug it into your network. You adopt all of your devices to it. The adoption is really simple 'cause you just put things
on the same networks. So I start plugging them all in. There's IP addresses
handed out by the router. I adopt them into the Cloud Key. It finds the unadopted devices. Now they're controlled by the Cloud Key. Another alternative option
is the UniFi Dream Machine that has the routing and
controller built into one device. So we have the routing functionality, then we have the controller software running on the UniFi Dream Machine that also allows all the
devices you plug into it. The UniFi Dream Machine, I
believe, has eight ports on it. Then you start plugging those
ports into more switches. You hit adopt, adopt, adopt, and now they've all go in there. So you have this single plane of glass that controls your routing functionality, your functionality of
all your access points and all your switches and
they're all controlled in there with once again, an auto update mechanism. So it's very turnkey simple for people wanting to set things up. - So you mentioned routing. I mean, I've heard you
say in other videos. You're not, I don't know if
it's the right thing to say, not particularly fond the
routing piece from Ubiquiti. So I'll say this so you can,
do you wanna answer that first? And then I'll ask you about layers and switches.
- Oh no, I'll absolutely answer that. So the UniFi routing works
for things like routing. And now let me make the Cisco hair stand up on the back of your neck. If you create a second VLAN and a second network inside of UniFi, the default rule is allow
allow for all network. And that's like, no, that's
not how it should be. If you create a guest network separately, it will create rules on there. The rules are a little bit complicated, and some people think
they're creating separations 'cause they just say, hey look,
UniFi's got this nice menu to create all these different
networks and create new VLANs. But the default rules on
all those is allow allow. So that's one of the challenges. You may accidentally set things up where you thought you were separating, you set them up kind of an insecure way. Second problem with them is the community has proved
that it can be done, but it's not officially supported by UniFi is the VPN support, they do
not have great VPN support. So people looking for a nice user VPN, you know like OpenVPN or even WireGuard, they don't really offer that through the software in any great way. Their VPN routing functionality
is really, really poor. The other weird challenges with UniFi is it took them years
before you even could assign multiple IPS on a WAN. That's kind of a head
scratcher for a company. - [David] It is, yeah. - That as big as they are,
why it took them so long or why they didn't have that as an option. Like that's some 101 stuff there. We wanna assign a block of IPS. You're claiming their Enterprise routers, but that was one of the features that took years for them to
kind of catch up and get. That being said, there are
people who have modified, gone to the command line, but once again breaks
the controller interface and extended the functionality
to include WireGuard, to include OpenVPN. The hardware they build is
actually capable of running it. And this is where the puzzle comes in because it's completely
a software limitation. And this is where people
always ask me, well, "Hey Tom, there's a new router
coming out from Ubiquiti. One of their new routing equipment. Maybe that one will solve all the problems you complain about." And I say, "No, the
problems are software." The hardware, even the
existing older hardware is capable of these things. So this is why we'd
actually end up not using a lot of UniFi routing equipment. If the business needs something
more than basic routing, then we go, all right,
you're gonna need, you know, coming back in with VPNs
and things like that. Well that's where we're
not gonna recommend any of the UniFi routing equipment. For a small coffee house,
a small four-person office. And they're like, "We don't
need the VPN back end, all of our applications are in the cloud. We're not worried about remote access." Well, it works great for them because their needs are
really, really simple. They don't usually have, 'cause they have loosely I'll
call it, intrusion detection. They're running Suricata on the back end. But when you dumb things down
to the point that they have, it makes it so basic it's
not really effective. It checks the box that an
auditor might make happy going, do you have an intrusion detection intrusion prevention system? Yes we do. Is it good, that's not part
of the auditor's question. (both laughing) So it gives you very light rules. - Sorry, go on. - No, just saying it gives
you very light rules. Enough to be compliant and
not necessarily secure. So when. - That's funny, - A lot of our clients need those more advanced functionality. That's where you more advanced firewalls, like when we talked about PSNs come in so. - Yeah, I was gonna say
PSNs, yeah, makes sense. Yeah, 'cause I think you, to
summarize your sort of feeling and let me know if this is correct. Access points, it's a yes from you for. Switching is a yes, routing,
other stuff, not so much. Is that correct? - Right, correct. - So do these switches support routing? Are they Layer 3 switches or is that like getting
into the weeds now? - That's getting into, they're trying. And I say trying, because they've done it in some of the most
confusing ways possible, so. - [David] Okay. - It's almost hard to describe. I did one video just talking about it, and the only reason I did the video was less about instruction
of how to do a routing on it, but more to show people how bad it is. And if anyone has a requirement for a Layer three routing
functionality in their network, they want it done at the switch level and they see that Ubiquiti and specifically the UniFi line offers it. I talk them out of it because I'm like, you're gonna hate the
way they implemented it. It's confusing, and it
may not even work properly for your use case. They just have this really convoluted way, their documentation isn't good on it. And I don't know why they chose
to do it in an unusual way of creating these weird
extra VLANs to try to create. It's almost like creating
sub interfaces to do it. It's been a bit since I looked at it and it hasn't improved
any, 'cause it's kind of, I don't know why they've
done such a bad job on that particular functionality of it. They've done it because people, the demand is there for people
who need Layer 3 routing and there's times when you may need it for your network infrastructure design. But if your design requires it, we're gonna push you over to
even something like Cisco. We're gonna talk about Aruba. We're gonna talk about some
other networking platform that will better suit the needs of that particular architecture,
'cause UniFi's not that. Their routing performance.
- That's interesting because. - Is not very good either. - Oh, okay, sorry, sorry,
I was, sorry to interrupt. 'Cause in the Cisco world you'd
have like a Layer 2 switch, which can't do routing, it only has an IP address for management. And then you'd have like
what they often call like Layer 3 lite or
something along those terms where this switch can
do inter-VLAN routing and maybe do static routes. And then you have like
proper Layer 3 routing, which is inter-VLAN routing,
so from layer, sorry, VLAN 2 to VLAN 3 as an example. But it can also support
like a writing protocol like OSPF or something like that. So UniFi, correct me if I'm wrong, you would more use as
like a Layer 2 switch. And then do the routing on
some other device, yeah? - We always look at that, 'cause even when you talk
about things like OSPF those are not features in UniFi. That's a common question people have is, and I always kinda laugh, I'm like, I talk about how basic they are and that they have poor Layer 3 routing, and those videos have comments and I'm like, what about OSPF? I'm like, well, they haven't
figured out the basics. They certainly aren't getting into the advanced layer stuff either. There's a lot of that specificity. I mean, they have the common
functionality like LLDP and things like that for your phones, but you're not going to, if
you have a need to run OSPF and any other type of advanced routing. Nah, not really, not
really their cup of tea. - Just correct me, Tom, the device that you would use for routing, wouldn't be a Dream
Machine or is it a USG? Is that a something, is
that something different? - So this is where UniFi
has got this split problem. Though they have the Dream
Machine, Dream Machine Pro, those ones are all, and SE
the special edition one. Those all have the controller built in, the USG line specifically does not. So you still have to run
something like a Cloud Key. And the USG though suffers
from slightly different, but almost all the same limitations as the UniFi Dream Machine
does when it comes to routing 'cause it's still run by the
same controller software. They've just changed a little bit of the functionality around there. Also the USG, I thought it
was an abandoned product line, not because UniFi, which is by the way, a very opaque company
when it comes to roadmaps, they give you end of life
support, but they may not tell you when new features are
coming out or anything else. So we know when end of life
is for certain products, but that's really it. And they have their beta store. And for a long time, they had their new version
of the USG in a beta store, I think it was close to two years. And normally things come
outta the beta store in about maybe six months. It's kind of a way for
them to gauge market demand for a product, they put
it in the beta store. They remind you it's beta, and they see how many people buy it. And if it's constantly sold out, you can almost guarantee
it's going to come to market 'cause they obviously
realize there's demand on it. So the new version of the
USG was in the beta store for two years and then it became a joke, like they've abandoned this line 'cause they're trying to push people towards the Dream Machine. But then out of the blue, it just showed up in
the general availability and we're like, oh look it's out. But once again, this is why
I had to do an updated video 'cause people asking me well, does it solve all the problems
with the previous ones? I'm like, no, it's faster
hardware, that's where it stops. It still has the same VPN limitations. If I create a new network, it still creates any
any rules between them. Those are all the same
software driven functionality that UniFi has designed, so the new hardware doesn't
solve any of those problems. It just routes faster. - Sorry, just help me
with the terminology. USG, that's kind of, what does that mean? Is it gateway or something, right? - Yeah, yeah, so unified gateway,
I forget the S stands for, but it's. - Yeah, it doesn't matter. So basically it's like what in Cisco world would be like a router. It's like your router to
the internet, is that right? And the Dream Machine is got that function where it's got like WAN port and then it's got the LAN port. And it's supposed to do like
firewall and routing stuff. Is that correct? - Correct, so the Dream
Machines are routers and so are the USGs. The easy difference between them is the Dream Machine's gonna
have the controller on it, the USGs are just routers
period, nothing else. - And do they have like a firewall product or is that just part of
like the Dream Machine to help set up?
- That is their firewall product essentially, yeah. - Okay, let's talk about, just
for everyone who's watching, I mean, please put your comments below. I'm trying to like balance the
good, the bad, and the ugly. And Tom, that's what I really appreciate about talking to you about this stuff or talking with you about this stuff, because you don't have
like bias towards a vendor. You like just give it as
it is, which is brilliant. I wanna get into like the weeds about like access points
and switches and you know, when you would use one or the other. In other videos you gave
like some of the advantages of UniFi versus Cisco. So can you list like why
you would suggest UniFi? You've done some of that already and then why would you
not recommend UniFi? - You know, one of the things, and this comes back a little
bit to the sales pitch, is we did, and we are
doing even another school that we're gonna be doing soon, but one of the schools had a problem. They were dramatically expanding
the size of the school. Their current license
fees they were paying, I think were like 12 or
13,000 a year for Meraki. And they said, you know, we know when we double
the size of the school, we pretty much double these license fees, and the Meraki stuff's at end of life. So the business proposition
a lot of times is, does your use case need Layer 3? Nope, doesn't need any of that. Great, so we wanna look at UniFi because where you wanna pay once, internally manage it
with a nice controller that monitors all these. And by the way, UniFi's controller
software is multi-tenant. You can actually set up all
separate sites all within it, which makes it really nice. So instead of having everything,
if you have like a campus where you have more than one location, or even in our case, where
you have more than one client that you're managing this for, you can keep adding separate sites and then host it all remotely,
all the tunneling back, the communication protocols
they use are all encrypted. So it does transport across the internet to have publicly hosted
controllers and multiple sites all managed in one single pane. The first thing we do is make
sure they don't have any needs or special use cases with any
of the equipment they have before they go to UniFi, such as Layer 3. If they don't, they look at it going well, there's a one time cost
to buy all the hardware, but so is there with most
of the other product line, you gotta buy the hardware
and then you gotta buy maybe a three year ahead of time licenses. So with no license fee, that becomes one of the first
big selling points of UniFi. Because as many people know, I always joke people like I'm getting
five dollar to death with every subscription service, and. And the subscriptions
and Microsoft, you know, was definitely someone who recently has caused such an
uproar in the community. They just know that
everyone's using Office 365, so they raise prices,
'cause if I want more money and you can't really
change, you're locked in, or you've deployed 200 access points. Turning up the knob a little
bit and raising prices is something that companies may do and they always seem
to do it all together. It's almost like collusion at some point. They go and I think they are,
they're all looking around. There's really not that
many vendors in this space. So they all look over
each other's shoulder. Well, hey, they went up 20%, eh, go up 15. We don't wanna make people too angry. And obviously what are you gonna do? If you're locked into their controller, there's no other way to manage
this equipment deployed, versus UniFi, there's no fee. So that's usually the first
big selling point with that. - I think that's why Cisco are doing this, because this Cisco Business product doesn't require a license. You don't even, you know, I think you said it
when you were reviewing the 1000 Series switches and it's also good to get
your opinion about those 'cause I kind of interrupted you. You said Cisco not having to pay licenses, that's amazing in 2022. And I mean, I laughed when you said that because this doesn't require a license. You don't even need to
log into Cisco's website to upgrade the firmware and
I've got an access point here, but I mean with the
switches, that kind of thing, you can upgrade it with a phone, no licensing is required,
and it's local configuration. So I think Cisco are realizing, well, I don't wanna put words
in their mouth, but I mean, I think it's good to see the competition. - Yeah, and I think
this is really important because we've even watched a few companies that we've looked at their product, we never actually did
a full review of them, but there's a couple
of them that abandoned. They started with a local controller, and then abandoned it later. And I'm like, now I can't
trust your product because it's one of those bait
and switch type things. And people are really worried about that because those fees really do add up because it's not, you know, we're already paying for
all this network equipment, but so does everything else. As I mentioned, like Office 365, but you start adding up a business and all the different
license fees they pay for all their software. Because we have a bunch
of engineering companies that are mad because CAD is completely a subscription service now. They're used to, their olders has always bought the software. But because everything is like that from a business model standpoint, and the prices keep going up,
this just becomes like the, one of the biggest talking
points of the Ubiquiti lineup. - I like that, I mean, I think Cisco, and I mean, I'll say this just as David giving Cisco feedback, they really have made
a lot of people angry with their subscription service. It's a nightmare, the licensing. People always complain
about the licensing. - Oh yeah. - It's a nightmare. You spend any time in Reddit and there's, there is a hot topic and
plenty of memes making jokes about how complicated licensing is. - It's crazy.
- For Cisco. - That's mad, so I mean,
no licensing and cost. I think that was a big reason
to go with UniFi, yeah? - Oh yeah, it's amazing. And the sales pitch we
even gave to someone was kind of funny. They were comparing to
a couple other products and they're like, well, you know, this comes with a five year
warranty on the hardware. They guarantee they'll
overnight us a device, blah, blah, blah. And I'm like, okay. I said, how about I do a proposal where we put at every
one of your locations, 'cause this was, they had
seven locations across the US. I said, how about we put a spare switch and a spare access
point at every location? Well that sounds expensive, I said, nope. I said the bid was still 40% less. It's not like they're a little bit less, they are substantially less. And with no license fees, you're
keeping a hot spare on site because you're not paying
an extra license fee to keep a whole second hot spare. So that also comes into play
because obviously I would say I would trust my life
that I can plug a Cisco in and that I will pull it out
for obsolescence, not failure. That's one thing, matter of fact. - [David] Generally, yeah. - Maybe that's to the detriment because there's people running
really outdated switches that haven't been patched in forever, that they're like that
thing's 10 years old and there's dust bunnies
hanging off the fans, but it just keeps working. Cisco's makes some really
solid stuff overall. UniFi is pretty good, we've
actually been impressed with how well their equipment's held up. For the volume we sell of
it, I would say the RMAs, the returns are extremely
minimal, but they're not zero. So there's a couple lines
like their 16 port line, an early model of it,
eh it got a little hot and people would load it
up to its full potential. So they would look at the
power budget of the POE and then they would set it. Oh, okay, it can support X watts, and they would use not 80% of X watts, they would plug in all the ports. And anytime you're doing
some capacity planning, I always encourage
people, don't overload it. That just will, I know what they said. And the Gen2 seemed to
be substantially better when it comes to airflow and cooling. But I generally try not to exceed even 80% of the power budget unless their budget just
doesn't allow for it. And we're like, okay, it should last. And we have some that are out there, but whenever I can, if I can build in just often just for
future planning reasons, not utilizing 100% of the capacity, but we have plenty that are,
that have every port filled and everything turned on and
they're holding up pretty well. - Yeah, I've also heard, I saw, you know, when I was doing research
for this interview, it's like, I saw a lot
of people complaining about the software being buggy recently. What are your thoughts about that? Is the software reliable, is it stable? - Overall, yes, there are quirks. And for whatever reason, it
took them years to sort out. - But in everything there is. - Yeah, in everything there is. And I think there's a
problem with Ubiquiti compared to someone like Cisco. We know people are gonna go
complain about Cisco licensing. We know there's problems
occasionally that have occurred with some of the Meraki, the way they handle a couple
things in their routing. I know from being in the IT space, I know where those
complaints are happening, and they're not in a public
forum in the same way. When you look at Ubiquiti being extremely public with end users, they have a volume of
users substantially higher. They don't have people
complaining to UniFi. They have people in public forums. So it's easy to get the appearance that there's more problems. But when you have a broad,
especially consumer user base, well, consumers are less
educated on this topic, so. And there's no support
engineer telling them how they should of set it up. And RTFM, no one wants to read that manual on exactly how to set it up. So they start plugging and guessing. And then when it doesn't work, they tell you it's the
buggiest software in the world. Now there's genuine issues too. One of the genuine issues we ran into, and I don't remember exactly the root cause analysis of this, but I do know SonicWall and Ubiquiti when it comes to their access points are not friends for DHCP. That was a long time bug they
had of, for whatever reason you could statically set all
the addresses, they'd work. But when you told SonicWall to do DHCP, it just decided not to. It wouldn't pass through there. You could WireShark it, you
could just see the packets would only come through malformed. And I don't know what
SonicWall was doing to do it. SonicWall was no help,
and Ubiquiti was no help. Ubiquiti's answer is use
one of our routing devices. SonicWall is like, we're
not Ubiquiti support. Our DHCP works when
you hard line it right. And so there was that
weird catch in between, which created a whole lot of problems. I forget there was a couple
tuning fixes people came up with eventually a firmware update came out, that did solve that problem. - But I mean, you confident
enough to deploy this in quite large environments. - Yes. - And I think that's
what speaks volumes is if you, as a business person
who has to support this are deploying this all over the place, I'd rather take your opinion then some random guy on the internet. - Yeah, and in an example, and I've did a video for high
capacity planning with UniFi. UniFi has a write up on this
because they set the controller to a relatively conservative
amount of memory usage. And it is a command line parameter, you go in and edit the Java
config file to say, all right, we wanna add this much more
heap, this much more memory. They've got a few tuning options. Those tuning options are for
people doing large deployments. We've often come into people for, they hire us for consulting,
which is actually where we get so much insight
to the misconfigurations. They hire us for consulting, and we find out that they
never did the tuning. I'm like you have 250 access points and you never bothered
to read Ubiquiti's tuning on when you exceed this
many access points. Or they plug them into a Cloud Key. and UniFi was a little bit bad about this, they've gotten better, their documentation didn't clearly state you can only have this many
devices attached to a Cloud Key. The Cloud Key is a small $200 device. I believe it's all ARM based
with a low amount of memory. There comes a point when
it just doesn't have the capacity and the processing power to handle a large deployment. So if you haven't tuned it, you end up with these weird quirky issues. You're like, oh, I'm watching
my network disconnect. It's not able to see all my devices. I'm like, well, yeah, it
has a connection rate limit. And you're now exceeding the rate limit. You can change the rate limit,
here's the documentation how. And when people don't, they go, oh yeah, I guess I didn't spend time reading through the documentation. I'm like, well, that's why you called us. And that's what we're here to go through and change those settings for you. And like magic, all these
little yellow things that says dropped packets
and things like that. You're like, hey, look, it's all talking properly
to the controller and not flapping essentially
where you see them just clicking on and
off at different places. - So do you have like
any rough rule of thumb how many access points can
be on a Cloud gen product? - I'm trying, I think
the biggest we've done is 500 access points. I don't know where the upper limit is.
- That's quite large, I mean for a little $200
device, that's a lot. - Oh no, on the Cloud Key specifically, I wanna say it stops now,
their own documentation, I think it stops at like
30 devices or 25 devices. I know it's a lot. - And that switch is
an access point, yeah? - Yeah, switch it's, any
combination of the two. - Okay. - Each one has. - Sorry, go on. - Oh no, so each one has, because it's talking to both
essentially in the same way. So they cumulatively say, they say cumulative
devices you want attached and it stops there. - So 30 on a Cloud Gen2
Plus as an example. - Yeah, it's in our documentation. I believe it's, I think 30's
is the number they have, 25 or 30 is the number they have in there. - And you did like say 500
access points, was that on a VM? - Oh yeah, on a VM. That's where we host the bigger ones. We always, and then we
take the time to tune them, to make sure that they can, you know, talk to that many devices. - But I mean, that's quite large. I mean, it's not small. And I mean, there's no controller fees. That was one of the advantages
you said about the Ubiquiti. You're not paying for anything. And I think another
advantage or disadvantage, depending which side you come from is, there's no huge markups on the hardware. You just go and tell people to go and buy it from the
website, is that right? Which means it's good for the customer, but from someone who's
trying to make margin on selling product, it's not
necessarily good for them, but good for the customer. - Yeah, now this is where there's a, I know this is where a
lot of hate comes from, the IT community and
the reseller community. Specifically in private forums,
I've seen people just angry. I won't sell a company that
also sells direct to consumer. And you know, that's a challenging thing because some people love that exclusivity, the built in margin and things like that. I mean, the world, you
know, what was that book forever ago written of
the world is flat because you know, talking about
how more B2B stuff. That hasn't changed. There's always companies
are striving for ways to go, "How do we get direct to consumer? Even though we're a big company, how do we do direct to consumer sales?" And value-added resellers
that don't add a lot of value, they always cut them out. And this is a problem with a lot of the channel
partner agreements. And it's gone back and forth. Many of the large companies have violated their channel partner agreements. They've gone around the reseller when they don't think the
reseller is doing a good job. They always cite some legalese
in their documentation. And then people hate that
product line for a while. And this goes across
all the big companies. They've often done things to betray trust, but it's a tenuous relationship. They wanna sell as much
product as possible. If they think you're a
barrier instead of an asset, they're gonna go around you. My attitude is, I value in
the way we leverage things at my company is, you're
leveraging our knowledge. We even do this all the
time where we tell people, do you wanna buy it,
or do you wanna spy it? We'll start that conversation with them. And sometimes from a
business standpoint, they go, I don't feel like dealing with it, but when there's an internal
IT team, they're like, yeah, we're just gonna buy them direct. Can you just do the setup and engineering? I said, absolutely. My money, I focuses on the labor because I've always looked at
it as a race to zero margin. When a bunch of people are competing to resell the same product. You're always willing to cut
your margin less and less, but you didn't make the product, so at some point you
you're just cutting margins until you'll see who's gonna make the least amount of money on it. And I'm like, I get outta
that game completely when I know people are looking for the hardware at a cheap price, here's my engineering
fee to do your project. Here's how we're gonna break it down. Here's my fees for setting it
up, designing the controller, architecting your network. And I don't care, buy all
the hardware yourself, buy it directly. Matter of fact, that also
puts the process of warranty and everything else in your hands. Because if you want me to handle it, we will do it for a fee 'cause you'll want a warranty
exchange if there's a problem. But that means I have to process it so that has a cost to it. And some people are fine,
they're willing to pay the cost that we charge to do it
as a holistic solution, but we offer both options. And this is something that is
hard to wrap the head around of some other IT and people
in a managed services space that I could never let my
client buy something directly. And I'm like, "Why, where's
the value in the hardware?" If they know you're marking it up, they can look at the price
and they can, even for things that are supposed to be
channel partner agreement, it's not hard to figure out the price if they have access to Google. You can type in almost any
device, find out the MSRP, find out what the markup is
because someone talked about it in the forums that it's a 20% markup. Now the other thing that pushes
more people towards this, and I will admit maybe
it's a dirty sales tactic, but I did do this and won a bid. I made the comment, someone,
we were going against in Meraki I said, "What's your cut of
the Meraki fees every year?" And the person turned red, the person that was bidding against me, 'cause the other person
said, "What is your cut?" And the guy said, "I get a
percentage," that's all he said. And he goes, "No, I want to
know how much I'm paying you just to renew these licenses every year." And it was a back and forth conversation. The person was quite
angry bidding against me, but that was one of the things
that they rolled in the price and they had a three-year
deal for the Meraki licenses, which is not arbitrarily cheap. But of course he was talking
around it going, oh yeah, you know the life cycle of these devices, you'll be replacing them again. Well, what am I paying a licensing fees, 'cause he had rolled it
all into not line iteming, and I'm like, oh there's the license fee. For ours, replace them
when you replace them, they do have a generally
speaking, network years, maybe a five-year life cycle. As we know, no one ever listens to that, everyone's running it until
it won't work is when, that's when people will
actually exchange it. Without those licensing fees,
it makes a big difference. And that commission people
get, makes them go, well, I get recurring forever revenue commission off of these other products
they sell, and I get that from value-added reseller
standpoint doing it. But that is something that
is a detriment to some people for not wanting to even consider Ubiquiti 'cause they're used to
how much revenue they make recurring on all these
license renewals they get. - I think the world's changing. It's like you said, I
mean there's a reason Ubiquiti are doing so well in the market and there's a reason they becoming popular and there's a reason that Cisco,
and I keep pulling this up, but it's the reason Cisco
are doing this, isn't there. I mean we know it's gonna be good to you, I think we should create some more videos or it'd be good to see your videos see if you like them
or hate those products. - No, I. - But I mean I think the
market's changing, sorry go on. - Yeah, no I'm really
liking a product like that. Like I've talked to other companies, I've actually engaged with
the engineers at companies who have asked me, I'll
leave them unnamed, we have a loose agreement
not to talk about it yet, but there's a couple other
companies trying to develop it and they ask me what my thoughts are on it 'cause I've talked so much
about UniFi, and they're like, we wanna tap into the market
cause we're losing it. And I pointed out, I said, get
the sell post a controller, but we're just gonna make our cloud free. I'm like, no one trusts your free cloud. I heard there was a change that came from one of the companies,
I haven't verified it yet, but their free cloud, they
just reduced the number of devices you can adopt
to it without paying. So it's free, and it was
supposed to be free all the time, but I guess some changes are coming. I don't have that all in writing yet. And I will do an updated vid.
- No, no, no, don't worry. I mean, I can say about the Cisco one, because this is probably like
straight away a point is that for this product line from
Cisco it's 25 devices, I think it is, that you can
manage without a license. So it's supposed to be
for small businesses, but there's some kind of license if you want to be like an
MSP and manage many devices. So Cisco can't get away from licensing. - Yeah, it's tough. And they're trying to
dabble in that market. But you know, we look at UniFi. We have, I think right now,
50 different businesses that we manage in our
controller, all separated, and I'm paying no license fee for that. Think about how much license fees I would normally be charging those. Now this doesn't mean I don't charge, this means I'm not paying a license fee, but we are managing your network as a part of their entire
management of everything. So yeah, there's a fee
for managing a network, 'cause my time still has
a value attached to it. I'm just not additionally paying a cloud licensing fee for it. So technically from that aspect,
I make more margin on that than I would if I sold something else. - So I think you've mentioned
this in other videos and I forgot to ask you, can you run the controller
without having a UniFi account? I think you were. - Yes. - You were saying something
like, it depends on the product. I think with the small controllers you have to initially log
onto the website or something. Could you just like correct me, Tom, and say exactly how it is. - So this is a weird decision that they allegedly very
soon are going to change. I've actually talked
to some of the people. I do have a little bit of contact with some of the people at Ubiquiti. They haven't said this
publicly completely yet, but I'm allowed at least talk about it 'cause they've mentioned it. They're going to be
eliminating that requirement sometime in the future. I always said, sometime is not a time, is how I actually replied to that message. But they decided this was a
feature they wanted to add where you have to sign up
for a Ubiquiti cloud account with the UniFi Dream Machine. And for a lot of people,
privacy oriented people, they're like, why would I have to start with having an account? And of course, famously
Ubiquiti had a big outage that lasted a little while
when they had some problems. Well, no one could turn on
and sign up any new account. So existing devices kept working, but new account sign-ins wouldn't work. So you would buy and unbox
a brand new fancy device that wouldn't work until the cloud outage, granted, it was only down for 12 hours. That's enough for a blow up
on Twitter of angry people in a bunch of forum posts. In the reality of things, it's still, you know, quite a few nines of uptime. It's not happening every day. But that concept of my devices have to register with your cloud to work. Even though it sets up a local account, I don't really care for that. When you host the UniFi
controller yourself, absolutely no external needed. You don't have to do anything
more than, you can create it, a cloud account, it's an option, but it's not a forced option. And this is something I also want to note, not in the notes, but really important feature
that is available now, or feature removed feature maybe, they don't force you to
register the consoles anymore. I think that's great. - But when you use the Gen2
Plus at the moment, you have to have one, is that right?
- Still requires that. - And the Dream Machine, yeah? - Yep. - But that might change. - That might change.
- So I just wanna get, sorry. - Honestly, that might change, might. - If you have a customer,
let's get into the weeds now, if you have a customer and you deploy some access
points, and you want some VLANs, the Dream Machine can't do
the routing between those, is that what, did I understand you right? So like, if you have like a, let's say like two or three
VLANs or like different types of like you have a guest account
or a guest Wi-Fi network and like an employee and
perhaps something else, students or whatever
it is, a few of those, you can't do routing between them unless you get another product. Did I understand that right? - Well, no, that's where
it's a little confusing. It's not the most secure by default setup. So essentially what you have is, it will do the routing between them. But for example, if I just
create three different VLANs, it's going to have allow
allow between all of them. So it actually. - That's on the Dream Machine, yeah? - Yeah, it's on a Dream
Machine and the USG, the default rule creation is allow all the traffic to pass between them. You have to then implicitly
write rules for block rules, because maybe you want
this network over here, but only certain devices over
here to be able to talk to it. That can be done, it's
just not done by default. If you create a guest
network, it does do isolation, but it offers no local access, but maybe you want something
on your guest or IOT network to have certain levels of access. So you have to do a
little bit of rule writing that's a little bit confusing
when you first get into them. I don't think they did the best job of the way they write the rules, but does it work for companies? And we have like a couple
coffee houses, for example, a guy had a chain of them, and he wanted them all
in one place, great. Idea was to use actually
the UniFi Dream Machine for that use case, because
he's just got a guest network and he's got a separate network that is for his point of sale systems. That's it, it's pretty straightforward. So that was nice for them, 'cause it's easy for him to manage and it will do that type of separation. It just doesn't give you a lot of advanced rule configurations. If you looked at it, you're
like, that's all the features? You're like, yeah,
that's all the features, When you dumb something down too much, I think it's fun dumbing down VLANs to make it easy to assign a port. It's not as good when it
comes to firewall rules because it makes it harder for you to create more advanced rule sets. Those advanced rule sets aren't
needed at a coffee house, so there are times when
I would say it does work. - Yeah, I mean, it sounds
like if I, so to use, I hate to bring it back to
the Cisco-like terminology, but it sounds like router-on-a-stick is what Cisco would call this. Your switch is a Layer 2 switches, and then you have a router which is the Dream
Machine, in this example, doing the inter-VLAN routing But I mean, to counter that, or to give like a different view, Cisco, if you enable inter-VLAN routing, or you enable routing on the router, every VLAN can talk to every VLAN. You have to create access lists to block VLANs from talking to each other. So it doesn't sound like
perhaps the implementation isn't the very best, but
it sounds like it's not, Cisco's kinda the same. As soon as you enable
routing, it's enabled, everyone can talk to everyone
if you enable your routing and then you have to like go
and block with access lists, which are not very user
friendly, who can talk to who. - Yes, you deal with ACLs
a lot differently in UniFi, but you're right,
conceptually very the same. - Yeah, so I mean, it's
nice to, you know, again, it's nice to get your views of the good, the bad, and the ugly. Let's start with switches. They have these Enterprise
Pro, Standard, Lite, and Flex. Do you wanna give us a quick overview? I mean, I'll throw up like
a chart, but I love it when you do these like
practical demonstrations. If I was like a home user,
perhaps you got a use case or like a small, medium business
and then a larger business. Can you like tell us
which ones you would use or like these guys. - I haven't dove into yet, 'cause we haven't ordered
any of the newest ones. From what I can tell, there's not a major
difference between them. They slap names on these things without offering you more differences. They offer things like, oh, and I even looked at
these ones specifically, but they'll offer that
Layer 3 routing option, but it's not great, it's
so bad, it's not even, it's not something I bother
implementing on there because if you want Layer 3
routing, as I said earlier, we wouldn't recommend UniFi at all no matter what label they
put on their switches. The Pro switches, a lot of
times what you're looking at is better POE budgets, allegedly
more robust reliability. And so they make them basically overall like better beefier switches,
but functionality wise, they're pretty much the same. That's the part that's always confusing. They always slap these
different names on stuff like USG or USG Pro. The difference between
them is routing speed, not anything else. The functionality is actually
the same between them, but the Pro switches, some of them have like higher POE budgets. So they've got larger
power supplies in them. They support a really
confusing product that they, what was that thing called? It's the, it's like you
would assume it's a UPS, it's the backup power supply
system that they have. - [David] Oh, okay. - That thing is a terribly made device. There's nothing I like about it. Ubiquiti was unhappy with my review, they actually sent it to me
and didn't like my take on it. And I was like, look guys, this product, I don't know why someone
invented this, like. - Yeah, but I mean that
gives you credibility. And that's why it's nice to talk to you because you don't mince
your words about it. You're not gonna, like, you're not getting paid to say
this stuff and neither am I. I mean, I might say that
Ubiquiti did send me this access point and a few other devices. So are we for, you know, but
they've sent you stuff as well, just for, you know, for everyone, how do you say for disclaimer,
I have received products, but no one's paying us for any of this. Yeah, when I was, it was
actually interesting. 'Cause just yesterday, I was looking at an Enterprise
access point from Cisco. They want me to do a video
about it, and it's got 5G ports and it needs, you know,
good amount of power. So like POE plus plus. And I was like, okay,
so which UniFi product would actually support this access point? And the only ones were the Enterprise 'cause they have these 5G and 2.5G ports where you don't get on the Pro. But I mean it's so
basically all you're doing is getting more power, perhaps
faster ports, more ports. That's the only, which
one do you deploy most? Is it Pro or? - Yeah, probably a lot of the Pros lately. Well supply chain
shortages mean we'd apply what we can find in stock. - Exactly, yeah, that's a good point. - We've certainly had,
that's been a challenge. The good news, some of
the more expensive ones, 'cause the consumers buy
some of the smaller ones, we have upped people more for, because of the availability
of the more expensive ones. It's changed some of it
'cause it wasn't needed, but we'll put in a 48 port
because we could get one. And that's a lot of times what drives it 'cause the 24 port wasn't available. 'Cause if someone only has
like a handful of cameras, I don't necessarily need to put the higher end switch in there, 'cause some of the lower
end ones don't even have, like if it's a 24 port switch, it may only have 16 ports to support POE. That's where you gotta
look at the details. 'Cause sometimes that's where people go, I can't get the POE to work on port 18. I'm like that's 'cause
POE stopped at port 16 and they didn't read
the details of why that. 'cause it says it's a POE switch. It is a 24 port switch, but
it doesn't say POE 16 port until you read somewhere
down in the fine details. So you do have to look, and that's more about
what their changes are as you go up in some of the models. - RTFM is what I'm getting from you, RTFM. - All the time, well, and
I don't blame companies. They wanna sell a switch 'cause
I'm actually running myself one of the Pro, not Pros, the basic 24, I think it's just called it 24 Gen2, because I don't have more than 16 devices. I actually only have 12 devices
at my house that have POE. Why would I spend almost double
the price for the 24 port? I don't need POE on the other ports. - And so let's talk about access points. They've got the light long
range professional Enterprise. Do you wanna give us like any take on them or is it kind of the same thing
where it's just like speed? - The big difference is
gonna be the larger ones are going to support way
higher density of networks. That is the big change between them. Their LRs are really impressive, and for home users we recommend the LR. I'm actually shocked because I got a reasonable
size house with a big yard, I can go all the way out
pretty far in my backyard as I have one of the new
UniFi 6LRs, I'm like, wow, I can sit outside at my fire pit, and my phone has still got
a pretty strong signal. So the LRs live up to their name, but they're not gonna
support high density. But then again, my house, there's a handful of phones
and laptops and tablets. That's not what I would consider
a high density environment. When they have their Pro series ones, some of those support both high density and have higher speed
ports attached to them. So you're gonna get maybe not as much speed on some of those. They can all be tuned. You can change the, you know,
width and things like that, of the different channels
to get more speed. But most of the time when
we're putting them in somewhere that needs, a concert hall or
venues that have like events, we just did a whole big wedding venue. We actually did a castle, which is a whole
interesting project as well. - [David] Wow, that's interesting, yeah. - Yeah, they needed Wi-Fi throughout and they went with the
higher density ones. No one needs to have
the fastest connection. 'Cause people always say,
oh, what do you set it to? I'm like, oh the narrowest band, because they need connectivity
in the building, that's it. They're not trying to stream
at the highest speeds, they need the best connectivity. So those work really
great, and we've seen them. The wedding venue place has I think about 800 guests in there. Not that every one of those 800 are connected to the access point, but quite a few people are. Schools are another one where we'll see a higher density users. And for example schools,
they got a bunch of kids. Chromebooks are extremely popular in a lot of the school districts. They just need connectivity. They just need to be able
to get to the Google Docs and Share Docs with the teacher. That does not require the highest speed. It just requires good,
reliable connectivity. And that's where we still push people towards those higher density models. We're not as big a fan,
they make that mini one. I can't remember its name right
now off the top of my head. - The Lite thing? - They make a Lite one
and they make a Mini one. We usually just still just go up to that higher Pro model one they're not that much more expensive. Home users, hey, buy what's
cheap and what works. But for those slightly bigger ones, they just, if you end up with, 'cause people start counting heads and you don't count heads
when you think about density of connectivity,
you count devices. So are you letting the students connect with their phones, okay. Now you're letting them connect
with their laptops, great. So you have to double, two
times that number of heads is how many devices, oh, by the way, how many devices does the
teacher have hooked up inside the classroom as well? Now we've got a better count, or you know, even any businesses we deal with, how many overall devices do you
have, not just a head count. So you understand that
you probably will start bumping into some of the limits 'cause some of the
basic ones only support, I think UniFi's documentations says like don't get over 150 connections to it. The other ones are more
like 600, 800 connections. So that's where you
start reading the details you'll see that's why they support them. And we've taken some of them apart and you can see what the did inside. Lots of antennas in them. So that's just a architecture
versus the other ones, you'll look inside, the
circuit port's really small, and maybe two little antennas. You're like, well that's obviously not made for high density. - So I mean, let's say I want to, I'm gonna swear now as a Cisco guy, I'm going to replace my
home network with UniFi. What would you recommend I look at? Is it a Dream Machine, or from what I've seen you say before, you don't like it that much, give us like the good, the
bad, and the ugly, Tom, what would you advise me to do? Like which access point should I look at? Switches, preps, or does it really depend? - It's gonna depend. So if you, what's your network needs? And most home lab users
right away, they're going, oh man, I want a privacy VPN,
policy routing, da, da, da, a number of home people
that wanna jump into that because well, as we know,
Netflix raised prices and so did everybody else. So people are like, you know what I need? A privacy VPN for reasons that I don't wanna talk about, but great. That is not a feature you
can get with Ubiquiti. That's not even on their
roadmap that I know of at all. And where a lot of people
like firewalls, like pfSense. - I was gonna say, so pfSense
is what you would recommend probably yeah? - It's what most users like. The other one we've talked
about a little bit less would be Untangle, but
that's because it has a annual subscription fee with it. But Untangle does something
clever, like for privacy VPNs, they have them built in, you just drop in your
username and password and then you click policy routing. Like I would like
anything that's a Torrent to policy route over that privacy VPN. Some of the other firewalls
like Untangle have that as an option for people who
are looking for turnkey easy. But nonetheless, it's usually
not a Ubiquiti recommendation for the routing because once people say, I like to VPN back to my house and some of those other features, it's just not as desirable. Now, granted that UniFi did release, and I haven't tested it, but it's clever. They have a new thing called Teleport and it's a VPN for your phones. So let's say you have some
UniFi equipment at home, or just you wanna get back to your house. They do have an app you can load that magically through a link
that you send to your phone connects with an app you load always back to your Ubiquiti router, to your UniFi Dream Machine router. But that's it, it's not
supported not even on a PC it's specifically for a phone.
- I like the sound of pfSense. - Yeah, pfSense is just
way more flexibility. And I have a, I made a video because so many people
start with a Dream Machine and go, ah, it didn't do
everything I wanted to do. So I made a video of how
to keep your Dream Machine so you can still use the functionality, like the controller on it, but then put a pfSense in front of it and how to do all the routing on that. - Yeah, so I mean, Dream Machine would be like dedicated controller
if I didn't wanna run it in a VM or something. And it also has a hard
drive in it, doesn't it? - Yes. - So if I have cameras
and stuff like that, it can record it to the hard drive, yeah? - Yeah, you can record it. That's another feature we didn't touch on, but the UniFi camera systems, they have that support
built in the Dream Machine, but there's gotta be
a little caveat there. We can only adopt so many devices because of the load on the system, but you can't adopt too many cameras because of the load on the system. And obviously with cameras
writing data back to the drive, well, a single hard drive doesn't handle, writes any faster than
a single hard drive can. So you can't have too many cameras. And then you're also limited by the processing power
of the Dream Machine. So if I have like eight switches on there, five or six access points, and
then I want to add cameras, now I've got a problem where the system's got too much going on for, it's
just not able to handle it. So there are some limitations to packing everything in a single device. - It sounds like the, what's it, the USG, not, sorry, not the USG,
the Gen2 Plus thing. The Cloud Key, sorry, seems like a, if I want a turnkey, easy to use product. - Yes. - That's the one to get,
otherwise just run it in a VM on ESXi or something else, yeah? - Yeah, and running in a VM is, you know, that's the free and easy option. But I think the Cloud Key at $200 roughly, depending on where you're
at is pretty reasonable for people that don't wanna
go through even the trouble or follow my instructions
on how to set it up. Not that I think they're hard, but some people don't
even wanna load a Linux VM or maybe, especially let's
start with the basic home user, you know, the average person going well, UniFi, I wanna get into it. I want my pfSense router, but man, I don't have a ESXi server. I don't have a virtualization
stack to run this and I don't really wanna run
it on my gaming computer. So I'm just gonna get a Cloud Key for 199, and it'll take care of it. So I think it's a great choice on that. And it gives you, you
know, you log into it, you can control all your local devices and adopt them in there,
and it will update for you. You click the little update button, when there's a new version
out, it takes care of it. It works rather well. - So when you update the
controller, does it go and update all the access points
and switches as well, or is that a separate process? - Kind of, so sometimes it
will need to update them if the firmware's too far behind. The updates are relatively simple to load with UniFi as well. This is one nice thing, you
just click update firmware. And if you want, under the Advanced box, but it's not checked by default,
you can actually tell it to auto update as new
firmware comes available and it will go through
and push all the firmware, but their firmware updates are something that doesn't really cause me much drama. Like they solve those quirky
problems like we mentioned with SonicWall and DHCP
or weird random issues people come up with, that's
why there's firmware updates, but from a pushing firmware update and breaking something, that's rare. The firmware updates actually
I would say are very reliable, provided you're doing them
over a reliable connection. 'Cause even though the
controller, for example, is hosted within our stack, we do push updates to our
customers' access points and switches completely remotely. As long as we know their
connection's reliable, we push the firmware
update, and it works great. - So I mean, just to
summarize, if I wanna be cheap, I could just run the controller
on my Windows computer. And just boot that up,
start that up basically, 'cause it's just a piece of software. - Yep. - Configure the devices
and then shut that down. The disadvantage of that
is I don't get the stats. Whereas if I get the Cloud Key, I get the stats and all
the monitoring stuff, and it's a nice dedicated device that I can just have in my network. Otherwise if I really want
to, you know, learn this, run a VM like in a Ubuntu
VM, and install the software on that VM in some kind of hypervisor and that will give me my controller. Controller is free, Key, you obviously have to buy the device
if you want the device. But if you want to save money,
just download the software and install it on Mac
or Windows or Ubuntu. Ubuntu is your recommendation,
so that runs continuously. - Run it on Ubuntu or run it on Debian. - And then from switch point of view, is it just speeds and like POE
ports that I need to look at? - And one of the nice things they've got that I think is really cool is they've started offering
some lower cost SFP switches. They have some lower cost 10 gig ones. And that's actually great,
a lot of people are, they're getting into building
their ESXi servers at home. They wanna dive deeper into
that learning, but then they go, wow, connecting a
storage server at one gig is not fun at all. And so, you know, 10 gig
is relatively inexpensive. 10 gig cards are relatively inexpensive. They're inexpensive as
long as they're SFP. And DAC cables connect SFP,
fiber cables connect over SFP. So you can start building
out your network, and UniFi has got some
really reasonably priced SFP 10 gig switches out there. So you can start creating
a small storage network for a good price, and have
all that storage network managed in your controller so you can gain visibility into it. I think it's a direct answer to, MikroTik is also big in
that particular market. MikroTik comes with good hardware, but a steep learning
curve of the MikroTik OS. I'm actually not a fan of the MikroTik OS. They do have their Switch OS
to make it a little bit easier, but it's back to learning
a lot of command lines and how trunking ports work. And it's not for the faint of heart unless you wanna dive into that network engineering side of things. - Yeah, and I mean, I
need to ask this question because this is always the,
like the shout at Cisco are third party SFP supported or do you have to buy UniFi SFPs? - You can get any SFP to work. We've stuck MikroTik ones,
we've stuck Cisco ones in. And as you know, and I commented
in my Cisco Catalyst video, boy, that's a difficult challenge because the Catalyst exclusively,
they remove that function where you can tell it
to, the hidden function doesn't work on the Catalyst
series, you have to use, the only ones I could ever get
to work were the Cisco ones. And I had two Cisco friends argue with me and I set them down in front of it and they couldn't make it work. We had a whole pile of SFPs,
we were plugging them in, and they were quite aggravated. And then they decided, this is why I never deploy Catalyst 1000s. But yeah, the known
factor of other companies being picky about their SFPs is, Ubiquiti chose to kind
of not play that game. 'Cause it's really an arbitrary
thing to look at the flag and say, oh, you flash
this as a Ubiquiti flag or a Cisco flag or a HP or Aruba flag. It's just companies choose
to do that, it's yeah. - That's mad, I mean you can go to FS and just buy a whole bunch of SFPs. You know, why spend lots of money. And then for home, you
kind of recommended, sorry, just trying to get the list here, you like the long range access points. - Oh yeah. - For home, yeah? - Yeah, I'm impressed with
their ability to really, so I'm in a basement right now, and I have it mounted in
the rafters of my basement. So even though it's mounted
there, which someone will be, Tom you've mounted it below the floor, so it shouldn't work that well, I only have a one story house. It works all throughout
my house and outside. And then where it's going
outside, my house is brick. It's going through brick, I'm impressed. I'm not saying it will
always go through brick because if you've got, some of the houses that were built with stucco mesh, you live in a Faraday cage. You're gonna have problems
getting your Wi-Fi to go outside. But those long ranges are for, you know, they don't have the high density support, but boy, they have certainly
have the range support. So all of my devices, my
car connects to it fine parked in the garage. My Tesla's connected to
the Wi-Fi as soon as I, matter of fact, even if I
park it outside the garage, it seems to reach pretty far. I'm impressed with it. - [David] That's impressive. - Yeah, we just keep recommending
those to the home users. We're like, they're inexpensive
and they get the job done for what you're looking for. - And do you recommend the camera system or like the phone system? Have you worked with those much? - I have not worked with the phone system. We really like the camera system. So the reason we like the
camera system is ease of use. I like, because eventually we're turning these camera systems over to people who need to use
them, that are non-technical. That's generally the target audience. UniFi does a great job
of just kind of making it nice, easy to use, kind of
that Apple design philosophy that anyone should be able to use this. So we like their camera systems. The downside is gonna
be, they are limited. They do what they do, and no more. - Is what it is. - [All] It is what it is. - You don't get to offload
all the data for backup. You don't get to, you know, add more storage beyond what
capacity that comes with. So they have their UniFi
NVR, UniFi NVR Pro, they support that many drives, that's it. They don't have like a way to do archival footage somewhere else, like more advanced NVR systems. So for basic users, I do like
them, I think they're nice. Their cameras are kind of expensive, but the other side of it, their camera line up is no license fees. And we're seeing a huge push for higher and higher license
fees in the camera space where cameras are sold
as a recurring license that has to be renewed
or the cameras turn off. So UniFi's, once again,
in that market going, we're going to keep pushing
for no license fees, so buy our equipment. Technically license fees
are built into the cameras because a comparative-featured
camera by someone else is usually a whole lot cheaper. But the license fees are
all tied to usually the NVR, not directly to the camera, but they license on a per camera basis for how many can connect. UniFi is doing good on that part. The downside right now here in 2022 has been lack of
availability of the cameras. Supply chain has really dragged that down. So it's been a lot less sales on them and we have more people that look for some of
the advanced features, especially archival footage. So we look at some of the
Synology camera systems for that. - Yeah, you like Synology don't you, I think you've said in other videos, you like the Synology camera system. - Yeah, they give a massive amount of flexibility, cameras,
and I've done a video breaking down how you can do
like advanced motion detection such as detecting if
there's a car in a presence or if there's a person, 'cause the squirrels set
off my motion all the time. But I have a different alert when a car pulls in my driveway. So I know if a person comes
up my driveway, or a car, 'cause it lets me know. - [David] Or a squirrel. - The squirrel.
- I like that. - Yeah, the squirrels, I mean I can go back to the motion
list and see all the squirrels, but they don't alert my phone,
I just get to watch them. - Does UniFi support that like, detection, that kind of thing? - Not much, they kind of have some. They have a neat feature
they added more recently where the UniFi NVR will go and grab people that it will see. So it actually creates
this cool screenshot list when you go to the main menu and then you can click on the screenshot where it just zooms in
and sees all the people. And when you click on it, it
goes back to play that clip. So they have it, but it's
not exactly as fleshed out as the one on Synology is. And even Synology is basic
compared to the Enterprise NVRs that have full object detection, face detection, and everything else. But those get into the, some of these people are
paying thousands every year in licensing fees for those high end NVRs. They're not something that
we see in the consumer space. We see them usually, we
have some school districts that have some large
camera systems like that, that are licensed. - Tom, I can keep you going. We've been going for quite a while now, I could keep you going for much longer. Do you have any closing
thoughts or recommendations for someone who wants to learn about this? Apart from RTFM? - Yeah, between me and several
other people on YouTube, a lot of us have done
so many good deep dives on getting started with UniFi, watch a lot of those videos. I'm always coming out with more of them. So there's a lot of learning you can do just by popping it on the TV
and watching some YouTube. And there's a lot of
good accuracy in there. I give a shout out to my friend Chris from Crosstalk Solutions. He's got a lot of great
getting started UniFi videos. Me and him, we talk a lot, because we both have our
love hate relationship, 'cause Chris, much like myself, is honest when it comes to UniFi, what he likes and what he's
like, why are they doing this? - That's great, Tom. I really wanna appreciate you sharing. And just for everyone's benefit, Tom and I have now discussed Cisco. So I look forward to you
creating those videos about this small business
solution from Cisco, Tom, and telling us yes or not, you know? - I'm willing to look at them for sure. - Brilliant Tom, thanks. - Thanks. (dramatic music)
(logo crackling)
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.