VMware
Configuring VLANs, Firewall Rules, and WiFi Networks –
Configuring VLANs, Firewall Rules, and WiFi Networks – UniFi Network Application
#Configuring #VLANs #Firewall #Rules #WiFi #Networks
“Techno Tim”
In this video, we will explore the capabilities of the UniFi Network Application for setting up VLANs and enhancing network …
source
To see the full content, share this page by clicking one of the buttons below |
As someone who's entire network is Ubiquiti equipment, I can honestly say that i hate Ubiquiti lol. Their GUI is not user friendly or logical, and quite often they add more features without fixing pre-existing bugs (I'm pretty sure there are one or two bugs that are going on 5+ years at this point). You can't throttle IPs, only ports (and wifi throttling is separate), so when I wanted to throttle a single computer connected to a non Ubiquiti switch I discovered I could not. A feature that my old $60 router could easy do. So I had to purchase a Ubiquiti switch and replace my netgear switch just to change the port egress and throttle a single computer. Thanks Ubiquiti! I love the consolidated dashboard but after 6 years of dealing with Ubiquiti's crap I don't think it is worth it. I ended up here because I assumed Inter VLAN routing was disabled by default like all other equipment I have setup.
This is awesome….period! I had no idea how to set my Unfi gear up. This video walked me thru step by step. I learned so much along the way. Again, this was top notch! Thank you man. 🙂
Any pointers on sharing a wireless printer across multiple VLANs setup using this process?
disallowing ping means blocking ICMP, what other protocols needs to be blocked when a VLAN getting configured for better security?
21:49 better name more logical would be: "All Minus IOT-BETTER" or "All Except …", "All Other" etc
I am begging you to create a beginner friendly guide to setting up an environment to securely selfhost applications on your local network (Unifi Please!). For example, how to securely setup local only vaultwarden and photo sharing/ai camera containers. As a bonus, maybe you could briefly cover how to set up a public but secure plex/jellyfin share so people with access can use it.
I get so lost in the setup and security of self-hosting that it puts me off and leaves me to give up and entrust my data to companies. I wish I knew how to securely setup selfhosting. It would be perfect for the upcoming holiday season to purchase a homelab and storage and start my self-hosting journey.
In my network, UDM PRO not change to Third Party Gateway. Why? My gateway is a Fortigate. I buy this UDM to manager UAP's
so does Guest network do this? for isolation
Thank you for the video. Unfortunately, on Network 7.5.176 I can't seem to get this to work. I have my IoT device connected to a USW flex mini and set the port it's connected to be the IoT VLAN. I can ping the device just fine from the Default (main) network. But if I then create the same LAN In rule, I can't ping the device any more.
Good content, what’s missing for me is a schema like at 0.31 sec for hardware, their various connections and their must have dependencies.
So my network setting screen is different from yours…(v 3.1.16) and the only option I have is to create a 'New Virtual Network', I do not have 'Create New Network'. Does that matter? Also have a section just under where you enter the VLAN ID called ISOLATION (There is a checkbox to select "Network"). When I hover of the info circle for Isolation(Network), it tells me, "your guest hotspot profile will automatically be applied to this Guest Network. Connected clients will be isolated from all other internal networks. The restrictions can be modified in your Guest Hotspot Profile". So my question is, Do I need to check "Network"? I do not use a Guest Hotspot and to me, this checkbox should say Guest Network instead of Network. (btw, just under the circle I, it also references for more isolation options, to check out Traffic Rules). Thanks
Can you make a video, how to implement a pi-hole to this kind of vlan structure? 🙂
Is it possible to allow traffic to for example sonos on a guest network?
Very informative video! What's the difference between your Default and Main networks?
Loved this video so much. Great quality and very specific to my needs luckily. I would have loved to know a little more about what other rules you made and for what reason so i knew what i had to look out for when i start setting up my own network next year. I hope to see more great content in the future. I wish you the best!
How is this different from a guest network, since in both cases I can't ping IoT devices from another private network?
I have a question. If you have multiple switches, do you set up the VLAN on the router or even on the switch, or just the switch? Thanks
Great vid, Thanks, but I have a longer, more entailed question, can I send you an email question please ?
What about IOT communicating with your media server. I want my Poweredger to be on a separate vlan from my IOT but still want some of my IOT to communicate with truenas for media
super great guy love you
It's odd that Unifi has inter-VLAN routing enabled by default considering that virtual network segmentation is pretty much the primary reason most people set up VLANs in the first place. I can confirm that both Cisco and HP MLS switches have lanbase routing disabled.
On the subject of port assignment, it seems that Unifi takes a space somewhere in the middle of Cisco and HP. By default, Cisco lets any VLAN travel on a Trunk (tagged) port unless specified otherwise, while HP requires you to tag the port for any and all expected VLANS other than Native.
Hi Tim. Excellent video. I also use UDM and I am setting up a similar configuration to isolate IoT devices but I am not sure about the best way to deal with Proxmox. Do you have the VE in a specific VLAN? What about the different VMs? I am running HomeAssistant as a VM and by default it installs in the same VLAN as the VE. How can I get the VM installed in the IoT VLAN? More in general, how can I get to select a specific VLAN in which a given VM will be installed? Hope you can give me some guidance. Cheers
For clarification, on Wifi VLANs you always need to create a new wifi SSID? If you need 10 different vlans on wifi, you need to setup 10 different SSIDs? Can't be done on same SSID the vlan splitting?
Nice Video, problem with such content, no normal IT hobbist (Homelab) user had an 700€ Switch @home. Why you all guys can't do stuff for IT Homelabusers with none such big money. Ppl that uses TP Link Switches/Router or Netgear SG- Switches….
I watched your video and "ItsMyNaturalColour" video on VLAN setup and they are both great videos. But like you said at the beginning of this video on UniFi the OS will have and show different names for settings. My UDP Pro has the latest and greatest now and VLAN Hopping("inter VLAN Communication) is not turned on by default and Profile prompts don't show up the same. So I'm going to have to work through the settings and figure it out. I have my VLANS setup but I need my Main VLAN to be able to talk to my Server VLAN etc. One thing about my setup now is everything is truly isolated right now and secure lol.
Great video…. but calling UBNT/Unifi enterprise is probably a bit of a stretch. Its great for what it is… but enterprise usually needs more than what UBNT can provide unless you're only needing basic wireless access.
Great video!!!
Thanks, that was helpful. But it stopped just as it was getting interesting. I set up an entertainment network, an iot network and so on. But certain devices need to communicate accross vlan boundries. For instance Home Assistant (now running in iot) needs to access a few devices in other vlans and vice versa. Hope to see a video on this. Thanks!
With the new release of Firmware it doesnt let me add networks anymore?
Thank you Tim! I am a 17 year old network admin in training, and I finally understand all of this! 😅
Hello, in which situation could it be useful to apply a rule on the OUT interface ?!?
Is it possible to have Ui Protect on a different vlan? When I moved my cameras, protect couldn't see them anymore.
This is great!! I got a new UDM SE and some security cameras. You made this pretty easy. I want to clear up one issue for my setup. I assume devices in your IOT-Better VLAN can do bidirectional communication with external network and services with the rules you defined. Is that correct? If so, I think my situation is the same.
I need my cameras to be able to connect to security operators that get contacted when the camera and their AI host software detect inappropriate activity. If that occurs the security operators come on interactively and starts querying the perps, and as required dispatching the police.
Did I miss a video on how the rings of the networks are numbered / used? Would be interested in a useful strategy if there's one to be shared.
Thanks. Very helpful. Definitely getting my head around all of this more and more. Appreciate your making this video. Cheers!
I have been having massive issues with my udm idk what the hell was going on but i decided to create some vlans to get some more control on whatever is going on. Changed all ports and added rules. Now things are working like they should. Big thanks for taking the time to go through how to set things up. much appreciated. for days my network was sometimes working off and on. This was a huge help. thanks.