Jump to content

Ubiquiti UniFi Thoughts and Questions

BAlGaInTl

By BAlGaInTl
in Hardware

 Share

Recommended Posts

lightsout

lightsout   144

Posted
Posted

When I upgraded I sold my Asus AiMesh Routers, all four of them reset. Since the USG only really has two ports, I needed a switch anyway so I got a Switch8. One of my UAP ACPro's is powered off this switch the other is not. I re-provisioned CAT 5e in my walls for phone to ethernet but the way it was cabled there were no home runs as this isn't required for phone. I have it daisy-chained through five, count 'em, five unmanaged gig switches to the location of the other UAP ACPro which is powered by the included PoE power injector. They are managable in the Controller software but I'm not sure what would be lost by not having them connected to a managed switch. It just works..

Taking Poe out of the equation, I believe my problem with a single switch 8 would be each of the rooms where a single run of Ethernet goes could only be on one network. Either the TV's and streamers go on the secondary lan, or they and the ap go on the main.
Link to comment
Share on other sites
BAlGaInTl

BAlGaInTl   279

Posted
  • Author
Posted

Yup.. typing 10.0.0.x is second nature for me now. Try it. I think you'll like it. 10.0.0. 10.0.0. 10.0.0. LOL

 

Don't tempt me...

 

Do you know how long I would have to spend in config files and applications to convert everything to 10.0.0..... 

 

:D

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
Posted

Don't tempt me...

 

Do you know how long I would have to spend in config files and applications to convert everything to 10.0.0..... 

 

:D

i've been a 10.0.1.x guy for probably 15 years.  now with vlans and vpn i've bumped it up to 10.0.2 and 10.0.3.  F the 192.168 crowd!

  • Like 1
Link to comment
Share on other sites
BAlGaInTl

BAlGaInTl   279

Posted
  • Author
Posted

i've been a 10.0.1.x guy for probably 15 years.  now with vlans and vpn i've bumped it up to 10.0.2 and 10.0.3.  F the 192.168 crowd!

 

10.0.0 is for the lazy!

 

192.168. master race!

 

We need a poll!

 

:D

Link to comment
Share on other sites
Sammy

Sammy   735

Posted
Posted

Taking Poe out of the equation, I believe my problem with a single switch 8 would be each of the rooms where a single run of Ethernet goes could only be on one network. Either the TV's and streamers go on the secondary lan, or they and the ap go on the main.

I'm sorry but I'm just not following along with what you're trying to say. Could you make it a little bit more clear for me?

 

Sent from my SM-G960U1 using Tapatalk

Link to comment
Share on other sites
sooty234

sooty234   266

Posted
Posted

Using 10.x.x.x , 11.x.x.x etc when you have 4+ VLANs with WLANs attached, makes things much easier to keep track of. I can easily see what device is on which network. And the USG shows me the entire topology with addresses.

Link to comment
Share on other sites
lightsout

lightsout   144

Posted
Posted

I'm sorry but I'm just not following along with what you're trying to say. Could you make it a little bit more clear for me?

 

Sent from my SM-G960U1 using Tapatalk

Yeah let me try, I was watching one of those videos you sent on having a seperate vlan for IoT devices. 

 

So lets say I have an ethernet run coming from main switch to the living room. At that jack in the living room currently I have a dumb switch that goes out to my AP, TV, Shield, and AVR.

 

What I understand is that because their is only one cable run to that location my options are limited

 

1. All devices that are wired after the dumb switch are on the main lan and the ap can send out signal for both lans

 

2. All the devices after the dumb switch are on the IoT vlan and this means my AP can't send out a signal for my main lan.

 

This is all assuming I had a unifi switch that I believe can send a cerain vlan from a certain port on a switch.

 

Basically what I would want to do is have all the devices in my living room still wired but connected to the IoT vlan, and have an AP in the living room sending

out the SSID for my main lan, and all of this coming from a single run in the garage. It seems the only way to accomplish this is to have a Unifi switch in the living room.

 

Hopefully that is a bit clearer.

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
Posted

Yeah let me try, I was watching one of those videos you sent on having a seperate vlan for IoT devices. 

 

So lets say I have an ethernet run coming from main switch to the living room. At that jack in the living room currently I have a dumb switch that goes out to my AP, TV, Shield, and AVR.

 

What I understand is that because their is only one cable run to that location my options are limited

 

1. All devices that are wired after the dumb switch are on the main lan and the ap can send out signal for both lans

 

2. All the devices after the dumb switch are on the IoT vlan and this means my AP can't send out a signal for my main lan.

 

This is all assuming I had a unifi switch that I believe can send a cerain vlan from a certain port on a switch.

 

Basically what I would want to do is have all the devices in my living room still wired but connected to the IoT vlan, and have an AP in the living room sending

out the SSID for my main lan, and all of this coming from a single run in the garage. It seems the only way to accomplish this is to have a Unifi switch in the living room.

 

Hopefully that is a bit clearer.

if everything in your living room will go on a vlan, then a dumb switch will work (since the dumb switch is whats connected to the controller).  If you want to for some reason segregate stuff in your LR to be on different vlans/subnets, then you either need to do wifi or you need another managed switch.  Easiest way to think about it is that whatever is coming out of your switch w/ the vlan tag ha to terminate at the same location.  "Smart" devices are actually really fucking dumb, and you have no conrol over them other than the fact they can stream netflix.  There is no way to specify anything complicated in their network settings other than setting a gateway, which 90% of the time breaks them if the gateway isn't the default gateway.

 

imo, the easiest way to do this is to set 1 vlan for everything you want segregated (like iot stuff) on 1 vlan, and everything else on the main LAN.  which works 99% of the time (like, why would you want your atv on the iot vlan and not your tv and receiver?).

 

TL;DR if you want different stuff on different vlans in the same room, you need to use wifi or use another managed switch in that room, or run multiple lines from your main switch.  

Link to comment
Share on other sites
lightsout

lightsout   144

Posted
Posted

if everything in your living room will go on a vlan, then a dumb switch will work (since the dumb switch is whats connected to the controller).  If you want to for some reason segregate stuff in your LR to be on different vlans/subnets, then you either need to do wifi or you need another managed switch.  Easiest way to think about it is that whatever is coming out of your switch w/ the vlan tag ha to terminate at the same location.  "Smart" devices are actually really fucking dumb, and you have no conrol over them other than the fact they can stream netflix.  There is no way to specify anything complicated in their network settings other than setting a gateway, which 90% of the time breaks them if the gateway isn't the default gateway.

 

imo, the easiest way to do this is to set 1 vlan for everything you want segregated (like iot stuff) on 1 vlan, and everything else on the main LAN.  which works 99% of the time (like, why would you want your atv on the iot vlan and not your tv and receiver?).

 

TL;DR if you want different stuff on different vlans in the same room, you need to use wifi or use another managed switch in that room, or run multiple lines from your main switch.  

Yes that is my predicament. The snag I have with my current setup is I would like everything in the living room to be on the IoT vlan, EXCEPT the AP-AC-Lite that sits on that switch. I would like it to send out a signal for both vlans.

 

So thank you, you confirmed what I understood to be true, I need another switch at these end points if I want more than one vlan unless its wifi. But I do not want my main gear to be on wifi, 

at this point I would rather keep a single vlan instead of having to go wifi. Maybe I'll buy some switched down the road.

Link to comment
Share on other sites
Jdiesel

Jdiesel   1114

Posted
Posted

Yes that is my predicament. The snag I have with my current setup is I would like everything in the living room to be on the IoT vlan, EXCEPT the AP-AC-Lite that sits on that switch. I would like it to send out a signal for both vlans.

 

So thank you, you confirmed what I understood to be true, I need another switch at these end points if I want more than one vlan unless its wifi. But I do not want my main gear to be on wifi, 

at this point I would rather keep a single vlan instead of having to go wifi. Maybe I'll buy some switched down the road.

 

If you are interested in a cheap managed switch supports vlans I use a TP-Link TL-SG108 with good results. Just don't both getting the POE version with the intent to power your UAP's as it isn't the right type of POE.

Link to comment
Share on other sites
Spaceboy

Spaceboy   2493

Posted
Posted

Added the switch 8 to my setup a couple of weeks ago. Only for the poe as I wanted to save on a socket where my tv an consoles are.

Link to comment
Share on other sites
lightsout

lightsout   144

Posted
Posted (edited)

If you are interested in a cheap managed switch supports vlans I use a TP-Link TL-SG108 with good results. Just don't both getting the POE version with the intent to power your UAP's as it isn't the right type of POE.

So wait are you saying that I could tell this switch which vlan I want going to each port?

 

I own one of these switches already so that would be great.

 

EDIT I see it looks like it is does through the software of the switch itself, so I suppose I would just add the info that I made up in the USG? Very interesting.

Edited by lightsout
Link to comment
Share on other sites
Jdiesel

Jdiesel   1114

Posted
Posted

So wait are you saying that I could tell this switch which vlan I want going to each port?

 

I own one of these switches already so that would be great.

 

EDIT I see it looks like it is does through the software of the switch itself, so I suppose I would just add the info that I made up in the USG? Very interesting.

Yes just set each port to allow the vlan/vlans you want to pass through. You can also pass through vlans to your UAP.

 

This video should explain it

 

https://youtu.be/5ohLAFHnOHg

Link to comment
Share on other sites
lightsout

lightsout   144

Posted
Posted (edited)

Yes just set each port to allow the vlan/vlans you want to pass through. You can also pass through vlans to your UAP.

 

This video should explain it

 

Very nice, just ordered a second thanks, this should work great once I start getting things figured out. Can't go wrong for under $20.

 

Hmmm, he is using the "E" version of the switch, is that the one you have and is it necessary? I thought I read that it works on the non "E" version as well.

Edited by lightsout
Link to comment
Share on other sites
lightsout

lightsout   144

Posted
Posted

Curious why i see some people using 192.168.1.1/24

 

Specifically the 1/24 part, don't understand what that means why the line?

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
Posted

Curious why i see some people using 192.168.1.1/24

 

Specifically the 1/24 part, don't understand what that means why the line?

That is denoting the number of IP addresses available and subnet mask for the domain in bits, which basically tells the controller what it's allowed to access.  /24 equates to 256 ip addresses available, and a subnet mask of 255.255.255.0.  /24 is basically the default for a network which is why you see it everywhere.  255.255.255.0 basically means only the stuff on that domain (192.168.1.1 - 192.168.1.256) can see eachother.  If you have more than 1 subnet (eg, 192.168.1.1 and 192.168.2.1) and you want the stuff on the first subnet to see stuff on the 2nd subnet, and vice versa, you would assign /16 to both networks, which is a mask of 255.255.0.0, which means anything on the 192.168.x.x ip range can communicate with one another.

 

Good article about it here https://www.ripe.net/about-us/press-centre/understanding-ip-addressing

  • Like 1
Link to comment
Share on other sites
BAlGaInTl

BAlGaInTl   279

Posted
  • Author
Posted

Curious why i see some people using 192.168.1.1/24

 

Specifically the 1/24 part, don't understand what that means why the line?

 

That's just a way of annotating the range of IP addresses used in a subnet.  

Link to comment
Share on other sites
BAlGaInTl

BAlGaInTl   279

Posted
  • Author
Posted

That is denoting the number of IP addresses available and subnet mask for the domain in bits, which basically tells the controller what it's allowed to access.  /24 equates to 256 ip addresses available, and a subnet mask of 255.255.255.0.  /24 is basically the default for a network which is why you see it everywhere.  255.255.255.0 basically means only the stuff on that domain (192.168.1.1 - 192.168.1.256) can see eachother.  If you have more than 1 subnet (eg, 192.168.1.1 and 192.168.2.1) and you want the stuff on the first subnet to see stuff on the 2nd subnet, and vice versa, you would assign /16 to both networks, which is a mask of 255.255.0.0, which means anything on the 192.168.x.x ip range can communicate with one another.

 

Good article about it here https://www.ripe.net/about-us/press-centre/understanding-ip-addressing

 

Beat me to it with a much better description.  :)

Link to comment
Share on other sites
murky024

murky024   1

Posted
Posted

Anyone want to sell me on buying the USG, is it worth it? I have an AP AC Lite and a Pro, just installed the controller (they were previously setup as stand alone)

 

I have an old NetGear as my router that just goes into a cheap switch. Everything works great. I am not worried about getting POE.

 

So would the USG be much of an advantage? 

No, stay as far away from the USG as possible. It is a dead platform and they are moving with the UDM platform. The throughput is awful on the USG when IDS and IPS are turned on. The UDM platform is much more capable. I would expect they will be releasing a new gateway as rumor has it the USG Pro has a replacement with new hardware in alpha.

Link to comment
Share on other sites
Sammy

Sammy   735

Posted
Posted

No, stay as far away from the USG as possible. It is a dead platform and they are moving with the UDM platform. The throughput is awful on the USG when IDS and IPS are turned on. The UDM platform is much more capable. I would expect they will be releasing a new gateway as rumor has it the USG Pro has a replacement with new hardware in alpha.

Sources?

 

Sent from my SM-G960U1 using Tapatalk

Link to comment
Share on other sites
MRobi

MRobi   159

Posted
Posted (edited)

Sources?

 

Sent from my SM-G960U1 using Tapatalk

No sources needed, just look at the specs of the devices.

Turn on IDS/IPS/DPI on a USG and your maximum throughput is 85Mbit.

If you go all out and get the USG Pro 4 you'll get 250Mb.

UDM has 850Mb

UDM Pro has Gigabit. SEE EDIT

And if you're not planning on using those features, why invest in one in the first place?

 

It's a complete no brainer to go the UDM route right now, the hardware is better in every single aspect and it's in the same price range. I would not recommend a USG to anybody right now. I actually just picked up the UDM-Pro, only downside I've come across is that the SFP+ port doesn't sync at 2.5Gbit although it's on their roadmap for a future firmware upgrade.

 

EDIT: I stand corrected. Apparently the UDM-Pro has a maximum throughput of 3.5Gb with IDS/IPS enabled. That means you can turn it on and you won't get any reduction in speed on any consumer internet connection. I can't see household internet passing 3.5Gb in the next few years.

Edited by MRobi
Link to comment
Share on other sites
murky024

murky024   1

Posted
Posted

Sources?

 

Sent from my SM-G960U1 using Tapatalk

 

They are not updating the firmware on the USG regularly anymore. They also have the UDM product line with a much more capable processor to replace the USG hardware and migrate it to UnifiOS. At this point nothing is confirmed by the company (which they wouldn't do because they are a publicly traded company) but I read a news article that rumored a new USG product line on the UDM processor which makes sense given the age and abilities of the USG line with its current hardware.

 

You might want to consider a UDM, I am not sure what your network setup is, but if I wasn't holding out for Wifi 6, I would have picked up a UDM.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...