On the Apple TV issue, set an Established and Related rule as an accept between all Networks. Then a block from source IOT and destination MAIN. this will allow Main devices to talk to IOT. They can respond due to the established and related rule but can’t initiate a conversation
This is great advice. I was going to say the same thing, but I see it has been covered. Far more robust network design and easy to do. That said, great video.
This has to of been my favourite series’ on YT for a while. I’m a UniFi nerd myself & host many UniFi environments. When you did your original network series, I had high hopes you would upgrade to UniFi gear secretly 😂
I would keep a downloaded settings backup that is saved off the UDM after you have all your settings set. That way if you for whatever reason need to restore those settings on other hardware you will have a separate backup.
This... I had mine set up with a good baseline. A driver hit the electric pole near the home and the UDM Pro went into rescue mode. Had to reinstall firmware locally. Thankfully I had a PC with a lan port!
I'm very impressed by this series. I worked for a small computer company (IBM) for 40 years and spent a lot of energy investigating different vendors and their wares for my new home. I have a home - 2 stories - where the basement is poured concrete and below ground window wells. I have 2 AP-HDs (one on each floor) serving the IoTs, wireless phones, smart TVs, etc. The list is growing (18+) - it amazes me who many devices needing internet access we have. I can not wire to outside walls in the basement - hence the need for strong wireless. I wanted a vendor who "had the goods" - both hardware and management software - who was innovative and a vendor in the top 5. I DID NOT WANT to spend extra money on licensing (for a home system - come on!). I also did NOT want my wife to keep telling me "The network is down again!". We live in the U.S.A in Aurora, CO where there are rare power outages (very little thunder). However, in Durham, NC (where we lived for 23 years ), there were many thunderstorms and momentary outages - enough to reset and IPL the modem. I have a small APC battery backup unit to handle any power burps. I have a small request - please provide your spreadsheet so it can be used by others. It would save the time to reproduce and is a great tool. (I know - we used many spreadsheets use in defining customer configurations). Any configuration should be documented - just in case! I'm looking forward to seeing more in the series! Dave Clifford
Hi Dave. Thanks so much for taking the time to share your story in this comment, very interesting! I've emailed 4 copies of my spreadsheet off to those who have asked for it, but I will look at making it available for download and will add a link to the description.
As someone who works with UniFi daily as it's our goto WiFi solution at work it was interesting to watch someone go from the ground up, albeit with the top end kit that I haven't had a chance to play with yet. My only qualm with your work is "CABLE TIES" arggggghhhhhhh. These are just the most hated things in any network cab or cable installation. If you get a dud cable then you'll have to cut every single one of those ties to pull out and replace the cable. Granted it's not a regular occurrence but velcro straps ftw every time. That said these have been a great set of videos, welcome to the UniFi World.
Thanks Jason, really glad you found it interesting and have enjoyed the videos :) Haha cable ties!! ;) I know I know... it's crazy, when I do projects on UA-cam, I always get at least someone commenting on my use of cable ties. I have to say though and this is the absolute truth, I'll take traditional cable ties over velcro any day of the week. Velcro has it's uses and I have used it a lot for various things, but give me a cable tie for the majority of situation any day. I find it takes equally as long to faff with a velcro tie to replace a dead cable, than it does to snip a cable tie and re-do it. Velcro ties are better for the planet though, so that's definitely something. They can be used over, and over and over again :D
I built my own rack after watching this series, setting it up with a dream machine, a 24PoE switch and 4 AP-Lite. Cable for the rest. It's simply awesome. Thank you for your videos. It's all working fine!
Great tutorial! Really helped me set up my dream machine!!! 35:20 I believe another way instead of the "match set new" option you selected is to create an allow rule for established and related connections from your IoT network to your main network. This should allow your phone to control your IoT devices (like philips hue) even if said phone is on a dfferent VLAN behind a firewall.
This is fantastic! It’s killing me that SFP port 2 on the Dream Machine is plugged into SFP port 1 on the Switch. It’s industry standard to plug 1 to 1 , 2 to 2, if possible.
Usually we do firewalls the other way around. Block everything, and then create 'allow'-rules. Then you would not need to create those groups containing "everything except network". It's also more secure by default.
Oh and I also have to say Tom I really really love the style you’ve used for this video series, the music, the shots, the filters, brilliant mate, well done!
Great three-part series, got me up and running in no time. UMBPro, USE Pro-24-POE, US-8-60W, NanoHD. I've run into an issue with my three SSID’s when I assign and turn on VLAN 10, 20, 40; I get a no internet connection error on each, turn them off they work.
I have had Unifi as my home network with 3 x 24 port switches and 6 AP's for nearly 2 years and struggled to do the VLAN/firewall settings for exactly your scenario with IoT's etc. My main issue was the sky q app not accessible via my phone or kids' iPads with sky q in its own VLAN, so ending up sticking everything on the same network. So thank you so much for making this video, I cant wait to start work on the settings.
Few suggestions. First rule of firewall is to drop everything you don't know. So it a good practice to define the rule to drop all traffic and put it as the last rule. Then you open only the traffic that is really needed. This way you have full control over your Network and maximum security. I'd also consider separaring servers to a other vlan to minimize the risk that any malware you may get on the end users machines do not easily transfer to your servers. Also consider IOT Vlan as guest as well with client isolation. Your philips Hue does not need to be aware of your harmony hub or other smart plug or bulb you may have (and if they do you can open specific ports to specific devices). Also If Apple tv needs full connection to the main vlan maybe it does not really belong to IOT Network and should be moved to main?
Thank you for going through all the UniFi settings you used and explaining them. You are the first one who I have seen that can describe in great detail the firewall rules and how they are set up across the UniFi VLANs. You’ve helped me out tremendously! Enjoy your new setup!!
When you got to add a new iOT device and are setting it up for the 1st time. Say for example like a Wemo smart plug and you want to add that smart plug to Homekit. Have you run into trouble with your firewall rules? I found I had to turn off firewall rules to do initial setup/ add device to homekit, but then I could turn firewall rule back on and have things work as intended.
Hey Brett. I haven't had enough opportunity to experiment with setting up new devices under this config yet. I've had it up and running like this for 4 or 5 days, so I've only tested the functionality of the devices I already had set up. I'll be talking a lot more about this sort of thing in future videos, so I'll be sharing all my findings.
This is the most helpful ubiquity video ever! Most of them are network guys flying though menus and going 100 mph thank you for taking time and showing menus and step by step for those of us learning this is amazing!
It has been great watching this and the old network series, especially the iterative process of small improvements and all the challenges along the way.A small hint: Firewall rules are usually made the other way around. Best practice is "default drop all" then make exceptions for what should be allowed. Then you don't need those groups.
nice view of your configuration and explanations as to why you have done it that way. Firewall rules can be tricky but once you get your head around it, it is simple. great series Tom
Great video just at the end you have your cables comming out of the brush plate and over the switch to the UDM what happens if you need to take the switch out ? your stuck with cables blocking you should add one more brush plate between the UDM and the Switch You went with all white cables ? No color code ?
Thanks Funny Noodle! Couple of answers. No colour coding no - it's a 1 to 1 patch system, so will remain patched in this state permanently. As for the blocking of the switch, you're absolutely right. Main reason I didn't add another brush plate was I really didn't want to absorb another 1U of space. I have some more equipment to add to the rack and space is becoming an issue. Also, I can see myself at some point upgrading to a 24-port UniFi switch, so that upgrade will be very smooth and easy with the currently layout. I'll simply move the block of 8 cables down from the UDM, to the final ports on the new switch. It'll stay just as clean and means I can swap switches without pulling the rack out and removing the back cover.
ItsMyNaturalColour could you have had a 24 port originally? When Ubiquiti sponsor a video series like this, do they give you a budget of say £1000 for example, and you choose to get the most suitable items for you within that budget?
@@jasonlee3247 I requested the gear I received specifically as I'd already outlined my project goals, and they also gave me a G3 Flex camera on top which is the only item I did not request. Originally I requested the 16 port switch as I wasn't aware of the UDM Pro 8-port switch backplane limitation of 1Gbps. This isn't a huge deal as my number of devices hasn't exceeded 16, but I'm hoping to add more cameras and I have more network expansion on the way, so I can see myself eventually growing out of the 16 port version. It's perfect for now, though.
Usually don’t comment but your style and explanation is excellent. I am getting addicted to your channel 😄. I encourage you to take up more complicated tasks like this. Your explanation on firewall is the best I have come across. It was a piece of cake to set up my Udm-pro.
Holy Smokes - Ubiquity has surely made their money many times over by giving you the free gear! Like you. I'm venturing into this area as a rookie, upgrading my church's internet. Your videos answered the questions I had about their hardware and software. I finalized my order today. Your presentation style is easy on the ears. I'll be referencing Part 3 a lot to get the configuration part locked in.
Matt, thanks so much for this comment. Really glad you found these videos useful! Good luck with your install and absolutely thrilled to hear I've helped :)
You have a way better and neater setup than my server rack at work that is currently a rat's nest with old unmatched hardware and no real cooling to speak of. Looks awesome
I would speed test with 2.4ghz and 5ghz, I created a different wifi for each. Also since you have only one ap you should turn the antenna power to max instead of auto. Also I would run a channel saturation "rf scan" to see what channel you should be on for 2.4 and 5, The ap can do this or you can use a phone with an ap like "wifi analyzer" that might improve your rooms 1 and 2 bandwidth. In my worst room I get 60 on 2.4ghz but I get 110(max) on 5ghz
Great JOB! I just purchased the UDM PRO and the 24 port PRO switch and havent set it up yet. I'm waiting for my rack and ups. I'm currently using the Asus AX6000 in a AI mesh set up with 2 of them. I was always getting shutdowns and found they were getting hot due to the amount of stuff I have pugged into them. So here I am watching your great video on how to set it all up. Thank you for your awesome efforts on going through setting up this awesome network.
Absolutely fantastic to hear you've bought those toys! That is going to be one giant upgrade.... wow! You'll absolutely love it. Keep your eye out for more UniFi coverage on my channel. I wasn't able to get everything squeezed into these 3 parts so I'll have some other bits coming up. Thanks for watching!
@@ItsMyNaturalColour Thanks for the quick reply. I'll be looking forward to seeing your future videos. You explained everything perfectly. I've tried watching other UA-camrs upgrade to the UDM pro and they don't really go into detail like you did. Like I said. Great job.
OMG Tom looks amazing! You have put SO much effort into really sorting the next work out. And it shows! Visually looks amazing!! Love the outtakes, can we have more?
For the "Bug" you mentioned in your video, what worked for me was to go to "Insights" (just below Clients on the left panel) once there make sure you have "All" selected and not just the "Last 24 Hours" at the top. You should see a list of all the devices and their associated IP addresses. Sort by the Fixed IP Column, and then look for the errant IP address that keeps showing up. Click on it and then on the far right click on "Forget". For some reason, Unifi is stubborn with remembering all this information and not updating the tables. I also use the DHCP reserve (Use Fixed IP Address in the settings of the device panel) instead of hard coding IP's on my network devices. Hope this helps.
Hey Fred, thanks for the tip I'll give this a go! Yes, I should've mentioned DHCP reserve. I'll be sure to bring it up in my next UniFi video further down the line.
Oh trust me, I’m going too once I move out. I’m running basic TP Link switches and AP’s at the moment, don’t need anything too fancy here, but will want it when I leave
You should get better WiFi if you move the AP upstairs WiFi finds it easier too travel down than it does up mount it on your ceiling upstairs centrally
For that IP bug on the controller, you might need to check your /etc/hosts file on the USG and clean it up. You can SSH into it, and do 'vi /etc/hosts' . Clean up the old entries; then once you've saved it you can reload dnsmasq (sudo /etc/init.d/dnsmasq force-reload ).
Thank you. That was driving me bonkers! Also wondering if it would be more secure on the uplink port for the switches, instead of 'All' port profile, you have the (combined) profiles of the VLANs being used? For example, LAN (Native) + IoT (Tagged) on uplink if the switch is only going to have IoT devices connected to it.
@@si-fi hey, not really because you set your port profiles on the access ports... you'd just be complicating the configuration for no appreciable security gain
PC building is utter child's play compared to this. I love it. Thank you for your efforts. I'm building my own home network and this really helped me in the perspective I need for its management.
I would suggest downloading your backup image periodically. Especially if you have made changes. I assume with the udm pro it stores the backup internally. Not worth much if there's a failure.
Thanks for allowing me to enjoy your journey. I see you published a equipment list. Would it be possible for you to include a list of the accessories used? I’m intrigued by your cables and others items used during your upgrade. I’m in the process of acquiring equipment for an upgrade.
I builded my home network based on this video (you can see another comment of me below), but for almost a year, I had connectivity issues with wifi devices. I even send an email to Tom about my problem asking for help. I love Tom's videos, I just want to let you know that this setup of firewall rules is NOT RIGHT and is NOT WORKING RIGHT. I know Tom did his best to figure out everything about UDM Pro, but recently I saw 2 videos from 2 different channels and I reset my UDM Pro, I followed their videos and since then everything works perfect. Tom, you should make another video for UDM Pro. We still love you!
As I've just had to massively downsize my Networking/server setup and get rid of my rack, I can say that your rack looks so much better than mine ever did - absolutely loving the white/silver aesthetic you have going through the whole thing (and did I see a teaser for a new server in your switch plan? Is that what's going in the 2U space you've left there?) Either way, looking awesome Tom, thanks for making awesome videos. From one side of the Bristol Channel to the other, Thanks for doing what you do :)
Hey Joshua. Thanks so much for your awesome comment! You're the first person that appears to have caught on to the hint of a new server on the way, nice one! I'll have the video up in the next couple of weeks or so. Very excited to add even more to the rack. Thanks again, so glad you enjoyed the video and like the rack :)
I really like it too. Currently building my own Unifi kitted rack all silver/grey. Where did you get the cable passthrough and blank covers in silver for your rack?
Really enjoyed your 3 part series. Having been in IT for 30 years I truly appreciate your attention to detail on the rack. I am curious who makes that cabinet? looks heavy duty and quite appealing.
This has been a tremendous helping hand, and a very detailed ‘guide.’ If you didn’t just happen to read my mind, as I was planning to upgrade my home WiFi as well as get my own little network for Virtualization and media servers, and then did this 3 part series, I wouldn’t have thought to have gone with Ubiquiti! And that AR function at the very end was mind blowing! SO COOL! On another note, have you thought about doing some sort of online teaching for all things tech. I believe your method of communicating and laying out information is a great way for students, like myself, to learn. (Good bit of entertainment too!). Keep up the fabulous work!
Thanks so much for your extremely kind comment! It means a great deal. I'm really pleased that the videos have been helpful. I've never thought about teaching, but comments like this are definitely giving me the inspiration to possibly make a few more tutorial style videos on the channel, if people are finding them useful. I'm learning too, so I'm finding it really fun going through it with you guys and getting the feedback along the way. Thanks once again :D
Hey John, definitely. I have another UniFi video planned where I delve deeper into the AP itself and the associated settings. I'll hopefully get that done quite soon.
@@ItsMyNaturalColour For this one, if you enable the Wi-Fi AI option it will take care of that automatically. It also adjusts to changes in the environment (such as a 2nd AP, or interference from new equipment or outside sources)
Where were you able to find the non black brush panels and blanks? I would LOVE to get some myself but can’t seem to google-fu them! Oh and does the gray match the Unifi gear?
Hi Philip The brush panels are "712477 Intellinet 19IN CABLE ENTRY PANEL" - I bought my 2 from an eBay seller but they're available from a few different sites if you Google that product. The colour is not the same. The UniFi gear has that shiny-ish aluminium look, where as these panels are painted steel, specifically RAL 7035. I'm not aware of any off the shelf panels that have the aluminium look, but you can remove the brushes from these, so you could if you wanted spray them with aluminium spray, which you can pick up online / at a hardware shop / auto repair shop. This has been done by other UniFi enthusiasts who want even colour rack equipment. For me, these panels are a great fit as my cabinet is finished in RAL 7035, so it looks really nice.
This was a fantastic series of videos. I recently bought a Dream Machine Pro and had ideas of what I wanted to do with it. Your video will save me a lot of time and gave me a few ideas as well. It also gave me motivation to clean up my cables on my rack - I thought your final job looked very nice. I have subscribed to your channel and plan on watching more - thank you!
Really good! Consider putting a group around your Apple TV so that if you get more devices to which the same rule would apply, you won't have to build a new rule.
Delicious setup, it looks amazing, very similar to what I'm setting up now (with the exception of I'm going for the 24 port Gen2 switch, and the Ubiquiti RPS too). One question if I may ask, where did you source your brush panels from, and how does the panel colour compare with Unifi stuff? I don't think my OCD will allow me to sleep unless they're the same colour! Once again, supreme job, great content and looking forward to see more!
Thanks, Steve! Really glad you enjoyed the video. The brush panels are "712477 Intellinet 19IN CABLE ENTRY PANEL" - I bought my 2 from an eBay seller but they're available from a few different sites if you Google that product. The colour is not the same. The UniFi gear has that shiny-ish aluminium look, where as these panels are painted steel, specifically RAL 7035. I'm not aware of any off the shelf panels that have the aluminium look, but you can remove the brushes from these, so you could if you wanted spray them with aluminium spray, which you can pick up online / at a hardware shop / auto repair shop. This has been done by other UniFi enthusiasts who want even colour rack equipment. For me, these panels are a great fit as my cabinet is finished in RAL 7035, so it looks really nice. The patch cables are deleyCON CAT6 white. They're available on Amazon as packs of 10, multiple different lengths available. I purchased 20x 2m and 10x 1m for this project, used 24 for patching the front end and 6 for patching the rack gear itself. www.amazon.co.uk/gp/product/B079G3V5Y5/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&th=1
I swear this guy made great videos how to make everything done very well by easy way and no like other guys here just make everything very hard to understand. . GOOD JOB im big fan
Maybe i am thinking wrong, but you should have just put the AP so it covered the lower holes. That way you won't see the holes above unless you stand on a chair and looking down.
The only flaw I see with this plan is that if you need to access the bottom switch for any reason or have to take it out of the rack. Say it dies and you have to RMA it. Hypothetical. You would have to unplug everything from the UDM to get to it. Not to mention you just made it harder to access the ports beneath those cables. Fiber ninja has a video about this, just don’t remember which one it was. The UDM should be using direct patches with really short jumpers from above. But it your okay with what I just said, then it’s ok. Looks good mate. Glad to see your happy with the result.
You're absolutely right, and I was aware when doing it that Fiberninja would not be happy with me. I can see myself at some point upgrading to a 24-port UniFi switch, so that upgrade will be very smooth and easy with the current layout. I'll simply move the block of 8 cables down from the UDM, to the final ports on the new switch. It'll stay just as clean and means I can swap switches without pulling the rack out and removing the back cover. Even before installing the 16 port, I could foresee my need for a 24 port.
ItsMyNaturalColour I wish I had the money to upgrade my switches to Unifi. Just don’t have $2000 to blow on the kind of gear I would need. I’m using retired Cisco switches from my local university that I paid $15 each for. A 48-port in my server rack and a POE 24 port in the garage where my patch panel is located. It does the job, just a pain to manage. Ubiquity dumbs down the VLAN process so that the average consumer can understand it. I had to configure my VLANs and LAGs via command line. Not fun, but if you understand what going on and understand the difference between trunk and access, it’s pretty simple.
Hi Daniel, glad the video is useful! My spreadsheet is nothing fancy, just a layout of my network, but if you'd like a copy send me an email itsmynaturalcolour@gmail.com and I'll fire you over to you.
The best Unifi Dream Machine Pro videos on the Internet. You influenced me with your way in my decision for the Unifi DM Pro and other Unifi components (G3 Flex, 24 PoE gen 2, AC APs) Keep it up. I like your style!! A nerdy user from Germany :D
Another great video Tom, well done. Glad to see you got it all put together nicely and great job on the wiring too! Looking forward to your next video.
Love your video series on the UniFi upgrade! I'm about a week behind you so just got my gear, still waiting for the USW24POE to arrive, learning a lot from you! To that end I'm curious about where you got information on the UDMP combined switch through capacity of only 1Gbit (until the switch arrives I'm using the switch on the UDM) I can't find that information anywhere... I also wonder where all patch cables to all ports in the UDM goes in your rack since you said in the video you're gonna use the main switch instead of the built in switch ports of the UDM due to the above said limitation? Oh, and could you link to the rack mounting gear? Eg what length are the patch cables you've used? what are the brush plates called etc :-)?
Really glad you enjoyed the video and awesome to hear you've got some UniFi kit on the way! Yes I can help with all this info. Unlike the UniFi switches, the switching capacity of the UDM Pro as well as other switch specific specs aren't outlined in the product data sheet, however if you do a bit of Googling, you'll come across the info that the current retail model ships with a 1Gbps backplane, where as the early access model had a 2.5Gbps backplane. See this link: ubntwiki.com/products/unifi/unifi_dream_machine_pro - there's also some useful information about the subject here: www.reddit.com/r/Ubiquiti/comments/eyqmud/udm_pro_8_port_switch_with_only_1gbps_backplane/ The 8 ports on the UDM Pro are patched to ports 17-24 on my patch panel. My switch is 1 to 1 patched 1 through 16. I currently don't have any devices in 17-24, so the UDM Pro switch ports aren't technically connected to any devices in my network currently. If you look at my network spreadsheet, you'll see my usage begins to creep into that range, but that's cabling that I haven't yet run. Switching capacity won't be a concern for machines I have connected to those ports as they'll be used once in a blue moon. All of my high throughput devices and devices used daily are / will be connected to the main switch, to make use of the much higher throughput of the dedicated switch. Patch cable length; I purchased 10x 1m and 10x 2m. I used 24 for the front patching, and 6 for the back end of my rack connecting the various machines within the rack itself. These are the cables: www.amazon.co.uk/gp/product/B079G3V5Y5/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 The brush panels are "712477 Intellinet 19IN CABLE ENTRY PANEL" - I bought my 2 from an eBay seller but they're available from a few different sites if you Google that product. I hope this was useful info, if I can help with anything else please let me know.
ItsMyNaturalColour BigFam is my alter ego.. Thanks so much for taking the time to respond. Very relevant and to the point information. Highly highly appreciated! Thanks so much again! 🙌🏻🙌🏻🙌🏻 Ohh and of course subscribing from both accounts😊
Love the series! If you put the second horse hair passthrough between the UDM and switch, you could get a little more airflow for both and not have to cross the cables over each other. Just my 2 cents.
You're absolutely right. I was torn deciding between the approach you mention, and the approach you see in the video. I also had to keep in mind my positioning of Skaro. The 2 UniFi devices run relatively cool, but Skaro gets hot, and as you can see it's directly below the lower brush panel. There's a new machine coming to fill the blank space below Skaro too, so ultimately I ended up going for this layout.
Nice setup. The IOT ssid can be a hidden network. CCTV should only have access to NVR nothing else. When making fw rules you can selected the sources/destination as a vlan no need for your groups. Also make a rule that drops all local ip address so if none of the rules apply it will drop. You also shouldn't be opening all vlans to other networks it should be specific ips and specific ports eg harmony hub 5222 and only open them. Only the IOT and guest networks need to be 24s you could get away with 26s or maybe smaller ranges.
Hi Paul Big thanks for your tips and help. I plan to clean it up in the future by only opening the required ports, it's just a bit of a mammoth task to undertake right away. I'll plod away at it slowly and tighten things up. Regarding the groups, I did this to make the rule creation process quicker. By setting up the groups, they'll always be there to use.
Enjoying the videos! I'm curious why you prefer to not put the Apple TV on the main network instead of IoT and punching a hole. I'm setting up mine this weekend and am trying to learn as much as I can. Thanks!
Hello just wanted to say I really enjoyed your video (sent over from techno Tim)and very thorough exclamations even though older still pertains to general unifi theory. Perhaps you’ll make an updated video? Also, tried to download your document from Dropbox to follow along with my set up and your link is broken from dropbox. Could you please update!
Going by your closing comments, you may well answer this one on a later video, but I'll ask it now anyway. How do the cameras talk to the UDM, for Protect, if they're on seperate VLANS? I want to do similar, and I have a dedicated 8-port Unifi POE switch, to power and connect my cameras, when I get them.
Hey Steve. The cameras will keep communication with the UDM just fine. When I created the camera VLAN, in this order I: 1. Gave the camera it's new IP address via DHCP Reserve (settings tab of the camera itself under UniFi controller device list) 2. Changed the switch port profile of the port connected to the camera to port group VLAN40 (cameras) 3. Power cycled the port When the camera fired back up, it was sitting happily on it's new VLAN with it's new IP address. I went into UniFi protect and it was detected instantly and began recording right away. I'm not sure if this is the official correct way to do it, but that's what I did and it worked just fine. Hope this helps.
@@ItsMyNaturalColour Cheers, I think it's about time to get, at least, my first camera, to experiment with, even though I'm nowhere near to being ready to install them. Great series of videos by the way.
@@stevesmith9081 I have more UniFi Protect coverage coming up, so keep an eye out as it may be helpful if you're looking at getting cameras. Thanks for comments, really glad you're enjoying.
I noticed the same. You cant absolutely set a static IP from the router. It only works when it wants. I renew the lease from the client and the client IP is still different to the one i set statically on the router. Its annoying because i want to set the static ip on the router and have a guaranteed assignment.
Nicely done! I agree with a couple of the other commentators... you might want to consider tweaking those firewall rules a bit. What you have is workable, clearly, but there are some best practices to consider in terms of “drop all”. I like the cable management job you did, although one lesson I’ve learned is this: unless you’re doing structured cabling that should NEVER change, consider using Velcro rather than zip ties. If you have one single cable go bad and need to extract it from the bundle, you’ll be hating life...
Thanks, Rob! Here you go www.amazon.co.uk/pieces-deleyCON-patch-gigabit-network-Grey/dp/B079G18846/ref=sr_1_1?dchild=1&keywords=delayCON%2BCAT6&qid=1594665183&sr=8-1&th=1
Thank you so much. Very informative and lots of new stuff learned. Like you I am trawling UA-cam for info on the dream machine pro before mine arrives next week.and so far your 3 video series is far & away the most informative. Well done & I'm looking forward to more of your videos in the future on Ubiquity products.
Hi Wolf. In order to take advantage of such cables, the entire network infrastructure needs to be shielded. If you use shielded patch cables on standard networking infrastructure, they work, but there is no benefit and it's actually a bit of a hindrance as the cables themselves are noticeably stiffer most of the time. A shielded network uses STP cable, versus the much more widely used UTP. Shielded keystone jacks, a shielded patch panel and shielded sockets are also required throughout the network. While it's not much more difficult to install a shielded network, it is more time consuming, a little fiddlier and more expensive. For the majority of people, an unshielded network infrastructure using standard UTP cable is sufficient. STP is important for specific use case scenarios, such as installations where electro magnetic interference is a concern, or infrastructure that is primarily supporting a 10G network, as 10GE is much more susceptible to EMI.
@@ItsMyNaturalColour Makes total sense! And yeah, for my overkill prosumer network I personally use SFTP cables, and an extra earthing block for the incoming line as thunder hit before and welded the devices together as it were haha. Cheers for the response man, and keep it up! Long time follower here since the G4 adventures
Yes, as I said in the video it's a less than ideal mounting situation, but at the moment that's where I ran cable so until I can re-run cable, it'll be on the wall. Maybe when I redecorate I'll move it to the ceiling.
I just have one question: why do you need firewall rules for preventing traffic between VLANs? I think their purpose is to separate traffic (at data level/Layer 2... so you will need to route traffic you want to go across VLANs).
Hi Cosmin Thanks for your comment. To create my VLANs, I used the 'Corporate Network' option. By default without firewall modification, corporate networks can happily chat to other corporate networks in UniFi.
Great video... You reminded me of "Whitey" from Me, Myself & Irene with Jim Carey. But great video and you would make a great living teaching people how to choose what equipment they need for what they want and teaching them how to install and manage that equipment. Great Video, cheers.
I love watching your series and I think this is one of my favourite. Please keep them coming in. I work for Openreach as an engineer and have 300/50 speeds. FTTP. I just have the hub 6 but would love to utilise the speeds and upgrade to Ubiquiti. And videos like this will definitely help me configure it all if and when I ever bite the bullet and get it. Your videos over the last couple years I have been watching has helped me even on certain jobs I have been on.
John, awesome comment! Thanks so much, I'm really glad the videos have been helpful. Ubiquiti kit will be a gorgeous upgrade, those speeds deserve this lovely kit. Let me know if / when you go for it. Have a great day!
I’ve just placed an order for a UniFi managed switch and Dream Machine based on your series. Congratulations on a superb educational video series.
Scott, that's absolutely fantastic news. So glad this series has been useful. Enjoy your wonderful new equipment!
Same here, this video has inspired me to throw away basic mesh and take this route. Thank you so much
On the Apple TV issue, set an Established and Related rule as an accept between all Networks. Then a block from source IOT and destination MAIN. this will allow Main devices to talk to IOT. They can respond due to the established and related rule but can’t initiate a conversation
This is great advice. I was going to say the same thing, but I see it has been covered. Far more robust network design and easy to do. That said, great video.
This video is absolute gold 🥇 thank you so much!
This has to of been my favourite series’ on YT for a while. I’m a UniFi nerd myself & host many UniFi environments. When you did your original network series, I had high hopes you would upgrade to UniFi gear secretly 😂
Thanks so much!! :D
I would keep a downloaded settings backup that is saved off the UDM after you have all your settings set. That way if you for whatever reason need to restore those settings on other hardware you will have a separate backup.
This... I had mine set up with a good baseline. A driver hit the electric pole near the home and the UDM Pro went into rescue mode. Had to reinstall firmware locally. Thankfully I had a PC with a lan port!
I'm very impressed by this series. I worked for a small computer company (IBM) for 40 years and spent a lot of energy investigating different vendors and their wares for my new home. I have a home - 2 stories - where the basement is poured concrete and below ground window wells. I have 2 AP-HDs (one on each floor) serving the IoTs, wireless phones, smart TVs, etc. The list is growing (18+) - it amazes me who many devices needing internet access we have. I can not wire to outside walls in the basement - hence the need for strong wireless.
I wanted a vendor who "had the goods" - both hardware and management software - who was innovative and a vendor in the top 5. I DID NOT WANT to spend extra money on licensing (for a home system - come on!).
I also did NOT want my wife to keep telling me "The network is down again!".
We live in the U.S.A in Aurora, CO where there are rare power outages (very little thunder). However, in Durham, NC (where we lived for 23 years ), there were many thunderstorms and momentary outages - enough to reset and IPL the modem. I have a small APC battery backup unit to handle any power burps.
I have a small request - please provide your spreadsheet so it can be used by others. It would save the time to reproduce and is a great tool. (I know - we used many spreadsheets use in defining customer configurations).
Any configuration should be documented - just in case!
I'm looking forward to seeing more in the series!
Dave Clifford
Hi Dave. Thanks so much for taking the time to share your story in this comment, very interesting!
I've emailed 4 copies of my spreadsheet off to those who have asked for it, but I will look at making it available for download and will add a link to the description.
@@ItsMyNaturalColour Thanks for the response pleas send me the file as well Dave
@@clifforddcj Hi David, I've added the link to the description.
As someone who works with UniFi daily as it's our goto WiFi solution at work it was interesting to watch someone go from the ground up, albeit with the top end kit that I haven't had a chance to play with yet. My only qualm with your work is "CABLE TIES" arggggghhhhhhh. These are just the most hated things in any network cab or cable installation. If you get a dud cable then you'll have to cut every single one of those ties to pull out and replace the cable. Granted it's not a regular occurrence but velcro straps ftw every time. That said these have been a great set of videos, welcome to the UniFi World.
Thanks Jason, really glad you found it interesting and have enjoyed the videos :)
Haha cable ties!! ;) I know I know... it's crazy, when I do projects on UA-cam, I always get at least someone commenting on my use of cable ties. I have to say though and this is the absolute truth, I'll take traditional cable ties over velcro any day of the week. Velcro has it's uses and I have used it a lot for various things, but give me a cable tie for the majority of situation any day. I find it takes equally as long to faff with a velcro tie to replace a dead cable, than it does to snip a cable tie and re-do it. Velcro ties are better for the planet though, so that's definitely something. They can be used over, and over and over again :D
I built my own rack after watching this series, setting it up with a dream machine, a 24PoE switch and 4 AP-Lite. Cable for the rest. It's simply awesome. Thank you for your videos. It's all working fine!
Great tutorial! Really helped me set up my dream machine!!!
35:20 I believe another way instead of the "match set new" option you selected is to create an allow rule for established and related connections from your IoT network to your main network. This should allow your phone to control your IoT devices (like philips hue) even if said phone is on a dfferent VLAN behind a firewall.
if you mounted it on the ceiling it would improve the bedroom coverage, this is down to the antenna configuration and the dispertion of the signal.
Thanks for the guide, worked pretty much for my setup as well. I was struggling with the gateway rules.
This is fantastic!
It’s killing me that SFP port 2 on the Dream Machine is plugged into SFP port 1 on the Switch. It’s industry standard to plug 1 to 1 , 2 to 2, if possible.
Usually we do firewalls the other way around. Block everything, and then create 'allow'-rules. Then you would not need to create those groups containing "everything except network". It's also more secure by default.
Oh and I also have to say Tom I really really love the style you’ve used for this video series, the music, the shots, the filters, brilliant mate, well done!
Thanks so much!
May be have the AP on the ceiling would give your more juice in the bedrooms
I think so too. I decided to plop it on the wall as that's where the cabling was.
You can try a L shape bracket:
community.ui.com/questions/I-made-a-wall-mount-for-my-UniFi-UAP-AC-PRO/5cc7677c-f4e4-4e5f-a597-5fd9ef111b64
Reuse the holes on the wall
@@creature777a Thanks for the link, very interesting!
Doing that might make the upstairs get the slower speeds
It's my first day with the UDMP and you are my MENTOR on this new experience.
We want more videos for the UDMP and it's capabilities!
The B roll at the end was a nice finish touch !!!
Great three-part series, got me up and running in no time. UMBPro, USE Pro-24-POE, US-8-60W, NanoHD.
I've run into an issue with my three SSID’s when I assign and turn on VLAN 10, 20, 40; I get a no internet connection error on each, turn them off they work.
I have had Unifi as my home network with 3 x 24 port switches and 6 AP's for nearly 2 years and struggled to do the VLAN/firewall settings for exactly your scenario with IoT's etc. My main issue was the sky q app not accessible via my phone or kids' iPads with sky q in its own VLAN, so ending up sticking everything on the same network. So thank you so much for making this video, I cant wait to start work on the settings.
Glad you took my advice on not using the UDMP Switch. Enjoy the videos and seeing how others enjoy their Ubiquiti System.
Best ubiquiti hardware/software video I’ve seen!
Wow, thanks!
Few suggestions. First rule of firewall is to drop everything you don't know. So it a good practice to define the rule to drop all traffic and put it as the last rule. Then you open only the traffic that is really needed. This way you have full control over your Network and maximum security. I'd also consider separaring servers to a other vlan to minimize the risk that any malware you may get on the end users machines do not easily transfer to your servers. Also consider IOT Vlan as guest as well with client isolation. Your philips Hue does not need to be aware of your harmony hub or other smart plug or bulb you may have (and if they do you can open specific ports to specific devices). Also If Apple tv needs full connection to the main vlan maybe it does not really belong to IOT Network and should be moved to main?
Thanks so much for the tips! I'll definitely get this all sorted and mention these things in an upcoming video. I appreciate it!
Thank you for going through all the UniFi settings you used and explaining them. You are the first one who I have seen that can describe in great detail the firewall rules and how they are set up across the UniFi VLANs. You’ve helped me out tremendously! Enjoy your new setup!!
So glad to hear it! Thanks for the comment :)
When you got to add a new iOT device and are setting it up for the 1st time. Say for example like a Wemo smart plug and you want to add that smart plug to Homekit. Have you run into trouble with your firewall rules? I found I had to turn off firewall rules to do initial setup/ add device to homekit, but then I could turn firewall rule back on and have things work as intended.
Hey Brett.
I haven't had enough opportunity to experiment with setting up new devices under this config yet. I've had it up and running like this for 4 or 5 days, so I've only tested the functionality of the devices I already had set up. I'll be talking a lot more about this sort of thing in future videos, so I'll be sharing all my findings.
This is the most helpful ubiquity video ever! Most of them are network guys flying though menus and going 100 mph thank you for taking time and showing menus and step by step for those of us learning this is amazing!
It has been great watching this and the old network series, especially the iterative process of small improvements and all the challenges along the way.A small hint: Firewall rules are usually made the other way around. Best practice is "default drop all" then make exceptions for what should be allowed. Then you don't need those groups.
Hey! Can you explain this a bit more? I'm struggling with this and the way he does it on the video is a bit messy for my liking.
Thank you so much for the explanation!
nice view of your configuration and explanations as to why you have done it that way. Firewall rules can be tricky but once you get your head around it, it is simple. great series Tom
Great video just at the end you have your cables comming out of the brush plate and over the switch to the UDM what happens if you need to take the switch out ? your stuck with cables blocking you should add one more brush plate between the UDM and the Switch
You went with all white cables ? No color code ?
Thanks Funny Noodle!
Couple of answers. No colour coding no - it's a 1 to 1 patch system, so will remain patched in this state permanently.
As for the blocking of the switch, you're absolutely right. Main reason I didn't add another brush plate was I really didn't want to absorb another 1U of space. I have some more equipment to add to the rack and space is becoming an issue. Also, I can see myself at some point upgrading to a 24-port UniFi switch, so that upgrade will be very smooth and easy with the currently layout. I'll simply move the block of 8 cables down from the UDM, to the final ports on the new switch. It'll stay just as clean and means I can swap switches without pulling the rack out and removing the back cover.
ItsMyNaturalColour could you have had a 24 port originally? When Ubiquiti sponsor a video series like this, do they give you a budget of say £1000 for example, and you choose to get the most suitable items for you within that budget?
@@jasonlee3247 I requested the gear I received specifically as I'd already outlined my project goals, and they also gave me a G3 Flex camera on top which is the only item I did not request.
Originally I requested the 16 port switch as I wasn't aware of the UDM Pro 8-port switch backplane limitation of 1Gbps. This isn't a huge deal as my number of devices hasn't exceeded 16, but I'm hoping to add more cameras and I have more network expansion on the way, so I can see myself eventually growing out of the 16 port version. It's perfect for now, though.
Usually don’t comment but your style and explanation is excellent. I am getting addicted to your channel 😄. I encourage you to take up more complicated tasks like this. Your explanation on firewall is the best I have come across. It was a piece of cake to set up my Udm-pro.
Thank you so much for this comment, really glad you're enjoying the channel :) !
Holy Smokes - Ubiquity has surely made their money many times over by giving you the free gear! Like you. I'm venturing into this area as a rookie, upgrading my church's internet. Your videos answered the questions I had about their hardware and software. I finalized my order today. Your presentation style is easy on the ears. I'll be referencing Part 3 a lot to get the configuration part locked in.
Matt, thanks so much for this comment. Really glad you found these videos useful! Good luck with your install and absolutely thrilled to hear I've helped :)
You have a way better and neater setup than my server rack at work that is currently a rat's nest with old unmatched hardware and no real cooling to speak of. Looks awesome
I would speed test with 2.4ghz and 5ghz, I created a different wifi for each.
Also since you have only one ap you should turn the antenna power to max instead of auto.
Also I would run a channel saturation "rf scan" to see what channel you should be on for 2.4 and 5, The ap can do this or you can use a phone with an ap like "wifi analyzer" that might improve your rooms 1 and 2 bandwidth. In my worst room I get 60 on 2.4ghz but I get 110(max) on 5ghz
Hi Dominic, yes agreed. I'll be delving further into these settings in a dedicated video a little further down the road. Thanks for the comment.
Great JOB! I just purchased the UDM PRO and the 24 port PRO switch and havent set it up yet. I'm waiting for my rack and ups. I'm currently using the Asus AX6000 in a AI mesh set up with 2 of them. I was always getting shutdowns and found they were getting hot due to the amount of stuff I have pugged into them. So here I am watching your great video on how to set it all up. Thank you for your awesome efforts on going through setting up this awesome network.
Absolutely fantastic to hear you've bought those toys! That is going to be one giant upgrade.... wow! You'll absolutely love it. Keep your eye out for more UniFi coverage on my channel. I wasn't able to get everything squeezed into these 3 parts so I'll have some other bits coming up. Thanks for watching!
@@ItsMyNaturalColour Thanks for the quick reply. I'll be looking forward to seeing your future videos. You explained everything perfectly. I've tried watching other UA-camrs upgrade to the UDM pro and they don't really go into detail like you did. Like I said. Great job.
Perfect Tom, pretty much the same as I’ve done but you’ve made more advanced firewall rules as you have more VLANS and your using the Ethernet ports.
Fantastic video Tom, this series has definitely given me inspiration for when I'm ready to upgrade my home network! More Unifi videos would be great!
OMG Tom looks amazing! You have put SO much effort into really sorting the next work out. And it shows! Visually looks amazing!! Love the outtakes, can we have more?
Thank you Chris!! So glad you like it!
I'll see what I can do outtake wise :D
The best demo of Ubiquiti Unifi I have seen I will be ordering a Dream Machine thanks
For the "Bug" you mentioned in your video, what worked for me was to go to "Insights" (just below Clients on the left panel) once there make sure you have "All" selected and not just the "Last 24 Hours" at the top. You should see a list of all the devices and their associated IP addresses. Sort by the Fixed IP Column, and then look for the errant IP address that keeps showing up. Click on it and then on the far right click on "Forget". For some reason, Unifi is stubborn with remembering all this information and not updating the tables. I also use the DHCP reserve (Use Fixed IP Address in the settings of the device panel) instead of hard coding IP's on my network devices. Hope this helps.
Hey Fred, thanks for the tip I'll give this a go!
Yes, I should've mentioned DHCP reserve. I'll be sure to bring it up in my next UniFi video further down the line.
This looks so good now! Definitely pushed me more towards buying Ubiquiti gear for my place when I move out.
Go for it, Harry! I'm on ultra geek mode here at the moment playing with this stuff. I can't recommend it enough. I should've done this years ago.
Oh trust me, I’m going too once I move out. I’m running basic TP Link switches and AP’s at the moment, don’t need anything too fancy here, but will want it when I leave
You should get better WiFi if you move the AP upstairs WiFi finds it easier too travel down than it does up mount it on your ceiling upstairs centrally
My AP location definitely isn't ideal. I'm very pleased with the signal considering!
@@ItsMyNaturalColour unify does a great job im happy with mine too im running the AC Pro
For that IP bug on the controller, you might need to check your /etc/hosts file on the USG and clean it up. You can SSH into it, and do 'vi /etc/hosts' .
Clean up the old entries; then once you've saved it you can reload dnsmasq (sudo /etc/init.d/dnsmasq force-reload ).
Thank you. That was driving me bonkers!
Also wondering if it would be more secure on the uplink port for the switches, instead of 'All' port profile, you have the (combined) profiles of the VLANs being used?
For example, LAN (Native) + IoT (Tagged) on uplink if the switch is only going to have IoT devices connected to it.
@@si-fi hey, not really because you set your port profiles on the access ports... you'd just be complicating the configuration for no appreciable security gain
PC building is utter child's play compared to this. I love it. Thank you for your efforts. I'm building my own home network and this really helped me in the perspective I need for its management.
Brilliant series of videos. Enjoyed all 3 parts immensely but I'm now broke because of you and these videos. Well done.
I would suggest downloading your backup image periodically. Especially if you have made changes. I assume with the udm pro it stores the backup internally. Not worth much if there's a failure.
Definitely !
How is the reliability of the Dream Machine and can you make a video of equipment reliability?
Thanks for allowing me to enjoy your journey. I see you published a equipment list. Would it be possible for you to include a list of the accessories used? I’m intrigued by your cables and others items used during your upgrade. I’m in the process of acquiring equipment for an upgrade.
I builded my home network based on this video (you can see another comment of me below), but for almost a year, I had connectivity issues with wifi devices. I even send an email to Tom about my problem asking for help. I love Tom's videos, I just want to let you know that this setup of firewall rules is NOT RIGHT and is NOT WORKING RIGHT. I know Tom did his best to figure out everything about UDM Pro, but recently I saw 2 videos from 2 different channels and I reset my UDM Pro, I followed their videos and since then everything works perfect.
Tom, you should make another video for UDM Pro. We still love you!
Might work better put on the ceiling rather than on the wall. I have the same access point and took awhile to work out the best way to position them
Deffo. I will be able to move it when I redecorate.
As I've just had to massively downsize my Networking/server setup and get rid of my rack, I can say that your rack looks so much better than mine ever did - absolutely loving the white/silver aesthetic you have going through the whole thing (and did I see a teaser for a new server in your switch plan? Is that what's going in the 2U space you've left there?) Either way, looking awesome Tom, thanks for making awesome videos. From one side of the Bristol Channel to the other, Thanks for doing what you do :)
Hey Joshua. Thanks so much for your awesome comment!
You're the first person that appears to have caught on to the hint of a new server on the way, nice one! I'll have the video up in the next couple of weeks or so. Very excited to add even more to the rack.
Thanks again, so glad you enjoyed the video and like the rack :)
I really like it too. Currently building my own Unifi kitted rack all silver/grey. Where did you get the cable passthrough and blank covers in silver for your rack?
NVM I found it in another comment :)
Really enjoyed your 3 part series. Having been in IT for 30 years I truly appreciate your attention to detail on the rack. I am curious who makes that cabinet? looks heavy duty and quite appealing.
I put the same question out as well. He hasn’t responded. I’m trying to source it as well. If any knows please fill us in. Thanks
This has been a tremendous helping hand, and a very detailed ‘guide.’ If you didn’t just happen to read my mind, as I was planning to upgrade my home WiFi as well as get my own little network for Virtualization and media servers, and then did this 3 part series, I wouldn’t have thought to have gone with Ubiquiti! And that AR function at the very end was mind blowing! SO COOL!
On another note, have you thought about doing some sort of online teaching for all things tech. I believe your method of communicating and laying out information is a great way for students, like myself, to learn. (Good bit of entertainment too!).
Keep up the fabulous work!
Thanks so much for your extremely kind comment! It means a great deal. I'm really pleased that the videos have been helpful.
I've never thought about teaching, but comments like this are definitely giving me the inspiration to possibly make a few more tutorial style videos on the channel, if people are finding them useful. I'm learning too, so I'm finding it really fun going through it with you guys and getting the feedback along the way.
Thanks once again :D
Best video yet Tom, loved the few outtakes at the end LOL.
Haha cheers Byron! :D
Hey tom, you should enable multicast enhancement on the wifi networks and also adjust the channel on the ap and the transmit power. Great video btw!
Hey John, definitely. I have another UniFi video planned where I delve deeper into the AP itself and the associated settings. I'll hopefully get that done quite soon.
@@ItsMyNaturalColour For this one, if you enable the Wi-Fi AI option it will take care of that automatically. It also adjusts to changes in the environment (such as a 2nd AP, or interference from new equipment or outside sources)
Where were you able to find the non black brush panels and blanks? I would LOVE to get some myself but can’t seem to google-fu them! Oh and does the gray match the Unifi gear?
Hi Philip
The brush panels are "712477 Intellinet 19IN CABLE ENTRY PANEL" - I bought my 2 from an eBay seller but they're available from a few different sites if you Google that product. The colour is not the same. The UniFi gear has that shiny-ish aluminium look, where as these panels are painted steel, specifically RAL 7035. I'm not aware of any off the shelf panels that have the aluminium look, but you can remove the brushes from these, so you could if you wanted spray them with aluminium spray, which you can pick up online / at a hardware shop / auto repair shop. This has been done by other UniFi enthusiasts who want even colour rack equipment. For me, these panels are a great fit as my cabinet is finished in RAL 7035, so it looks really nice.
Tom I’m very Proud of you because your channel has come a long time and I want to say keep up the good work and like the setup always enjoy the videos
Thanks so much Jonathan :)
This was a fantastic series of videos. I recently bought a Dream Machine Pro and had ideas of what I wanted to do with it. Your video will save me a lot of time and gave me a few ideas as well. It also gave me motivation to clean up my cables on my rack - I thought your final job looked very nice. I have subscribed to your channel and plan on watching more - thank you!
Please check the Antenna Radiation Patterns of the nanoHD. It mostly focus on the front of the AP.
Really good! Consider putting a group around your Apple TV so that if you get more devices to which the same rule would apply, you won't have to build a new rule.
Delicious setup, it looks amazing, very similar to what I'm setting up now (with the exception of I'm going for the 24 port Gen2 switch, and the Ubiquiti RPS too). One question if I may ask, where did you source your brush panels from, and how does the panel colour compare with Unifi stuff? I don't think my OCD will allow me to sleep unless they're the same colour! Once again, supreme job, great content and looking forward to see more!
Thanks, Steve! Really glad you enjoyed the video.
The brush panels are "712477 Intellinet 19IN CABLE ENTRY PANEL" - I bought my 2 from an eBay seller but they're available from a few different sites if you Google that product. The colour is not the same. The UniFi gear has that shiny-ish aluminium look, where as these panels are painted steel, specifically RAL 7035. I'm not aware of any off the shelf panels that have the aluminium look, but you can remove the brushes from these, so you could if you wanted spray them with aluminium spray, which you can pick up online / at a hardware shop / auto repair shop. This has been done by other UniFi enthusiasts who want even colour rack equipment. For me, these panels are a great fit as my cabinet is finished in RAL 7035, so it looks really nice.
The patch cables are deleyCON CAT6 white. They're available on Amazon as packs of 10, multiple different lengths available. I purchased 20x 2m and 10x 1m for this project, used 24 for patching the front end and 6 for patching the rack gear itself. www.amazon.co.uk/gp/product/B079G3V5Y5/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&th=1
I swear this guy made great videos how to make everything done very well by easy way and no like other guys here just make everything very hard to understand. . GOOD JOB im big fan
Maybe i am thinking wrong, but you should have just put the AP so it covered the lower holes.
That way you won't see the holes above unless you stand on a chair and looking down.
I have been looking at doing a home network with Ubiquiti gear so I'm looking forward to seeing more great videos on your new network.
The Flex HD AP might be a better fit for that wall spot compared to the nano HD. It’s more of a time capsule set up
The Nano HD should be hung horizontally indeed.
I really enjoyed this series and can’t wait to see more. I’m about to subscribe because your videos are very interesting. Thank you Tom!
Fantastic series. You should be really proud of yourself. Also that kit is lovely. Thanks. 👍
Thank you so much, Marc! :)
The only flaw I see with this plan is that if you need to access the bottom switch for any reason or have to take it out of the rack. Say it dies and you have to RMA it. Hypothetical. You would have to unplug everything from the UDM to get to it. Not to mention you just made it harder to access the ports beneath those cables. Fiber ninja has a video about this, just don’t remember which one it was. The UDM should be using direct patches with really short jumpers from above. But it your okay with what I just said, then it’s ok. Looks good mate. Glad to see your happy with the result.
You're absolutely right, and I was aware when doing it that Fiberninja would not be happy with me. I can see myself at some point upgrading to a 24-port UniFi switch, so that upgrade will be very smooth and easy with the current layout. I'll simply move the block of 8 cables down from the UDM, to the final ports on the new switch. It'll stay just as clean and means I can swap switches without pulling the rack out and removing the back cover. Even before installing the 16 port, I could foresee my need for a 24 port.
ItsMyNaturalColour I wish I had the money to upgrade my switches to Unifi. Just don’t have $2000 to blow on the kind of gear I would need. I’m using retired Cisco switches from my local university that I paid $15 each for. A 48-port in my server rack and a POE 24 port in the garage where my patch panel is located. It does the job, just a pain to manage. Ubiquity dumbs down the VLAN process so that the average consumer can understand it. I had to configure my VLANs and LAGs via command line. Not fun, but if you understand what going on and understand the difference between trunk and access, it’s pretty simple.
Another Great video. Very informative. Is there any chance you would share that spreadsheet? Thanks for everything.
Hi Daniel, glad the video is useful!
My spreadsheet is nothing fancy, just a layout of my network, but if you'd like a copy send me an email itsmynaturalcolour@gmail.com and I'll fire you over to you.
The best Unifi Dream Machine Pro videos on the Internet.
You influenced me with your way in my decision for the Unifi DM Pro and other Unifi components (G3 Flex, 24 PoE gen 2, AC APs)
Keep it up. I like your style!! A nerdy user from Germany :D
Wow, thanks! So glad you found the video useful, and congratulations on your lovely new kit!
I see you have the same esthetics problem as I have ....the lack of a silver matching patch panel.
glad im not the only one that uses the vlan id in the subnet address.
Great little series. Which network do you put your phones and iPads on? IOT?
Thanks for the link to the spreadsheets and the two formats.
why do you need this for a house ??
Another great video Tom, well done. Glad to see you got it all put together nicely and great job on the wiring too! Looking forward to your next video.
Thanks so much, Ashley!
Wow, excellent Series. I was glued to my screen for all 3 videos and I have subscribed. Any way you can share your Excel File? I know, I am lazy.
Thanks, Dave! I've just popped a Dropbox link in the video description. Hope it helps.
@@ItsMyNaturalColour Excellent. Much appreciated. Looking forward to your new videos.
WOW. Your a great teacher. I'm just learning. Hope you have some updates on the set-up!
Love your video series on the UniFi upgrade! I'm about a week behind you so just got my gear, still waiting for the USW24POE to arrive, learning a lot from you! To that end I'm curious about where you got information on the UDMP combined switch through capacity of only 1Gbit (until the switch arrives I'm using the switch on the UDM) I can't find that information anywhere... I also wonder where all patch cables to all ports in the UDM goes in your rack since you said in the video you're gonna use the main switch instead of the built in switch ports of the UDM due to the above said limitation? Oh, and could you link to the rack mounting gear? Eg what length are the patch cables you've used? what are the brush plates called etc :-)?
Really glad you enjoyed the video and awesome to hear you've got some UniFi kit on the way! Yes I can help with all this info.
Unlike the UniFi switches, the switching capacity of the UDM Pro as well as other switch specific specs aren't outlined in the product data sheet, however if you do a bit of Googling, you'll come across the info that the current retail model ships with a 1Gbps backplane, where as the early access model had a 2.5Gbps backplane. See this link: ubntwiki.com/products/unifi/unifi_dream_machine_pro - there's also some useful information about the subject here: www.reddit.com/r/Ubiquiti/comments/eyqmud/udm_pro_8_port_switch_with_only_1gbps_backplane/
The 8 ports on the UDM Pro are patched to ports 17-24 on my patch panel. My switch is 1 to 1 patched 1 through 16. I currently don't have any devices in 17-24, so the UDM Pro switch ports aren't technically connected to any devices in my network currently. If you look at my network spreadsheet, you'll see my usage begins to creep into that range, but that's cabling that I haven't yet run. Switching capacity won't be a concern for machines I have connected to those ports as they'll be used once in a blue moon. All of my high throughput devices and devices used daily are / will be connected to the main switch, to make use of the much higher throughput of the dedicated switch.
Patch cable length; I purchased 10x 1m and 10x 2m. I used 24 for the front patching, and 6 for the back end of my rack connecting the various machines within the rack itself. These are the cables: www.amazon.co.uk/gp/product/B079G3V5Y5/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1
The brush panels are "712477 Intellinet 19IN CABLE ENTRY PANEL" - I bought my 2 from an eBay seller but they're available from a few different sites if you Google that product.
I hope this was useful info, if I can help with anything else please let me know.
ItsMyNaturalColour BigFam is my alter ego.. Thanks so much for taking the time to respond. Very relevant and to the point information. Highly highly appreciated!
Thanks so much again! 🙌🏻🙌🏻🙌🏻
Ohh and of course subscribing from both accounts😊
@@carlnakamura4861 You're very welcome. Thank you for the subscriptions, I really appreciate it! :D
I like the colour of the brush panels where did you get them from?
Love the series! If you put the second horse hair passthrough between the UDM and switch, you could get a little more airflow for both and not have to cross the cables over each other. Just my 2 cents.
You're absolutely right. I was torn deciding between the approach you mention, and the approach you see in the video. I also had to keep in mind my positioning of Skaro. The 2 UniFi devices run relatively cool, but Skaro gets hot, and as you can see it's directly below the lower brush panel. There's a new machine coming to fill the blank space below Skaro too, so ultimately I ended up going for this layout.
Nice setup. The IOT ssid can be a hidden network. CCTV should only have access to NVR nothing else. When making fw rules you can selected the sources/destination as a vlan no need for your groups. Also make a rule that drops all local ip address so if none of the rules apply it will drop. You also shouldn't be opening all vlans to other networks it should be specific ips and specific ports eg harmony hub 5222 and only open them. Only the IOT and guest networks need to be 24s you could get away with 26s or maybe smaller ranges.
Hi Paul
Big thanks for your tips and help. I plan to clean it up in the future by only opening the required ports, it's just a bit of a mammoth task to undertake right away. I'll plod away at it slowly and tighten things up.
Regarding the groups, I did this to make the rule creation process quicker. By setting up the groups, they'll always be there to use.
Or you could just use /24 and keep it simple.
Enjoying the videos! I'm curious why you prefer to not put the Apple TV on the main network instead of IoT and punching a hole. I'm setting up mine this weekend and am trying to learn as much as I can. Thanks!
Hello just wanted to say I really enjoyed your video (sent over from techno Tim)and very thorough exclamations even though older still pertains to general unifi theory. Perhaps you’ll make an updated video? Also, tried to download your document from Dropbox to follow along with my set up and your link is broken from dropbox. Could you please update!
Going by your closing comments, you may well answer this one on a later video, but I'll ask it now anyway.
How do the cameras talk to the UDM, for Protect, if they're on seperate VLANS? I want to do similar, and I have a dedicated 8-port Unifi POE switch, to power and connect my cameras, when I get them.
Hey Steve.
The cameras will keep communication with the UDM just fine. When I created the camera VLAN, in this order I:
1. Gave the camera it's new IP address via DHCP Reserve (settings tab of the camera itself under UniFi controller device list)
2. Changed the switch port profile of the port connected to the camera to port group VLAN40 (cameras)
3. Power cycled the port
When the camera fired back up, it was sitting happily on it's new VLAN with it's new IP address. I went into UniFi protect and it was detected instantly and began recording right away. I'm not sure if this is the official correct way to do it, but that's what I did and it worked just fine. Hope this helps.
@@ItsMyNaturalColour Cheers, I think it's about time to get, at least, my first camera, to experiment with, even though I'm nowhere near to being ready to install them. Great series of videos by the way.
@@stevesmith9081 I have more UniFi Protect coverage coming up, so keep an eye out as it may be helpful if you're looking at getting cameras.
Thanks for comments, really glad you're enjoying.
@@ItsMyNaturalColour I'll look out for it, just subbed, so I shouldn't miss any more updates. Just ordered a G3 bullet cam.
Hey Tom you nailed it on this video! Your best video to date👍
I noticed the same. You cant absolutely set a static IP from the router. It only works when it wants. I renew the lease from the client and the client IP is still different to the one i set statically on the router. Its annoying because i want to set the static ip on the router and have a guaranteed assignment.
This series and other series you’ve done are great! Can’t wait for the UniFi videos, hope they are soon. Just got my Ubiquiti kit today
Nicely done! I agree with a couple of the other commentators... you might want to consider tweaking those firewall rules a bit. What you have is workable, clearly, but there are some best practices to consider in terms of “drop all”.
I like the cable management job you did, although one lesson I’ve learned is this: unless you’re doing structured cabling that should NEVER change, consider using Velcro rather than zip ties. If you have one single cable go bad and need to extract it from the bundle, you’ll be hating life...
Hey there, I was just wondering where you got the 1U silver brush wire organizers?
What patch cables did you use? The blue connectors against the white cables and silver Unifi gear looks great.
Thanks, Rob!
Here you go www.amazon.co.uk/pieces-deleyCON-patch-gigabit-network-Grey/dp/B079G18846/ref=sr_1_1?dchild=1&keywords=delayCON%2BCAT6&qid=1594665183&sr=8-1&th=1
really clear explanation thanks for showing how you set all this up
Thank you so much. Very informative and lots of new stuff learned. Like you I am trawling UA-cam for info on the dream machine pro before mine arrives next week.and so far your 3 video series is far & away the most informative. Well done & I'm looking forward to more of your videos in the future on Ubiquity products.
Why didn't you go for cables with a grounded connector? Thought that would be better when running PoE devices?
Hi Wolf.
In order to take advantage of such cables, the entire network infrastructure needs to be shielded. If you use shielded patch cables on standard networking infrastructure, they work, but there is no benefit and it's actually a bit of a hindrance as the cables themselves are noticeably stiffer most of the time.
A shielded network uses STP cable, versus the much more widely used UTP. Shielded keystone jacks, a shielded patch panel and shielded sockets are also required throughout the network. While it's not much more difficult to install a shielded network, it is more time consuming, a little fiddlier and more expensive. For the majority of people, an unshielded network infrastructure using standard UTP cable is sufficient. STP is important for specific use case scenarios, such as installations where electro magnetic interference is a concern, or infrastructure that is primarily supporting a 10G network, as 10GE is much more susceptible to EMI.
@@ItsMyNaturalColour Makes total sense! And yeah, for my overkill prosumer network I personally use SFTP cables, and an extra earthing block for the incoming line as thunder hit before and welded the devices together as it were haha.
Cheers for the response man, and keep it up! Long time follower here since the G4 adventures
should mount the ap on the ceiling the wifi signal will go thats why you have poor speed in front rooms
Yes, as I said in the video it's a less than ideal mounting situation, but at the moment that's where I ran cable so until I can re-run cable, it'll be on the wall. Maybe when I redecorate I'll move it to the ceiling.
the network is defiantly a major upgrade from imnc hq mk1 loved seeing it grow into what it is now
If you're going to do speed tests, use iperf3 as your WAN isn't going to be a consistent speed.
I just have one question: why do you need firewall rules for preventing traffic between VLANs? I think their purpose is to separate traffic (at data level/Layer 2... so you will need to route traffic you want to go across VLANs).
Hi Cosmin
Thanks for your comment.
To create my VLANs, I used the 'Corporate Network' option. By default without firewall modification, corporate networks can happily chat to other corporate networks in UniFi.
Very nice setup just a question what UPS are you using?
Did you get the AR part of your Ubiquiti equipment working.
Great video... You reminded me of "Whitey" from Me, Myself & Irene with Jim Carey. But great video and you would make a great living teaching people how to choose what equipment they need for what they want and teaching them how to install and manage that equipment. Great Video, cheers.
I love watching your series and I think this is one of my favourite. Please keep them coming in. I work for Openreach as an engineer and have 300/50 speeds. FTTP. I just have the hub 6 but would love to utilise the speeds and upgrade to Ubiquiti. And videos like this will definitely help me configure it all if and when I ever bite the bullet and get it. Your videos over the last couple years I have been watching has helped me even on certain jobs I have been on.
John, awesome comment! Thanks so much, I'm really glad the videos have been helpful. Ubiquiti kit will be a gorgeous upgrade, those speeds deserve this lovely kit. Let me know if / when you go for it.
Have a great day!