Another thing you can do to further secure the ports on a switch, especially if you have kids that like to plug things in, is to set the unused ports to "disabled".
Great video! If you have a Cisco switch lying around, please make a video on what a configuration might look like, isolate IoT and cameras in the best/safest way.
Challenge I am having is if your phone or tablet is not on the same VLAN as the device, some apps like Sonos, apples HomeKit and a few other automation tools have issues.
I agree with you. There are definitely some challenges there. With Sonos specifically, I almost always put it on my main/default devices network - which is less secure but makes it work better. I haven’t worked with HomeKit much yet but am in the process of implementing that and home assistant in my home. So more to come on that.
I have a question, in your previous video you created VLANs and assigned IPs to them on UDM. Now, why there is a need to assign the IPs again to the switch port? Why we did not configure only access port or trunk port? If I have AP connected to port 1 of the switch and in AP, we have 3 different SSID and each are in different VLANs. I have created these 3 VLANs on UDM and assign DHCP per VLAN, so that each SSID will get relevant IP address. Are you creating native VLAN network for the management purpose? As native VLAN is untagged. Right? So, I have VLAN 20 for management purpose, that network traffic will be untagged?
It is all about the terminology. For this, you don't assign IPs to the switch ports... similar to WiFi SSID's, you assign VLANs to switchports which are tied IP Networks. The native VLAN is what IP you wan't the device to get assigned.. So, if you plug an AP into a trunk port with a native VLAN, the AP will get a management IP of that native VLAN, but still allow those other VLANS to talk on your SSID's Hopefully that makes sense.
Hi. I'm newish to this and if someone could help that would be very much appreciated. I recently bought an L2 managed switch (Netgear GS308Ev4). I have my IP cameras plugged in via one port on the switch. The internet connection is plugged in via another port. If the internet connection is to 'all' ports or to the same VLAN as the camera, then the cameras work fine. However, if I then plug a laptop into another port; if it's on a different VLAN from the camera or not, and I run a scan on the network, I can see all devices on my network, including the cameras, despite them being on a different VLAN. I am trying to stop someone unplugging a camera in my garden, plugging their laptop in and then seeing my network devices. Please help! Thanks.
What router are you using? VLANs and security like that require both a router that is capable of VLANs and a managed switch. If you are just using your ISP router, what you’re trying to do won’t work.
2nd ever Super Thanks given on UA-cam. The first one given was on your "new to Unifi VLANs" video. Several things clicked for me in both videos that never clicked or was explained on videos from other youtubers.
Ubiquiti’s L3 switches used to not be able to block inter-VLAN traffic that stays entirely on the switch even though the hardware had the capability. Have they fixed that?
I haven't used one of those. Unifi doesn't send me any free gear to do videos on so I would need to get my hands on one before I could do a video on it.... does that run on the same OS as their Edge Switch series?
Nice explanation. That was the proper amount of detail. 80%+ of UA-camrs blaze through or completely leave out context and important implementation details. It always seems to result in a somewhat useless video saying… “I did this thing, but I’m not going to show you how.”
I agree with you about the breezing over thing and will always try to be a bit more thorough in my videos... I get blasted for that though too and "talk too much" LOL. Thanks for your kind assessment!
Nice you make great video's. But why do you put your wifi channels on the same channel. That is never good, you have make shure that they don't interfere
Pro and Cons to that. I don't do that and like my APs to be on different channel to help combat interference. If you have them all on the same channel and there is interference on that channel, it affects your whole network. Many Mesh system struggle with this... To date, I haven't had this happen with my APs on different channels.
I just drawn up a diagram for a simple SOHO network with a VLAN for PoE cameras and for IoT devices before watching this video. I took it a step further and used subnetting just so I can have knowledge on subnetting for medium and enterprise networks.🔥
I really appreciate this video. You taught me a lot in a very easy way to understand. So many other videos go too fast or click too fast or are just too high level.
Thanks for another great video. Appreciate this series of videos where you describes VLAN 👍 If you could make one where you throw in a Synology NAS into the equation, that would be great.
@@ethernetblueprint I guess so that DiskStation Manager (DSM), Synology Drive and Synology Office can be reached from the outside safely. As well as from the inside from the default VLAN.
Great Videos Thank You Very Much. Ask: Would it be possible to create a 5min video just for a single vLan, each for: 1. Internal Cameras 1.a. vLan 1.b. Firewall Rule 1.c. IP Group 2. WiFi (Smart Device or PC) for Guests to only allow www 2.a. vLan 2.b. Firewall Rule 3.c. IP Group 3. WiFi (Smart Device or PC) to access internal cameras, www and LAN 3.a. vLan 3.b. Firewall Rule 3.c. IP Group Being able to view a short video solely on a single topic would be so awesome, so that convoluted or confused configurations moving back and forward prevent from growing knowledge. I would imagine that a single fundamental of only one product would allow some of us to see better and then view a second 5min video to progress. Anyways Thank You Again.
I will see what I can do. With all of those items being fairly interconnected, especially from a FW standpoint, I may be forced to still cross into each of the categories a bit... but I will still see what I can do...
@@ethernetblueprint (Sorry) This UA-cam is so awesome, it would be so much better if it was in small sections\parts (Part 1 blah (different 5min video), Part 2 (different 5min video, etc)). But it is missing the Firewall Rules.... Note: The reason I mention smaller videos is because it allows us to revisit that one and only video that will help us get to where we want faster, then attempting to find what we need at the moment we need it, sorry if this sounds selfish, it is just a thought :) Again, Sorry: ua-cam.com/video/yWlvuwq5AXE/v-deo.html
I just watched the video you linked. I do like how the content that was presented and, however, i wouldn't setup a home network (or small business for that matter) like that... you have to have FW rules. Just my opinion.. which are all over YT... LOL
I'm currently researching UniFi for my future house and your videos have been very helpful. One thing that is still unclear to me: In this video you mention that if you work with other brands, the switch has to be managed, which makes sense since you can't use the UniFi interface to do so. But if you work let's say with a UDM Pro and want to do the tagging of individual ports on a switch - does that switch need to be a layer 2 or a layer 3 switch? Or does the tagging work independently from that - meaning all Unified Switches are managed? What would be the advantages of a layer 2 vs layer 3 be? Thanks for the help!
Good question. I’ll break this into two parts to try and answer you. Let me know if you’re still confused. So most switches are layer 2. And routers are layer 3. So when you have a layer 3 switch, you are talking about adding routing and creating VLANs in the switch instead of the router. Forgetting layer 3 switching for a second, if you just have a standard layer 2 switch, you can have two different kinds. Managed and unmanaged. Unmanaged means that you can’t log into the switch and make configuration changes. It just takes a single cable plugged into it and whatever that network is, then all the ports on that switch will transmit that network. A managed switch on the other hand allows you to configure it, assign VLANs, name ports, define settings, etc…. All UniFi switches are managed and can be adopted. When I mentioned that in this video, I simply meant that you can use ANY brand managed switch and use it in your UniFi network. However for your VLANs to work, you would need to log into that switch individually and configure your VLANs to match what you setup on your UniFi router. It’s much easier to just use UniFi and have that single pane of glass but many users already have switches that they want to use with UniFi so I wanted to point out that it’s possible. Hope that helps. Let me know if you need more clarification.
Hey, thanks for this! One question - I can't seem to ping SOME of the devices from my default LAN to my other VLANS. I thought, in theory, I could ping all the devices FROM the default, but couldn't ping from the other VLANs TO the default. Am I missing something?
I am sorry for your troubles. In theory, you are correct. Communication is open from the default to the other VLANs and not visa-versa. The actual issue here may be difficult to answer in the comment section. I'd be happy to try and help offline if you like. Send me an email to tim@ethernetblueprint.com and we can dive in a little easier.
I know that wasn't part of that video, but that is how I have my network now. I like having a mgmt network for my network devices to communicate on... Thumbs up all the way!
On the Alta Labs switch you can't configure the camera port with native VLAN 3 and "Allowed VLAN 3" at the same time, because the camera attached to that port is VLAN unaware. It has to be on Native VLAN 3 only.
Native VLAN means any untagged traffic moving accross the link will be assigned to that subnet. The benefit of a native vlan happens when you are using the interface as a trunk port and either want to black holes untagged traffic or assign it to a specific subnet. That concept didnt make sense until I worked on the two technologies below. On Cisco devices you can utilize the native VLAN while using flex connect to allow normal trunking of secure tagged wireless traffic to traverse the local network while the AP is not communicating with the Controller (meaning no capwap is established and the AP is in local switching mode as compare to centalized switching) and use the native vlan to be the AP management VLAN so that the AP will automatically pull DHCP and establish a connection to the controller once connected to the network. On Arista Switches where you are using voice and data over the same interface they trunk the switchport and assign the native vlan to be the DATA vlan and assign a Phone vlan for the voice traffic. This allows the computers untagged traffic to become assigned to the data segmentation of the network taking the VLAN tagging responsibility away from the phone its self. The phone of course will tag its own traffic.
Thanks for that video. Helps a lot to understand. Q: What about the opposite way: In my home network scenario I do have a Draytek Vigor DSL Router (integrated modem) and this prevented me to buy a Ubiquiti router so far. I have a unifi network controller running on linux. The rest (or most of them) of my network devices are ubiquiti switches and access points. My question here about VLAN: when I start at the draytek router and its integrated 5 port switch, I create the VLANs at Draytek router plus I need to create in unifi network application plus add them to all the ubiquiti switch ports, right? That should work too?
I will see what I can do. I have a triple NAT situation currently that I may need to fix before I can do many VPN instructions. It’s on my list though. Thanks for watching.
Hi great video...thanks for taking the time to make them. How about if we add another switch to the mix? router > switch > switch > camera. How do you setup VLANs for the uplink and downlink ports for those 2 switches?
@@ethernetblueprint Thanks for the fast reply. Let me bother you a bit more with the issue I'm having. I know I'm doing something wrong as this is all new to me and kind of like learning about it on my spare time. The system is 100% Ubiquiti setup with a Unifi Next Gen Gateway Pro, USW Pro MAx 48 POE and a couple of USW Flex where cameras are all hook up....the VLAN is created and the cameras have static IP on this VLAN. Right now everything is set to trunk (allow all) and my PC on the main (native) VLAN has access to the cameras. So on the MAx 48 (main switch) I have the two ports that go to the USW Flex set to the VLAN Camera (Only Cameras are connected to the USW Flex), the ports on the FLEX I can't set them to the Camera VLAN as I loose connection, so ended up setting the ports the cameras are connected to the Native VLAN. I also left the USW FLex link port to the Max 48 on the Native VLAN. If I change any of these to the camera VLAN I lose connection from any PC on the Native....could you give me a hint on the mistake I'm making here? The idea being that a PC on the native VLAN can access the cameras but not the other way around. Thanks in advanced!
I may need a bit more information... It sounds like maybe there there is an issue with your FW rules. why don't you email me at tim@ethernetblueprint.com and we can try to figure out what is going on...
Great Video!!! I am at the point for my Camera VLAN (40) to allow only communicating within that VLAN. I now need to block all INTERNET access to that VLAN both Outgoing and Incoming as I installed the new UniFi Local VPN (WireGuard) feature which eliminates any need for direct Internet access to that VLAN. Next VLAN project... Expanding my VPN (70) VLAN. The current VLAN I use specifically for "MY" remote access to the home network. Well the kids are going on a Foreign country vacation and I gave them access to my commercial "Private Internet Access" account. But there are issues where some of the streaming sites (here in the US are known to block access from foreign countries, so I will be adding a VLAN (75) which will only provide access to the Internet but nothing in the local network. Inch by inch... Learning something new each day.
@@ethernetblueprintGreat! Do one for the iPhone and Windows environment. There are a couple different methods for installing them. Take it slow and step by step. Everyone will like that
Sorry if I missed it but did you show how you set up the camera VLAN that you implement in this video? Is it a separate vid? I'm looking for a VLAN tutorial for ethernet connected streamers like Roku and Bluesound. Your VLAN for wifi video rocked my world I'm a total noob and your process worked for me. Thank you so much.
Hey man. Thanks for the comment. The camera VLAN is setup exactly like the IOT network in my “Let’s make some VLANs” Video. Exactly the same. But there isn’t a video that shows how to set it up.
@@ethernetblueprint Great thank you. Your first VLAN video worked for me on Wifi devices (Hue lights work perfectly) but I can't seem to bugger how to get wired devices that have smartphone/tablet controllers like hifi audio streamers to work with the same rules/profiles.
OK - I got it. It was on the device introduction side and not on your VLAN implementation. I now have smart lights and an audio streamer on the VLAN from your tutorial. Thank you!
Another thing you can do to further secure the ports on a switch, especially if you have kids that like to plug things in, is to set the unused ports to "disabled".
Absolutely. In businesses, I highly recommend doing that. In a home, owners choice. Good call out though.
Great video!
If you have a Cisco switch lying around, please make a video on what a configuration might look like, isolate IoT and cameras in the best/safest way.
Great compliment to the first VLan video. Thanks.... yes I subscribed.
Awesome. I am so happy to hear that.
Challenge I am having is if your phone or tablet is not on the same VLAN as the device, some apps like Sonos, apples HomeKit and a few other automation tools have issues.
I agree with you. There are definitely some challenges there. With Sonos specifically, I almost always put it on my main/default devices network - which is less secure but makes it work better. I haven’t worked with HomeKit much yet but am in the process of implementing that and home assistant in my home. So more to come on that.
I have a question, in your previous video you created VLANs and assigned IPs to them on UDM. Now, why there is a need to assign the IPs again to the switch port? Why we did not configure only access port or trunk port? If I have AP connected to port 1 of the switch and in AP, we have 3 different SSID and each are in different VLANs. I have created these 3 VLANs on UDM and assign DHCP per VLAN, so that each SSID will get relevant IP address. Are you creating native VLAN network for the management purpose? As native VLAN is untagged. Right? So, I have VLAN 20 for management purpose, that network traffic will be untagged?
It is all about the terminology. For this, you don't assign IPs to the switch ports... similar to WiFi SSID's, you assign VLANs to switchports which are tied IP Networks. The native VLAN is what IP you wan't the device to get assigned.. So, if you plug an AP into a trunk port with a native VLAN, the AP will get a management IP of that native VLAN, but still allow those other VLANS to talk on your SSID's Hopefully that makes sense.
Thanks for the best video about VLANs on current UniFi interface layout
Again, thank you for your compliments and generous tip amount.
Hi. I'm newish to this and if someone could help that would be very much appreciated. I recently bought an L2 managed switch (Netgear GS308Ev4). I have my IP cameras plugged in via one port on the switch. The internet connection is plugged in via another port.
If the internet connection is to 'all' ports or to the same VLAN as the camera, then the cameras work fine.
However, if I then plug a laptop into another port; if it's on a different VLAN from the camera or not, and I run a scan on the network, I can see all devices on my network, including the cameras, despite them being on a different VLAN.
I am trying to stop someone unplugging a camera in my garden, plugging their laptop in and then seeing my network devices. Please help! Thanks.
What router are you using? VLANs and security like that require both a router that is capable of VLANs and a managed switch. If you are just using your ISP router, what you’re trying to do won’t work.
2nd ever Super Thanks given on UA-cam. The first one given was on your "new to Unifi VLANs" video. Several things clicked for me in both videos that never clicked or was explained on videos from other youtubers.
You are very kind... I wish you well on your Unifi setup. Thanks for watching and following!
Ubiquiti’s L3 switches used to not be able to block inter-VLAN traffic that stays entirely on the switch even though the hardware had the capability. Have they fixed that?
I haven’t tested layer3 on UniFi switches. I’m sorry, I can’t answer that for you.
Great videos!! Was wondering if u can explain vland setup on a Ubnt tough switch. Tnx.
I haven't used one of those. Unifi doesn't send me any free gear to do videos on so I would need to get my hands on one before I could do a video on it.... does that run on the same OS as their Edge Switch series?
Nice explanation. That was the proper amount of detail. 80%+ of UA-camrs blaze through or completely leave out context and important implementation details. It always seems to result in a somewhat useless video saying… “I did this thing, but I’m not going to show you how.”
I agree with you about the breezing over thing and will always try to be a bit more thorough in my videos... I get blasted for that though too and "talk too much" LOL. Thanks for your kind assessment!
Nice you make great video's. But why do you put your wifi channels on the same channel. That is never good, you have make shure that they don't interfere
Pro and Cons to that. I don't do that and like my APs to be on different channel to help combat interference. If you have them all on the same channel and there is interference on that channel, it affects your whole network. Many Mesh system struggle with this... To date, I haven't had this happen with my APs on different channels.
I just drawn up a diagram for a simple SOHO network with a VLAN for PoE cameras and for IoT devices before watching this video. I took it a step further and used subnetting just so I can have knowledge on subnetting for medium and enterprise networks.🔥
That is so great. Planning is key!!!
I really appreciate this video. You taught me a lot in a very easy way to understand. So many other videos go too fast or click too fast or are just too high level.
You're very welcome! I enjoy hearing that it helped you out!
Can you use a VLAN network Ip as 10.10.20.0 or 10.20.10.0 where the main network is 10.10.10.0
Yes, you can use a 10.10.20.0 255.255.255.0 as one VLAN and 10.10.10.0 255.255.255.0 as a different VLAN and be just fine.
Thanks
How can you assign a VLAN to a specific LAN socket ?
Do you mean a data jack in a home? If so, yes you can. If I am off base, please correct me.
Thanks for another great video. Appreciate this series of videos where you describes VLAN 👍 If you could make one where you throw in a Synology NAS into the equation, that would be great.
What specifically with that NAS?
@@ethernetblueprint I guess so that DiskStation Manager (DSM), Synology Drive and Synology Office can be reached from the outside safely. As well as from the inside from the default VLAN.
Copy that. Thats a good video idea.
Great Videos Thank You Very Much.
Ask:
Would it be possible to create a 5min video just for a single vLan, each for:
1. Internal Cameras
1.a. vLan
1.b. Firewall Rule
1.c. IP Group
2. WiFi (Smart Device or PC) for Guests to only allow www
2.a. vLan
2.b. Firewall Rule
3.c. IP Group
3. WiFi (Smart Device or PC) to access internal cameras, www and LAN
3.a. vLan
3.b. Firewall Rule
3.c. IP Group
Being able to view a short video solely on a single topic would be so awesome, so that convoluted or confused configurations moving back and forward prevent from growing knowledge. I would imagine that a single fundamental of only one product would allow some of us to see better and then view a second 5min video to progress.
Anyways Thank You Again.
I will see what I can do. With all of those items being fairly interconnected, especially from a FW standpoint, I may be forced to still cross into each of the categories a bit... but I will still see what I can do...
@@ethernetblueprint
(Sorry) This UA-cam is so awesome, it would be so much better if it was in small sections\parts (Part 1 blah (different 5min video), Part 2 (different 5min video, etc)). But it is missing the Firewall Rules....
Note: The reason I mention smaller videos is because it allows us to revisit that one and only video that will help us get to where we want faster, then attempting to find what we need at the moment we need it, sorry if this sounds selfish, it is just a thought :)
Again, Sorry: ua-cam.com/video/yWlvuwq5AXE/v-deo.html
I just watched the video you linked. I do like how the content that was presented and, however, i wouldn't setup a home network (or small business for that matter) like that... you have to have FW rules. Just my opinion.. which are all over YT... LOL
Very helpful, Thanks!!!
You bet... I am glad it was helpful
I'm currently researching UniFi for my future house and your videos have been very helpful. One thing that is still unclear to me: In this video you mention that if you work with other brands, the switch has to be managed, which makes sense since you can't use the UniFi interface to do so. But if you work let's say with a UDM Pro and want to do the tagging of individual ports on a switch - does that switch need to be a layer 2 or a layer 3 switch? Or does the tagging work independently from that - meaning all Unified Switches are managed? What would be the advantages of a layer 2 vs layer 3 be? Thanks for the help!
Good question. I’ll break this into two parts to try and answer you. Let me know if you’re still confused.
So most switches are layer 2. And routers are layer 3. So when you have a layer 3 switch, you are talking about adding routing and creating VLANs in the switch instead of the router.
Forgetting layer 3 switching for a second, if you just have a standard layer 2 switch, you can have two different kinds. Managed and unmanaged. Unmanaged means that you can’t log into the switch and make configuration changes. It just takes a single cable plugged into it and whatever that network is, then all the ports on that switch will transmit that network. A managed switch on the other hand allows you to configure it, assign VLANs, name ports, define settings, etc…. All UniFi switches are managed and can be adopted.
When I mentioned that in this video, I simply meant that you can use ANY brand managed switch and use it in your UniFi network. However for your VLANs to work, you would need to log into that switch individually and configure your VLANs to match what you setup on your UniFi router. It’s much easier to just use UniFi and have that single pane of glass but many users already have switches that they want to use with UniFi so I wanted to point out that it’s possible.
Hope that helps. Let me know if you need more clarification.
@@ethernetblueprint This indeed clarifies the doubts I had. Thanks a lot for the explanation!
Happy to help!
Hey, thanks for this! One question - I can't seem to ping SOME of the devices from my default LAN to my other VLANS. I thought, in theory, I could ping all the devices FROM the default, but couldn't ping from the other VLANs TO the default. Am I missing something?
I am sorry for your troubles. In theory, you are correct. Communication is open from the default to the other VLANs and not visa-versa. The actual issue here may be difficult to answer in the comment section. I'd be happy to try and help offline if you like. Send me an email to tim@ethernetblueprint.com and we can dive in a little easier.
What do you think of create special vlan for management, for example all the APs, SW and servers in that vlan instead of the default?
I know that wasn't part of that video, but that is how I have my network now. I like having a mgmt network for my network devices to communicate on... Thumbs up all the way!
On the Alta Labs switch you can't configure the camera port with native VLAN 3 and "Allowed VLAN 3" at the same time, because the camera attached to that port is VLAN unaware. It has to be on Native VLAN 3 only.
Hmmm. It worked for me. I had my trunk port setup to communicate on all VLANs and my camera setup just like that and it worked well.
Native VLAN means any untagged traffic moving accross the link will be assigned to that subnet.
The benefit of a native vlan happens when you are using the interface as a trunk port and either want to black holes untagged traffic or assign it to a specific subnet. That concept didnt make sense until I worked on the two technologies below.
On Cisco devices you can utilize the native VLAN while using flex connect to allow normal trunking of secure tagged wireless traffic to traverse the local network while the AP is not communicating with the Controller (meaning no capwap is established and the AP is in local switching mode as compare to centalized switching) and use the native vlan to be the AP management VLAN so that the AP will automatically pull DHCP and establish a connection to the controller once connected to the network.
On Arista Switches where you are using voice and data over the same interface they trunk the switchport and assign the native vlan to be the DATA vlan and assign a Phone vlan for the voice traffic. This allows the computers untagged traffic to become assigned to the data segmentation of the network taking the VLAN tagging responsibility away from the phone its self. The phone of course will tag its own traffic.
Thanks for sharing... I'm sure the viewers really appreciate the extra info on the matter! Nice comment!
Thanks for that video. Helps a lot to understand.
Q: What about the opposite way: In my home network scenario I do have a Draytek Vigor DSL Router (integrated modem) and this prevented me to buy a Ubiquiti router so far. I have a unifi network controller running on linux. The rest (or most of them) of my network devices are ubiquiti switches and access points. My question here about VLAN: when I start at the draytek router and its integrated 5 port switch, I create the VLANs at Draytek router plus I need to create in unifi network application plus add them to all the ubiquiti switch ports, right? That should work too?
Yes, As long as the router is capable of VLANs, you should be add them in the controller and have it all work together. Make sure the VLAN IDs match.
Thanks, so much better explanation compared to the Unifi documentation!
Oh great. Glad you found it helpful.
Tk u for sharing, I need to create documentation for my home network
Yes. Planning is a big part of the process.
Your tutorials were on point. Can you give us a tutorial on WireGuard VPN, so that I can connect to my in-house server from an external network?
I will see what I can do. I have a triple NAT situation currently that I may need to fix before I can do many VPN instructions. It’s on my list though. Thanks for watching.
@@ethernetblueprint Thank you, looking forward to it
Hi great video...thanks for taking the time to make them. How about if we add another switch to the mix? router > switch > switch > camera.
How do you setup VLANs for the uplink and downlink ports for those 2 switches?
Switch to switch connections need to be setup as trunk ports... No matter what model and brand of switch...
@@ethernetblueprint Thanks for the fast reply.
Let me bother you a bit more with the issue I'm having.
I know I'm doing something wrong as this is all new to me and kind of like learning about it on my spare time.
The system is 100% Ubiquiti setup with a Unifi Next Gen Gateway Pro, USW Pro MAx 48 POE and a couple of USW Flex where cameras are all hook up....the VLAN is created and the cameras have static IP on this VLAN.
Right now everything is set to trunk (allow all) and my PC on the main (native) VLAN has access to the cameras.
So on the MAx 48 (main switch) I have the two ports that go to the USW Flex set to the VLAN Camera (Only Cameras are connected to the USW Flex), the ports on the FLEX I can't set them to the Camera VLAN as I loose connection, so ended up setting the ports the cameras are connected to the Native VLAN. I also left the USW FLex link port to the Max 48 on the Native VLAN. If I change any of these to the camera VLAN I lose connection from any PC on the Native....could you give me a hint on the mistake I'm making here? The idea being that a PC on the native VLAN can access the cameras but not the other way around. Thanks in advanced!
I may need a bit more information... It sounds like maybe there there is an issue with your FW rules. why don't you email me at tim@ethernetblueprint.com and we can try to figure out what is going on...
How do we get to Network version 8.1.111?
I believe it is because I am setup for early access releases since this is my testing unit.
Great Video!!! I am at the point for my Camera VLAN (40) to allow only communicating within that VLAN. I now need to block all INTERNET access to that VLAN both Outgoing and Incoming as I installed the new UniFi Local VPN (WireGuard) feature which eliminates any need for direct Internet access to that VLAN. Next VLAN project... Expanding my VPN (70) VLAN. The current VLAN I use specifically for "MY" remote access to the home network. Well the kids are going on a Foreign country vacation and I gave them access to my commercial "Private Internet Access" account. But there are issues where some of the streaming sites (here in the US are known to block access from foreign countries, so I will be adding a VLAN (75) which will only provide access to the Internet but nothing in the local network. Inch by inch... Learning something new each day.
Wow. That’s quite the setup. I plan on doing a wireguard video here soon.
@@ethernetblueprintGreat! Do one for the iPhone and Windows environment. There are a couple different methods for installing them. Take it slow and step by step. Everyone will like that
Thanks for the suggestion.
Sorry if I missed it but did you show how you set up the camera VLAN that you implement in this video? Is it a separate vid? I'm looking for a VLAN tutorial for ethernet connected streamers like Roku and Bluesound.
Your VLAN for wifi video rocked my world I'm a total noob and your process worked for me. Thank you so much.
Hey man. Thanks for the comment. The camera VLAN is setup exactly like the IOT network in my “Let’s make some VLANs” Video. Exactly the same. But there isn’t a video that shows how to set it up.
@@ethernetblueprint Great thank you. Your first VLAN video worked for me on Wifi devices (Hue lights work perfectly) but I can't seem to bugger how to get wired devices that have smartphone/tablet controllers like hifi audio streamers to work with the same rules/profiles.
That sounds more like a multicast issue. Make sure mDNS is enabled on the VLANs that you want to control like that.
OK - I got it. It was on the device introduction side and not on your VLAN implementation. I now have smart lights and an audio streamer on the VLAN from your tutorial. Thank you!
Great job, you are a very good educator.
Thank you very much for your kind words.
Thanks!
You bet!
Danke!
It was my pleasure...