Jay, thanks for sharing your early experience being confused by submitting, vlans, and segmentation. That was true to my experience, but nobody would guessed that you ever had trouble. I think it's important for folks new to it to know it isn't always easy to understand right out of the gate. We all have to start somewhere, so just keep poking at it.
You answered my "stickler" question. If you subnet everything up, how do you stop forcing everything through the router. Answer: Put devices onto more than one vlan/subnet directly. Then they can access it layer 2 without routing.
Speaking of "Not segmentet by default", its important to remember the difference between a router and a firewall. A router is not suppose to segment by default, thats the firewall behavior. On a router we primarily divide networks, to limit the size of our broadcast domains.
Can you please do an in-depth video on UniFi remote adoption and port forwarding ports for cloud key with the fully qualified domain name override and how to preset up the units before deploying them so when they are installed at the customer site that they automatically reach out to the cloud key thanks again
while preventing broadcast storms is cool and all....there is certain traffic that needs broadcasts such as DHCP for discovery. when splitting the network you may need "ip helpers" to advise clients on the different segment the location of the DHCP service
Haven't checked your channel out yet, but I'm excited to see it! Does someone need to watch the past 40 episodes from the beginning or can we jump around? Thanks!
Very informative thank you …. I’ve been playing with my network trying to add a pfsense box to use with my UDM Pro has been a fun endeavor to say the least . I wish UniFi didn’t cripple a mostly great device lol ended up trying to make a vlan only network on the UDM and then tagging all the ports I want on all my switches to that vlan and then plug the pfsense box to one of them to use it’s DHCP server . And then double NAT the UDM Pro . Still testing it to see how it works and leaning in the process
If you “need” to segment your network to control WAN congestion, you obviously lack QoS on the firewall. Even easier: Simply configure a limit, per port, on the Ethernet switch.
Thinking of RFC1918? The private IP standard, concerning the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 network prefixes? For some reason YT removed my answer with the URL to the the whitepaper, but if you google IETF or just look on the ietf dot org site for the RFC1918 page you'll find all the gloriously dry details.
I am hoping you can revisit SyncThing set up AND Unifi USG setup, with phone. If phone is on a separate network, relay enable has to be turned on in SyncThing. If relay enable is turned Unifi detects threats.
@@LAWRENCESYSTEMS Even though I get threat notifications indicating blocking, the phone documents will still sync (get copied to the PC). (With phone on separate LAN and relay enable set to on). For now I am switching network briefly just to sync. I debate if syncing with on the same network or syncing using SyncThing relay servers is least secure.
✨✨ THANK YOU!! Appreciate the content, Tom!! 00:01:25:00 into the video, BAM TWO NON SKIPPABLE advertisements. I sincerely pray 🤲 UA-cam fails for forcing obnoxious, unnecessary, hated, irrelevant ads - furthermore, G AdSense advertisement team all get lined up and golden showered. Hopefully they all step in dog shiat every single day for the rest of their lives.
Jay, thanks for sharing your early experience being confused by submitting, vlans, and segmentation. That was true to my experience, but nobody would guessed that you ever had trouble. I think it's important for folks new to it to know it isn't always easy to understand right out of the gate.
We all have to start somewhere, so just keep poking at it.
Just managed to watch it now due to time zone difference. But will still listen through every morning.
You answered my "stickler" question. If you subnet everything up, how do you stop forcing everything through the router.
Answer: Put devices onto more than one vlan/subnet directly. Then they can access it layer 2 without routing.
Wow Jay, when it come to subnet addressing and the schema of network devices we must have been cut from much of the same cloth.
Thank you for sharing the knowledge.
Speaking of "Not segmentet by default", its important to remember the difference between a router and a firewall. A router is not suppose to segment by default, thats the firewall behavior. On a router we primarily divide networks, to limit the size of our broadcast domains.
Can you please do an in-depth video on UniFi remote adoption and port forwarding ports for cloud key with the fully qualified domain name override and how to preset up the units before deploying them so when they are installed at the customer site that they automatically reach out to the cloud key thanks again
while preventing broadcast storms is cool and all....there is certain traffic that needs broadcasts such as DHCP for discovery. when splitting the network you may need "ip helpers" to advise clients on the different segment the location of the DHCP service
I don’t know how it’s done elsewhere, but in pfSense each VLAN or subnet gets its own DHCP server. So at least no broadcasts necessary for that.
@@williamp6800 most networks dont want to deploy dhcp servers in each subnet.
they use dhcp relay via ip helpers
Haven't checked your channel out yet, but I'm excited to see it! Does someone need to watch the past 40 episodes from the beginning or can we jump around? Thanks!
Just jump around. Occasionally they will reference another show and say to go watch that for more details on a particular subject
Eventually I'll want to hire you guys, not a doubt in my mind.
Exceptional helpful!
“Like getting locked out” - Jay
I feel attacked
Lol, yup you called it on the 2x.
Very informative thank you …. I’ve been playing with my network trying to add a pfsense box to use with my UDM Pro has been a fun endeavor to say the least . I wish UniFi didn’t cripple a mostly great device lol ended up trying to make a vlan only network on the UDM and then tagging all the ports I want on all my switches to that vlan and then plug the pfsense box to one of them to use it’s DHCP server . And then double NAT the UDM Pro . Still testing it to see how it works and leaning in the process
I learned something, thanks!
If you “need” to segment your network to control WAN congestion, you obviously lack QoS on the firewall.
Even easier: Simply configure a limit, per port, on the Ethernet switch.
What's the name of the standard? RSV-19 or RSB-19? Where do I find more information on the standard itself?
RFC1918
Thinking of RFC1918? The private IP standard, concerning the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 network prefixes?
For some reason YT removed my answer with the URL to the the whitepaper, but if you google IETF or just look on the ietf dot org site for the RFC1918 page you'll find all the gloriously dry details.
I am hoping you can revisit SyncThing set up AND Unifi USG setup, with phone. If phone is on a separate network, relay enable has to be turned on in SyncThing. If relay enable is turned Unifi detects threats.
I never use the USG routers but my guess would be you need to turn off threat detection
@@LAWRENCESYSTEMS Even though I get threat notifications indicating blocking, the phone documents will still sync (get copied to the PC). (With phone on separate LAN and relay enable set to on). For now I am switching network briefly just to sync. I debate if syncing with on the same network or syncing using SyncThing relay servers is least secure.
@@DanielleEmberley The transport layer of Syncthing is secure
✨✨ THANK YOU!! Appreciate the content, Tom!!
00:01:25:00 into the video, BAM TWO NON SKIPPABLE advertisements.
I sincerely pray 🤲 UA-cam fails for forcing obnoxious, unnecessary, hated, irrelevant ads - furthermore, G AdSense advertisement team all get lined up and golden showered. Hopefully they all step in dog shiat every single day for the rest of their lives.