The goal of this channel is to provide some networking and various other related tutorials. It's centered around Cisco certification topics, but I branch out into Home Networking and game server topics as well. Hopefully, I can explain how to do these various topics in a way that is understandable and simple. I try not to gloss over what is actually being configured so that there can be some level of understanding.
If there are any topics you wish to see covered just leave a comment and I'll try to get around to it. I do read all my comments, however, I don't always respond to some of my older videos. Happy Networking!
The toastyanswers website has been discontinued as I can no longer justify the cost associated with it. Please contact me at toastyanswers@gmail.com if you have any questions/concerns.
wow, so wrong on so many points. I run a very large network on UDM-Pro. Works fantastic. Confusing firewall rules? not really, this issue is everyone has learned the confusing cisco rules, so rules that make sense are confusing. noisy? its a businesses/enterprise solution, it goes in a server room or rack, its the least noisy thing I have. Under powered?, yes/no. If you try and record video and run all the other applications, you will run into trouble. The NVR embedded in the UDM is only good for 1 or 2 cameras. They have multiple alternate NVR products at a dirt cheep price! Everything in the world is under powered if you try to use it past its design. My 1/4 ton truck is under powered to carry 2 yards of gravel.. a 5 gallon bucket is under powered to carry 10 gallons of water. I currently am running over 200 cameras with my unifi system. But I designed correctly! I am using 3 NVR, A dedicated UDM-Pro , oh and I wired a completely separate network for the cameras, 200 cameras sharing my data network would be BAD!
Hello. Thank you for this post, excellent lesson! I bought this equipment precisely to improve online games. My ISP provides 400Mx400M, and using QoS I got A+, but it hurt the speed; I applied this configuration and it really worked. Now I need to activate IPv6, I'm having trouble. Do you have any suggestions?
I've been trying to migrate my controller on my PC to a unifi express, but every time I try and connect the new controller, my old one tries to adopt it as an access point. Really annoying!
The network mapping on Unifi sucks. It just doesn't update entries as far as I can tell. Adding a switch and moving devices doesn't seem to actually change the map. Even on a simple Network it will occasionally confuse wired and wireless devices.
I’m only a little bit into this video that came out 13days ago but i just recently had a big UniFi OS 4.0.6 update so curious if you’d had a chance to look through that I saw “Added SNMP support” at least in their list Anyways maybe you can make a followup vid if you check it out and see some improvements
Thanks for the Video. How far can this send signal? I want to use my account at work place and the shop which is about 1 kilometre apart but I can see the building where the shop is situated when I'm at home.
Hello, and thank you for your wonderful video. I have a complicated problem regarding one of these switches. It is in a rack that manages a training room's AV system, and one of my touch panels is complaining of a duplicate IP address on the network. I have been called in to service this system, and the vendor/installer is no longer available. I am able to obtain the IP of the switch but it appears the HTML configuration is turned off. I know this can be done at the console level. My question is, after reviewing the whole AAA console commands manual for these switches, it seems like there should be a way to bypass the password, or to initiate a password recovery, etc. from the console without entering the credentials. I want to ask if you know how to do this. A hard reset of the switch is the absolute last resort, as it will break the entire AV system and I cannot be sure how long it will take me to learn enough Savant to get the crestrons communicating with everything again. Is there a way into my switch without a hard reset? CBS350-8FP-2G
I have such a setup at home. One question regarding port forwarding: the first router allows me to set port ranges. Is it advisable to simply forward all possible ports with one range to my second router which then forwards the ports I actually want to use?
Why did you create all the firewall rules to prevent your VLAN's from talking to each other instead of using the "Isolate Network" checkbox under each network? Is there an advantage to creating your own rules vs. using the checkbox to enable the unifi predefined rules?
Hi, i follow all the steps, it seems vpn seems to be connected (based on this commands show interfaces openvpn show interfaces openvpn detail show openvpn status site-to-site, but it says "ttl expired" when i ping to remote host on each routers, can you guide me? I konw it's been a while since you posted the video, but, i tried a lot of things, maybe you're still on YT
Excellent review Toasty I hope Unifi listens to your comments! I use the UDM Pro in a business environment with about 100 connected devices because it's almost plug and play, decent GUI, no annual license, reasonably good IPS and IDS, Wireguard VPN for cell phones and automatic Internet failover and the price point makes is affordable for SMEs.
Thanks for the video, very helpful. I was interested in what you indicated about a Catalyist. I like this device as I need at at least 2x10GbE RJ45s and 2 20GbE SFP ports. Is there a 10GbE Cisco Cataylist withboth 10GbE RJ45 and SFP ports that you might recommend? I'm a small business home user.
I never comment on ytube videos but after saving me 5yrs later again with this video and fixing my bandwith speed to maximum! thanks alot for having this vid still up!
great!! I`ve one question, when you export and import the site on a new selfhosted server, the configuration is migrate too? I hace a console with 10 access point and have 5 vlans configurate on network configuration, I don't want to lose those settings because in each AP is setup 3 ssids with diferent vlan
I have to agree with this video. Currently I prefer to use Palo Alto which gives you all the granular configuration options and I understand Palo Alto cost way more but they should consider a higher end enterprise solution. Also, Im confused how the UDM process firewall rules. if I deny a particular traffic lets say all DNS traffic and then allow DNS to and from a specific DNS server and pace that rule at the top of the deny all DNS it doesn't work. Thenn some of those apps and app groups don't work correctly ll the time.
I request the support on my omada OC200 controller. I would like to know how to send automatic reports to my email monthly, since I have 200 parents distributed by the branches. Regards
Given the solutions like pfSense are founded on freebsd most of the functionality is in the operating system and extra functionality in downloadable packages. The problem I see is the crappy web interfaces updating config files some of which arrogantly overwrite config files that required manual editing to get the functionality (that is already available in the foundation) to work but lacking in the web console. There is definitely a global need for a capable network security appliance that is affordable for micro-businesses and home environments without all the ridiculous subscription and bloated capital costs with an upgrade path that minimizes wastage. The increase of iot devices that may be compromised and thus potential attack surfaces means computers should be on a separate logical network firewalled from all others. iot devices need to be isolated so the risk of them if they can be used as a launching pad into a subnet would otherwise increase the attack surface to all devices within that subnet. Segmenting the whole network into different vlan groups with firewall rules between them removes the risk. I am thinking a range of switch/router backplanes differing only in size (number of supported modules) and backplane speed. A range of modules inserted into the backplane consisting of: (a) groups of ports of the various network interface types (utp/utp+poe/sfp+/sfp++/...) (b) Layer-3 Module option (c) Edge Module (standard gateway firewall). (d) SuperEdge Module (enhanced gateway firewall with vpn, etc). (d) Secuity Firewall Module (e) OOB Management Controller Module (f) Special Purpose Compute/Storage access modules (ie: Video Surveillance, NAS, PXE, VM Hypervisors, Containers) (g) Stack Module (for stacking multiple backplanes) (h) Sentinel equipped backplanes for network monitoring of all ports I cannot see why vlans could not be configured to logically connect virtual interfaces from modules (b-e) to any (group of) interface(s) in (a), minimizing the overall cost and providing a level of flexibility. A site grows, simply add more modules or upgrade specific modules and if you hit the ceiling of the backplane capacity, just upgrade the backplane. Seriously all the backplane modules connections are pcie lanes anyway. The backplane only needs to dynamically assign them based on what is installed during POST as it discovers what is installed. The reduction in having to manufacture a wide range of different router, firewall, network security appliance and switch hardware to a much smaller number of backplanes and modules would reduce the tooling costs of manufacturing bringing the cost of the whole range of products down. The backplane would basically consist of pcie lanes like connections to a processor enhanced for switching, routing and firewall functionality. Some backplanes may be expandable to multiple function specific processors. The backplane would go through a discovery process where it uses one or more chipsets (bridges) to enable the next available pcie lane on the processor to the first physical pcie lane on each set of physical pcie lanes (module receptor) to discover if and what module is installed and obtain compatibility (such as pcie version), performance/capacity requirements with respect to the number of pcie lanes required to service the active interfaces on the module. It would then bridge the required available pcie lanes from the processor to the modle and proceed to the next module receptor. This takes the concept of pcie bifurcation to the next level being dynamically assigned as it can assign any number of pcie lanes only limited by the number of pcie lanes the module backplane physically allows per module. This discovery process would occur during post or whenever a module is installed or removed (if hot-swap is supported by the backplane and the modules). To take advantage of major advancements would involve each component where the advances had occurred and become a requirement of the client, as the backplane in principal should offer backwards compatibility with those modules that would still work as required (saving capital costs and preventing environmental wastage) by only having to upgrade those modules and possibly the backplane if relevant to the client requirements of such advancements. At the moment whole firewalls, routers and switches are subject to having to be replaced. Modularity only seems to exist in some corporate grade network switches (such as netgear). Market Acceptance could be appealed rationally by points such as total cost of ownership and flexibility. A standardization of administration console centralizing and covering all network functions would simplify implementation.
I see comments are mostly dead but still gonna try my luck. For some reason when I run the bat file, nothing really happens. There's a single page of text but nothing new generates. But that's not the case for running the Valheim_server.exe, which runs for about 30 seconds and crashes. I'm going to reinstall everything later today with default directories
Quite the vid, thank you. I loved my abandoned ER4, even when they borked the kernel update so bad. I'm so done with Unifi stuff, their software quality is on par with Microsoft, meaning we are all the alpha/beta testers for broken software stacks. I just run a Fortigate at home now, it actually works, as long as you don't do any client VPNs with it, as they too can't seem to do that properly. Enshitification is REAL out there.
Yeah... I'm going to have to do an update. I recorded this a couple months ago right before the new update came out. You're right, they did fix one of my main complaints in the security tab along with some updates to other things.
Yes, you are not using the latest available version, missing quite a few new features....please redo this vidoe after that update, it would be interesting to see your input after that.
@Toasty, I'm currently running dual Edgerouter4's in a VRRP configuration. I am considering moving to something else that is similar in functionality and technicality, not necessarily retaining a VRRP config, but I don't want to go to any of the UDM lines like the Pro, SE, Pro Max, etc for the reasons you've pointed out in this video, but also because I feel that these devices, especially the Pro, are still too buggy in their reliability for my liking. What would you recommend?
Personally, (as I mentioned in the video) I just retained my existing ER4 to take care of everything the UDM doesn't support. However, if I were to consolidate and move to something different, I would probably gravitate towards Pfsense/Opnsense. I've worked with these in the past, and they appear to support most of the features I would want. Another option I considered is an Edgerouter that supports 10Gb with a separate box running Pfsense in line mode (or whatever it's called... where it's just a pass-thru for threat detection). However, the cost of both is probably about the same as a higher-end standalone Pfsense box. If price wasn't a consideration... I'd probably consider a beefy SonicWall, but that's mostly because I'm familiar with the platform. It is cost-prohibitive in a home environment, though.
PFIFO stands for PIORITY FIFO not PACKET. It bases its selection of SFQ "round robins" to priority packets first. What the default priority is i have never been able to find. It could be they are all the same priority if nothing is explicitly set, in which case it would function as a FIFO anyways.
It has been years I have installed the USG on a project. Now a new customer wants this to be installed on their tiny office, thankfully I came across your video! Thank you.
If I have a device that will do dhcp for the home network already I can just assign the lan as a static on the same subnet as the dhcp server and unchecked dhcp in basic settings?
Hi Toasty, dear Vikings, thank you so much for this tutorial. It helped me and my Vikings to auto-update our dedicated server. After a couple of tries, I changed the script of the .bat file a little bit. Here are the lines I currently use: ### @echo off taskkill /IM "valheim_server.exe" TIMEOUT /T 10 C:\ValheimServer\steamcmd.exe +login anonymous +app_update 896660 validate +exit CALL start_headless_server_active.bat ### As you might see, I did not use the "/f" in the taskkill command. Without the "/f", the server will be properly shut down and a backup and savegame will be stored. As this takes some seconds on my server, I added the "TIMEOUT /T 10". This command will pause the script for 10 seconds. During this time, the "valheim_server.exe" can perform the backups and shut down. After those 10 seconds, my script performs the update. Finally, I restart the server using the "CALL" command. I noticed in my Windows Task Scheduler that without the "CALL" command, the update.bat will never end. The CALL command ensures that the server will be started and my update.bat file and update task will end. Bless Odin Regards, JoeOern
