UDM Pro - Beginners Guide to Setting Up VLANs

Подписаться 11 тыс.

Просмотров 32 тыс.

50% 1

The Ubiquiti UDM Pro is a great router/firewall and controller for you your network, but it can be a little intimidating to a new user. One of the great benefits of the UDM Pro is it's ability to handle VLANs.
This video will give you an overview of how to set up VLANs on your Unifi Dream Machine Pro, Unifi Switches and Access Points without getting overly technical. The goal here is to show you that anyone can have a network setup like this for their new construction home.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
BUILDING A HOME AND WANT A GREAT NETWORK?
We have some great resources for you:
We recommend running Ethernet cabling throughout your home during the building process to ensure you get cabling and Wi-Fi where you need it, but quite often there are things that overlooked. So you don't make the same mistakes, check out our free guide that gets you on the right track fro the start!
FREE GUIDE: www.ethernetbl...
For more information, head over to: www.ethernetbl....

Опубликовано:

1 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 87

@rammutlandlovu5568 Год назад

This is probably one of the best videos on how to setup your home network securely. Thank you Tim

@Red-Viper-Red Год назад

IOT actually stands for Internet Of Threats ¥ Zero Trust people, either your all in or you are a threat yourself.

@ryanbaker1487 7 месяцев назад

12 minutes and still hasn't gotten to the point, just patting himself on the back for 12 minutes.

@joesoundguy 10 месяцев назад

I gave up after 16 minutes.

@ethernetblueprint 10 месяцев назад

I’m going to be redoing this video to address the time.

@itznickyyheree 8 месяцев назад

Maybe you can just use the RU-vid feature to show sections, a lot of us already know what vlans are and why we use them, we just want to see how the firewall rules in unifi work, so being able to skip to that part would be nice

@TynamicFXTube 10 месяцев назад

Thank you for the video. You do have a wealth of information, but I would suggest cutting the fat, so to speak. You really don't get into the meat and potatoes of the vid till after 18min. I understand what you're trying to do, but there is really no need to explain the same concepts at the beginning several times in a format where the viewer can pause, rewind at will. I would also take some liberties with assuming your audience. If people are here looking for guidance with VLANs, you could probably assume they have some basic working knowledge of home networking. Especially with Unifi being entry enterprise grade equipment. The fact they even have it, and know about it shows a knowledge level baseline above your typical mom and pop "buy the Eero box" and plug it in mentality. Again, love the content. We appreciate it.

@ethernetblueprint 10 месяцев назад

I have heard that before and am working on it. I do appreciate the feedback. That's how we get better right?

@badgerboyEA Месяц назад

Just make a media devices VLAN with the Sonos, TV streaming devices, and phones. This will protect your main devices while separating these medium security devices and still allow for casting.

@ethernetblueprint Месяц назад

Thanks for weighing in!

@InfernalOd1n 7 месяцев назад

DHCP doesn't work on VLans when I attach the wifi SSID to the vlan network. Just says can't get IP. This right here is why I dont bother with vlan. It doesn't just work like you say in the video.

@ethernetblueprint 7 месяцев назад

I’d be happy to help you figure out why. We would need to switch to email though so you could send me some screenshots. I’m sure there is a reason for the behavior. tim@ethernetblueptint.com if you’d like a little help.

@diversify210 6 месяцев назад

Theres no sellection for Guest Hotspot in my UI firmware version. Should I check the Hotspot Portal instead, or is that something different?

@ethernetblueprint 6 месяцев назад

That should be the Guest Hotspot. They have really been changing a lot in these recent updates.

@Michael-Youtube98 8 месяцев назад

This video was amazing. Great instructions, very clear! I can't wait to do a unifi setup in the future!

@ethernetblueprint 8 месяцев назад

Thanks so much... just so you know, I just redid the video with the newer Unifi settings within the last couple days. You should check that out too...

@jeenkoster 2 месяца назад

I am planning on starting my own business installing and mainly doing the monitoring ubuquiti setups. I want to focus on making networks more secure for smalll businesses. Any tips ?

@ethernetblueprint 2 месяца назад

Email me at tim@ethernetblueprint.com. I ran a business doing that very thing and I’d be happy to share my experience with you.

@donaldhoudek2889 Год назад

Tim, Great Video but you need to get the screens focused. I kept checking my glasses... lol

@alfadat 6 месяцев назад

Hi there, why these videos are how to "set up your home network"? Isn't Unifi good enough for company settings?

@ethernetblueprint 6 месяцев назад

Yes, Unifi is actually geared towards both home and small business networks. My channel focus is geared towards home networking though so that is how I present it. I manage quite a few networks in my home town though with Unifi Equipment...

@silviuandreiiacoban3962 7 месяцев назад

All this video and nothing about intervlan routing; just do something you talk and talk and talk

@ethernetblueprint 7 месяцев назад

I realize that I'm a bit chatty in the video. It was one of my earlier ones. I have redone the VLAN Video using the new interface in Unifi and it is more streamlined and to the point. And, it does cover all the intervlan routing... If you want to check it out, it is called Let's Make some VLANs - Beginners Start HERE...

@nblinthemix 5 месяцев назад

Let me save you 17:55 of your life, starts at 17:55 if you know the theory behind VLAN.

@ethernetblueprint 5 месяцев назад

Yes... Little chatty on that one. I did redo this video using the newer OS version and less chattiness. Its called "Lets Make some VLANs"... Might serve you better.

@tarsem3258 3 месяца назад

What about a wireless printer being on the default network, shouldnt it be on a seperate vlan?

@ethernetblueprint 3 месяца назад

That is a good question. I would say that this partly depends on the printer as some of them don't jump VLANs very well. However, I am a big fan on putting them on a different network and then allowing certain devices from the main network be able to communicate with it. Make sure you have mDNS turned on for both the printer network and the default as that helps modern printers communicate in these setups.

@notafbihoneypot8487 Год назад

Is it posiable to have my VMs on proxmox use this on a single NIC on my server??

@TynamicFXTube 10 месяцев назад

yes. Proxmox creates a bridge called vrbm0. It lets the VMs use the link. Kinda like ana emulation. Each VM should be able to have its own ip address, and, in most cases, should be set to static if you're running server level services (game servers, HA, etc.)

@SkidMD Год назад

Thank you. This was the thing that i feared the most and you just walked me through. Wow. Easy, worked, and no hassle. Thank you again.

@davidgarrett7673 9 месяцев назад

thanks...am following on my own setup just getting started

@ethernetblueprint 9 месяцев назад

Nice. I will be updating my video on VLANs soon.

@Polkster13 Год назад

Technically, the "Default" network is not a VLAN. It is the primary network and all other networks added can be set to be VLAN's. Most folks will put all of their UniFi gear like controllers, switches, and access points go on the Default network and then we create a Main VLAN that we put our computers, phones, and so forth on. When you create VLANS, if you don't create any Firewall additional rules, then any device on one VLAN can still talk to any device on another VLAN; until you create the Block Inter VLAN rule. Ubiquiti by default allows everything to talk to everything. Just creating a VLAN does not block Inter VLAN traffic. You have to add rules to do this. Also, you cannot delete any Firewall rules unless you have created them.

@ethernetblueprint Год назад

Yes, you are correct on the default network. And I am one of those people who typically puts all my equipment on the default network, and then creates VLANs for all my other traffic however, in keeping this simple for the video, I elected to just use the default network for my trusted network. On part two of the series, I do explain what you were referring to with the firewall rules and prove that out.

@attackhelicopter-up3dh 10 месяцев назад

I have my default network as vlan 1. On the edgerouter it is better for inter vlan traffic.

@Rodrigp13 8 месяцев назад

Excellent walkthrough! Thanks for sharing your expertise on this subject.

@ethernetblueprint 7 месяцев назад

Glad it was helpful! I have done an updated version of the video as well that is running on the newer version of Unifi... But it follows the same guidelines...

@Rodrigp13 7 месяцев назад

@@ethernetblueprint i have the newer version but this video was still very good and I was able to set mine with no issues. Thanks again.

@gonefshn4031 Месяц назад

Can you do vlan’s on the Dream Router?

@ethernetblueprint Месяц назад

Yes. If you find one. I think ubiquity is phasing them out.

@gonefshn4031 Месяц назад

@@ethernetblueprint Thanks Tim! I really like the form factor for the DR. I’m going to change my home network to Ubiquiti, and am buying parts along the way. Thanks again so much for your helpful and insightful videos!

@laszlolenard6081 Год назад

"guestwifi" stayed in "default network" instead of being in "guest network".

@kanyon_ni_mang_simeon Год назад

damn u bro when you were a kid you have access to all those "P" things lol

@naa62 8 месяцев назад

do I need Vlans after the videoI feel that I can set them up . I have a Verizon Fois router going to a 24 port switch that will run 6 G5 cameras and the UNVR. I have a 2nd 24 port switch that will going back to the router and will be running 6 access points, 4 TVs and 4 Sonos units, with 2 hard wire computer jacks. the switches are UNIFI am at risk at the router ? of people get into both set of devices

@ethernetblueprint 8 месяцев назад

That is perfect timing on that question. My next video is named: “Should you VLAN in your home?” Should be posted soon.

@saulgoodman602 6 месяцев назад

I went to your website but couldn't get through.

@ethernetblueprint 6 месяцев назад

I’m sorry. www.ethernetblueprint.com/ or did you try a different website?

@saulgoodman602 6 месяцев назад

Thank you. I will buy your course but would like to know what course is better based on the equipment. This is for my home. I run a smart home with a bunch of wifi, hubs and apple tvs. We use tablets and obviously phones. I would like to know if I have device issues or internet issues. Basically organize. I would like to switch over to the unify protect camera system. Maybe 4 cameras and a doorbell. What equipment makes the most sense? Dream machine plus a wifi? Please advise

@ethernetblueprint 6 месяцев назад

I don't know that my course will help with those questions... it is designed more for helping run wiring in new construction homes when planning your network. I don't really have a course for equipment planning... Just so you know. Why don't you email me at tim@ethenernetblueprint.com and I will try to help that way...

@Giancarlo_Sforza 10 месяцев назад

What prevents your kids from unplugging their xbox network cable from the kids vlan switchport and connect the network cable to one of the switchports that have access to the main vlan which is unrestricted? A kid could physically unplug the network cable of the xbox or pc and connect it to a switchport of the dad’s pc when the dad is not home, this way they get unrestricted access to everything. Is there a sticky MAC address option so that a switchport only allows access to a specific mac address?

@ethernetblueprint 10 месяцев назад

You could shut down any port not being used so they are unusable. UniFi switches have MAC address lists on the ports for port security. I don’t have a ton of experience with that however I think you can do what you mentioned.

@1d9d5k6 8 месяцев назад

This video is awesome and you have done an excellent job of explaining VLANS. However, a thought came to my mind about segregating the IOT into IOT & IOT Streaming VLANS. It might be possible to improve the latency of the non streaming IOT devices. What are your thoughts on this?

@ethernetblueprint 8 месяцев назад

Thanks. I just updated my VLANs video for the newer version of Unifi and posted it today. Feel free to check it out. As far as your separation question, it would really depend on the devices, network speeds and how much latency you are seeing. Separation can help with latency, but it depends on what the devices you are segregating need to communicate with. IOT devices, in general can be very "chatty" on the LAN. So, in theory, yes, this can help!

@Yapoo-j8j Год назад

One immediate issue - under settings - networks I have no option to create a new network… any ideas? Although there is a section underneath networks called Virtual networks where you can create VLANS??

@ethernetblueprint Год назад

Which hardware are you using? Can you share that with me please?

@Poiisonfire Год назад

do i need the switch to make this work? i set up the vlan and cannot connect to the internet on it, i have a UDM . assuming its because i dont have switch? plz help our family

@ethernetblueprint 11 месяцев назад

You don't need a switch since the UDM has a built in switch. Not getting to the internet is most likely being cause by something else.

@SemAyoubi Год назад

Thank you! When setting this up on a UDMSE with AP's connected to it, there is no option to use the "all" profile for the AP's (Network 7.4.162 and UniFi OS 3.1.15). Maybe this changed with new software? Currently the primary network is set to default with the option to change this to the created vlans. Is it ok to leave it at default (noticed when creating networks vlans are now separated from the default lan)?

@ethernetblueprint Год назад

My guess is (and I haven’t looked) that it’s there but they moved it somewhere else. I’ll have to take a look though.

@louisdid8883 Год назад

Thank you Tim. Great video about the vlans. I have a question and concern. Which vlan is best appropriate for my Nas media ?(synology)?

@ethernetblueprint 11 месяцев назад

At my house, I have it in my mgmt vlan that all my network equipment is on. But it really depends on how you are using it and whether or not it is accessed from the internet or just local... Synology does quite a bit. I only use mine as a file server...

@Polkster13 Год назад

If the Default Network password is top secret, then the IoT Network password should have a different password.

@ethernetblueprint Год назад

That’s a good point or it should match the kids Wi-Fi. Another good point.

@Polkster13 Год назад

You should probably also use "WPA2/WPA3" security instead of "WPA2 only" for most WiFi networks.

@ethernetblueprint Год назад

I have found that breaks a lot of IOT devices. They just don't seem to handle it well.

@NetGuru56 Год назад

Great video Tim, thank you for your insight. Where's the follow up part 2 clip discussing the IP groups and especally the Firewall rules? You've left us in a bit of suspense, with a network that doesn't quite yet comply to the one you modeled for us! Please be so kind as to finish what you started, I have now been on a very long coffee break ;-)

@ethernetblueprint Год назад

Part two is there and ready to go. I’m not sure why you can’t see it. The thumbnail looks almost exactly like this video. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE--97-sOUe7p4.html

@Hafenstrand5 10 месяцев назад

Where would you place cctv cameras in this scenario? I planned to have an own vlan for that, but I also have a camera using wifi and I think unifi can only create 4 SSIDs.

@ethernetblueprint 10 месяцев назад

Some older model APs can only do up to 4 SSIDs… but most models can do up to 8. From an equipment limitation standpoint anyways.

@ethernetblueprint 10 месяцев назад

You would need to turn off the wireless uplink setting to do this though.

@locolongball 6 месяцев назад

Tim. Struggling with Home Pod on my IOT network. I used your video to setup my VLans. Unifi is fantastic, and so is your video. I can send commands to the homepod, but the homepod can not send me notifications if my phone or ipad is on my default. Should I just leave the homepod on my default, and let it communicate to my IOT devices. I use apple TV's as well, so I know they are a homekit hub, and they will be on the IOT. Thought about a new rule setting up a static IP for my homepod, and allowing it to communicate to default, but in that case just put it on the default... right?

@ethernetblueprint 6 месяцев назад

Thanks for the comment... It wasn't covered in the video, but I would make sure you have mDNS enabled for the IOT and Standard VLANs. This setting is in Settings - Networks. I did read a little bit on this after you commented to see if there was an obvious answer and I didn't see one... I am going to be setting up Home Assistant with Home Kit in my home very soon so it will be diving into this soon. I have an apple TV for my Home Kit device - not a Home Pod, but I am hoping it works similarly.

@locolongball 6 месяцев назад

@@ethernetblueprint yes, I do have it selected. I was doing some research and found the same thing. Couldn't find much on ubiquity and HomePod. I moved the HomePod over to the default work this morning. Lost connection with my smart shades. I'm sure I can pair them back up, but then that starts putting everything on my default. I'll grab an Apple TV install it and see how that works this evening.

@locolongball 6 месяцев назад

Because the shades work over matter. I find it hard to believe someone could hack my shades. lol.

@ethernetblueprint 6 месяцев назад

I hope to be able to help more on this when I install a solution like this myself. IOT and smart devices are kind of all over the place when it comes to how they communicate so it is difficult to give you a homerun/slam dunk answer. I will be doing videos on it when I do though...

@ChickenPermissionOG 9 месяцев назад

how do you let devices on your modems network speak to and see ip addresses on my udmp network.

@ethernetblueprint 9 месяцев назад

I'm sorry. I'm not sure I understand your question...

@ChickenPermissionOG 9 месяцев назад

@@ethernetblueprint I got it to talk to each other. I had to make a traffic route and make it a wifi network.

@geekdomo 10 месяцев назад

12:03 - Instructions start

@geekdomo 10 месяцев назад

scratch that 18:15 - Instruction starts

@geekdomo 10 месяцев назад

31:00 - Use OBS its free. No time limit

@ethernetblueprint 8 месяцев назад

Video has been redone and I have done my best to streamline it again...

@locolongball 6 месяцев назад

Thanks!

@ethernetblueprint 6 месяцев назад

Wow... thank you!!!

@bricianmcwilliams2839 11 месяцев назад

Why is this video 35 minutes long

@yngram 9 месяцев назад

Because he says lets go ahead and get started at 17:53 If you don’t know what vLANs are and why to use them you would not have listened that long, but you waited (or fast forwarded to) the 5 min of information and maybe you looked up the second video. The information was correct and it was high in the google ranking if you search Unifi and vLAN so it is a video to learn how to setup vLANs. If you dont like all the chatter about “if you want your kids to be able to search… etc” use the fast forward. The video has 410 thumbs up at this point so most people know how to use a fast forward.

@ethernetblueprint 8 месяцев назад

I have started adding chapters to my videos too in order to help those who want to get right to the "how to" part and skip the fluff. My channel is geared more toward beginners who may not know what a VLAN is or may be considering moving to something like Unifi in order to add more security to their home network. I think explanations are a good thing for that type of viewer.