It's basically creating a secure HTTPS tunnel to either Google or Cloudflare to securely send DNS requests. DNS was one of the last core protocols that remained unencrypted...
Great video. At our church Unifi periodically informs me of a duplicate IP address on our network. I have had no luck tracking down the rogue DHCP server. I'll be turning this on and presumably the rogue device will stop working and we will discover what it is and where it is lol.
Or perhaps more likely when you turn this on, it will be more difficult to discover what this is, not less! Either way it's a useful tool to help keep devices on the network in the meantime...
Yeah buddy! Juniper switches come with dhcp guard enabled by default and all access ports are non trusted unless you specifically set them to trust the dhcp server. Can cause headaches if you don’t know but dhcp guard is great to keep in place
Yessss this is one of my favorite features because a couple of offices were crippled after somebody brought in Pitney Bowes postage meters that included nano routers by Tplink and these nano routers FORCED DHCP server to on in order to be DHCP CLIENTS like Wtf. Since then i have been adament about using DHCP guarding, snooping, inspection etc. but Unifis solution is bar none the easiest.
Can't get it to work. I connected an Asus router to the LAN port of my UDR. Then I accessed the WiFi on the Asus router and I connected and got an IP address. I have chosen DHCP Guarding for that network and also specified the UDR gateway address for that network as my DHCP server
If I understand properly, anything connected directly to your Asus router will still get DHCP packets from the Asus router. However, the DHCP guarding will prevent DHCP packets from the Asus router from passing through your Unifi switches... so if you plug something into your Unifi switch, and the Asus router tries to give it an IP address, the DHCP guarding will drop that DHCP packets from your Unifi router will be what the new device will receive.
DHCP Guarding is turned on on my default network but I have two VLANs that multicast two internal originated video feeds to two monitors. Do those VLAN networks need to have guarding on and if so is the IP address of the DHCP server the same as on the defailt network?
VLANs are separate networks, with their own DHCP server. DHCP Guarding on your default network is for that range only, it shouldn't be able to communicate with the VLANs
@@JasonsLabVideos I didn't think it would, but we all know sometimes vendors don't always follow specs well, so I thought it was a question worth asking.
