UniFi Layer 3 Switch Access Control Lists

Подписаться 86 тыс.

Просмотров 6 тыс.

50% 1

Coming soon to UniFi near you, Layer 3 Switch ACLs! Looks like access control lists are making their way to UniFi. Does this change the way you think about Layer 3 switching with UniFi? Will you be testing or using this feature once it's in general availablity?
community.ui.com/releases/Uni...
Join our community here: community.williehowe.com
Hire us! williehowe.com
Protecli Store (affiliate link): amzn.to/3Tcj3rp
R86S (affiliate link): amzn.to/3TwjUVf
Want to join us in learning how to deploy network services like this? Put your name on the training list now: williehowe.com/training/
Name Cheap Affiliate Link: namecheap.pxf.io/oqZMv9
Affiliate Links (I earn a small percentage of the sale if you use these links):
UniFi Store General Link: store.ui.com/?a_aid=WillieHowe
My AmazonLink: www.amazon.com/shop/williehowe
Netool: netool.io use code WHT to save at least 10%!
Digital Ocean Affiliate Link: m.do.co/c/39aaf717223f
Patreon Link: / williehowe
Contact us for network consulting and best practices deployment today! We support all Grandstream, Synology, DrayTek, Obihai, Poly, Ubiquiti, MikroTik, Extreme, Palo Alto, and more!
Come back for the next video!
Twitter - @WillieHowe
TikTok - @whowe82
SUBSCRIBE! THUMBS-UP! Comment and Share!

Наука

Опубликовано:

20 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 20

@Nobodyjbh14 4 месяца назад

8.1.113 just dropped as an RC. There is more ACL features worth mentioning under Global switch settings as well as note about what is coming next. Seems like they have a lot planned 😁

@LordSaliss 4 месяца назад

Glenn said there are a lot more fine grained ACL rules coming soon too. You can create them like firewall rules but for L3 switch and VLAN control. He said this: "You'll be able to set the Action (block or allow), then the protocol, the switches, and source/destination." "plans to get it into the next minor release."

@SpaceRexWill 4 месяца назад

Finally! Been waiting on this for a long time!

@wmcomprev 4 месяца назад

Cisco calls these VLAN ACLs. If you're using the Layer 3 switch as your Default Gateway and routing between the VLANs at the switch instead of using the router-on-a-stick method, such as when the UDM is the gateway and does the routing between VLANs, VLAN ACLs are what's needed to block the inter VLAN traffic. Doing the routing in the switch is much faster than sending the traffic to the router and back to the switch again.

@randominternet5586 4 месяца назад

When doing SFP+ through aggregation switches you don't want to go back to the router for VLAN stuff. Be interesting to see where this goes in terms of utility.

@psycl0ptic 4 месяца назад

@@randominternet5586 why SFP+ specifically?

@JasonsLabVideos 4 месяца назад

YES !! I can't wait to get this done on some of my Grandstream stuff ! I need to buy some unifi switches soon to !

@szaboclaudiu 4 месяца назад

Finally ... better later then never :)

@LackofFaithify 4 месяца назад

Yes....after they implement the rest of your standard L3 functions and a year has gone by without major incident.

@joshuaknight9089 4 месяца назад

Do you notice any speed gains running the router off the switch?

@WillieHowe 4 месяца назад

Yes you would be able to because a switch can move and route packets at wire speed

@maxherman11 4 месяца назад

I see UNAS in the firewall rules 👀

@WillieHowe 4 месяца назад

That's for the unas green product -- not a UniFi nas.

@fps_purple9556 4 месяца назад

I have a bad feeling that this where its gonna stop, unifi does not wow me anymore.

@seanwoods1526 4 месяца назад

It’s a step in the right direction but does it allow access to a DHCP relay or DNS on a blocked VLAN? Solid video

@Traumatree 4 месяца назад

VLAN ACLs is a step back in security as a firewall should be the sole thing segmenting and controlling traffic between networks that use uncontrolled devices (aka end user devices). What you need as a feature on a switch now is VLAN is device isolation. This feature prevents ARP poisoning, DHCP & DNS spoofing on the network and any devices is "alone" with the gateway as the only device that it can talk to.

@LordSaliss 4 месяца назад

In any large network the proper way to have everything routed is a firewall/gateway that only handles internet bound traffic, your top L3 switch which is normally an aggregation switch handles all VLAN routing and segmentation, and the l2 switches are below that connecting end devices. VLAN ACLs are not a step back at all, but a step towards having all the proper rules for a real network. Homes might not need them or care, but they are absolutely necessary for anything but the smallest of business environments.

@Traumatree 4 месяца назад

@@LordSalissThat's the old Cisco 3-tier approach to route traffic outside your network. But internal East-West traffic that requires routing now requires a NGFW, not an L3 switch.

@Mitchell7790 4 месяца назад

It completely depends on the environment and security posture. In some scenarios it makes sense to use L3 switches and ACLs vs Firewalls In lager networks both are often used but also combined with VRFs. Where the VLAN SVIs sit on the L3 distribution/core but traffic moving between VRF zones has to go to via the firewall, normally NGFWs are used where traffic can be inspected.