|
Actuarial Fables posted:As an anecdotal data point, at my last job we installed UniFi switches for a company that is very similar to yours and they've had no issues with them, aside from when the roof leaked and killed one of them (one of the switches, not a person). Thank you and everybody else who answered for your insight; since it seems like most posters here are very happy with the Ubiquiti equipment I will move forward with getting a UniFi switch and setting our poo poo up when we switch over. When that happens, I will come back with any questions my IT service can't answer.
|
#
?
Aug 8, 2019 16:12
|
|
|
|
| # ? May 17, 2024 19:41 |
|
|
H110Hawk posted:...including powered ethernet, it's only 48vdc unless you're ubiquity in which case gently caress you) Not that you said otherwise, but to elaborate for readers Ubiquiti nonstandard PoE is 24V and still definitely "low voltage" for electrical code purposes.
|
|
#
?
Aug 8, 2019 17:47
|
|
|
I have a friend who needs some home networking hardware. I haven't been keeping up on things so I just want to run what I'm planning to recommend by the thread. He's got a 150mbit internet connection and 8 people in his house. Am I right in remembering that there is supposed to be a meaningful performance advantage for the ERL over the ERX in that kind of scenario? Also, is it likely to be worthwhile for him to go with the Pro AP(s) over the Lite(s) (parenthesis because I'm not sure yet if he'll get ideal coverage from one, so we'll start there and fill weak spots if necessary). K8.0 fucked around with this message at 19:44 on Aug 8, 2019 |
|
#
?
Aug 8, 2019 19:42
|
|
|
Get the Nano HDs over the Pros, or if that cost is too much then just get the Lite.
|
|
#
?
Aug 8, 2019 19:55
|
|
|
K8.0 posted:I have a friend who needs some home networking hardware. I haven't been keeping up on things so I just want to run what I'm planning to recommend by the thread. He's got a 150mbit internet connection and 8 people in his house. Am I right in remembering that there is supposed to be a meaningful performance advantage for the ERL over the ERX in that kind of scenario? The difference between the ERL and ERX in a 150mbit environment mostly comes down to whether they want to run QoS. If they're not planning on using QoS, then either router will be fine. If they do want to use QoS (or any other feature/service that isn't hardware accelerated like OpenVPN), then the faster processing speed of the ERX (dual-core 880mhz) is preferable over the ERL (dual-core 500mhz).
|
|
#
?
Aug 8, 2019 20:15
|
|
|
I posted a while back that I was installing some of TP-LINK's access points (EAP-245 v3 and EAP-225 outdoor) and I've been thrilled with them so far, after disabling my router's wifi. They are significantly cheaper than the ubiquiti equivalents ($88 for the 245's and $78 for the 225)and were a breeze to set up with the windows based omada cloud software controller. I'm not a power user by any stretch so I can't speak to some of the more advanced features that may be present on ubiquiti systems but for the average to above-average home user, these meet all my needs (fast roaming, for example). My old archer C9 router has its wifi switched off and only handles the routing for the 3 AP's. With one 245 in the main living area, one 245 in my garage corner on the other side of the house and the one outdoor 225 outside my back porch I have seamless 5ghz coverage that maxes out my 400mbit connection. This is for a ~2000sq ft home on ~1.5 acres of property.
|
|
#
?
Aug 8, 2019 20:16
|
|
|
So our cellphone coverage sucks which is mostly solved through WiFi calling. Regular texts wouldn’t go through so Verizon gave us their Samsung network extender which just borrows some bandwidth to be personal cell tower. In their “genius” they removed a feature from the old one which is to have a whitelist and instead anyone within range can connect. If I have a USG3, how can I make it so this box won’t talk to anything else on my network? Is that a VLAN thing?
|
|
#
?
Aug 9, 2019 00:30
|
|
|
If you're plugging it directly into the USG, create a new network under Settings > Network with a separate address range than your existing LAN (172.23.123.0/24 or something), then create a new LAN OUT firewall rule to drop any traffic from the new network to the existing one. If you're plugging it into a managed switch, you do the above but you specify a VLAN in the network creation part, set the switch port connected to the samsung device to that VLAN, then have the switch port connected to the USG converted to a Trunk with the native VLAN (likely vlan1) untagged and your new VLAN tagged.
|
|
#
?
Aug 9, 2019 00:56
|
|
|
For what it's worth.. The Verizon extenders do nothing but make a IPSec tunnel back into Verizon's network. Everything is sent through this tunnel, including data. The devices using the extender can't access the local network at all.
|
|
#
?
Aug 9, 2019 01:26
|
|
|
Actuarial Fables posted:If you're plugging it directly into the USG, create a new network under Settings > Network with a separate address range than your existing LAN (172.23.123.0/24 or something), then create a new LAN OUT firewall rule to drop any traffic from the new network to the existing one. OK, so I have just a dinky unmanaged switch but didn't know if the USG itself did VLANs. But if I plug it into LAN2, I can just config it and it should be OK that way? stevewm posted:For what it's worth.. The Verizon extenders do nothing but make a IPSec tunnel back into Verizon's network. Everything is sent through this tunnel, including data. Sure that all sounds great but how many times to we find that companies devices are acting in bad faith? While I am sure that it is on the up and up, I'd rather take that one extra step to protect my data.
|
|
#
?
Aug 9, 2019 01:36
|
|
|
stevewm posted:For what it's worth.. The Verizon extenders do nothing but make a IPSec tunnel back into Verizon's network. Everything is sent through this tunnel, including data. Yeah I wouldn't trust that as far as I can throw it. Or even a quarter of the distance I could throw it. gently caress Verizon.
|
|
#
?
Aug 9, 2019 01:56
|
|
|
KKKLIP ART posted:OK, so I have just a dinky unmanaged switch but didn't know if the USG itself did VLANs. But if I plug it into LAN2, I can just config it and it should be OK that way? Yes. You're creating a 2nd network instead of a 2nd virtual network, then configuring the firewall to deny anything trying to cross between them. The USG itself does support VLANs, but without support from the switch there's no way to segregate them.
|
|
#
?
Aug 9, 2019 02:25
|
|
|
Actuarial Fables posted:Yes. You're creating a 2nd network instead of a 2nd virtual network, then configuring the firewall to deny anything trying to cross between them. Allright cool, I think thats just the way that I'll end up going. I assume I configure it all through the Cloud Key?
|
|
#
?
Aug 9, 2019 03:13
|
|
|
Anybody buy a Unifi Dream Machine Pro when it was briefly available on early access? I grabbed a Mellanox Connectx-3 10Gb card on ebay for $40 for my server, so I'll probably just bite the bullet and grab one of these when they're back in stock. https://store.ui.com/collections/early-access/products/udm-pro-beta 
|
|
#
?
Aug 9, 2019 03:36
|
|
|
So basically everything we all want in one except PoE?
|
|
#
?
Aug 9, 2019 03:37
|
|
|
I think what I’m looking for is a mesh network. I want to create a seamless wireless network in my house with a single SSID. Running ethernet isn’t an option but I do have coax in several rooms (it’s an older house so it’s RG59 coax). What the preferred mesh network setup? I was looking at the Netgear Orbi and Orbi PRO but there seems to be a lot of issues with random disconnects and long-standing problems with the firmware. I’ve had Ubiquiti suggested to me but how user friendly is it? I’m definitely not a networking expert and I’m not looking to do anything fancy with the network. I just want something reliable and fast (as fast as a wifi connection can realistically be). I don’t mind spending money on good hardware, I just don’t want to buy something and then have no idea how to set up or configure it properly.
|
|
#
?
Aug 9, 2019 03:48
|
|
|
Mr. Apollo posted:I think what I’m looking for is a mesh network. I want to create a seamless wireless network in my house with a single SSID. Running ethernet isn’t an option but I do have coax in several rooms (it’s an older house so it’s RG59 coax). Eero, Orbi, or Deco on the cheaper end.
|
|
#
?
Aug 9, 2019 03:54
|
|
|
willroc7 posted:Eero, Orbi, or Deco on the cheaper end.
|
|
#
?
Aug 9, 2019 05:17
|
|
|
KKKLIP ART posted:Allright cool, I think thats just the way that I'll end up going. I assume I configure it all through the Cloud Key? Right. Click the gear in the lower-left corner - the two areas you'll be working in are Networks, where you'll create the 2nd LAN network, and Routing & Firewall > Firewall > LAN IN, where you'll create the drop rule (I mis-spoke earlier, don't make a LAN OUT rule) e. Alternatively, if you don't want to make a firewall rule, when you're creating the 2nd LAN network set the Purpose to Guest - there are hidden default firewall rules for Guest networks that automatically drop traffic destined to other LANs. s. https://help.ubnt.com/hc/en-us/articles/115003173168-UniFi-USG-Firewall-Introduction-to-Firewall-Rules#4 Actuarial Fables fucked around with this message at 06:09 on Aug 9, 2019 |
|
#
?
Aug 9, 2019 05:56
|
|
|
H110Hawk posted:Non-low voltage (house power /120vac) cannot share with low voltage (ethernet/telephone/fiber/signaling - including powered ethernet, it's only 48vdc unless you're ubiquity in which case gently caress you). You're probably thinking about ballasts and such which are to be avoided. Eletriarnation posted:Not that you said otherwise, but to elaborate for readers Ubiquiti nonstandard PoE is 24V and still definitely "low voltage" for electrical code purposes. Turns out the "non-standard" 24V passive PoE that Ubiquiti uses isn't that uncommon since there's a bunch of IP/CCTV camera makers that also use it. If you want hosed up non-standard power, check out Bosch: 56v 90W HiPoE... and if you don't want to use that, they'll accept 24VAC
|
|
#
?
Aug 9, 2019 06:14
|
|
|
So I read a rumor that the cloud key on the UDM can't be used to manage other stuff (I knew that you couldn't use an existing cloud key to manage a UDM but not that you might not be able to manage other devices with the UDM's cloud key)? Is it possible that the UDM is not going to be good? 
|
|
#
?
Aug 9, 2019 14:00
|
|
|
Schadenboner posted:So I read a rumor that the cloud key on the UDM can't be used to manage other stuff (I knew that you couldn't use an existing cloud key to manage a UDM but not that you might not be able to manage other devices with the UDM's cloud key)? I think its the other way around, you can't add the UDM to existing cloud keys; it'll let you expand.
|
|
#
?
Aug 9, 2019 14:19
|
|
|
Actuarial Fables posted:Right. Click the gear in the lower-left corner - the two areas you'll be working in are Networks, where you'll create the 2nd LAN network, and Routing & Firewall > Firewall > LAN IN, where you'll create the drop rule (I mis-spoke earlier, don't make a LAN OUT rule) OK, so I did this also following this guide: https://www.youtube.com/watch?v=CSwvFFZSJkE I set my gateway/subnet setting to 192.168.2.1/24 (with LAN1 being 192.168.1.1/24) but I'm not getting a connection, should I change it to 10.0.0.1/24 instead? As a wrinkle, I also have a raspberry pi serving a pihole at 192.168.1.*** for DNS so do I need to have some access to that for the LAN2 or do I need to have a different DNS server manually entered (which I guess is actually titled DHCP Name Server"? Only reason I ask is because I don't see it popping up in the gateway page that lists clients accessing different interfaces. E: swapped to 10.0.0.1/24 and now it shows up as a client but and seems to be fully working but I can’t access it. Is that just a normal thing that I can’t access 10.0.0.* from 192.168.1.*? E2: resized that’s dumb of course I want it separate and that I can’t connect to it makes sense. Wondering if there is a conditional rule so I can access the web GUI only from in network KKKLIP ART fucked around with this message at 23:29 on Aug 10, 2019 |
|
#
?
Aug 10, 2019 23:02
|
|
|
Make sure the LAN2 port isn't disabled. Go to Devices > Click on the USG and check the LAN2 port. Also make sure that your new network is set to the LAN2 interface. Do you have a computer that you can plug directly into that port? If you followed that guide you should at least be getting an IP address and an internet connection. You specify the DNS server in the Network setup portion under DHCP Name Server, otherwise by default it'll just use the USG's internal dns server. Here's some pictures of what your setup should look like. https://imgur.com/a/rrBOsCe e. You can make conditional firewall rules. The firewall works top-down and will stop at the first matched rule, so as long as you have your blanket DROP rule at the end then you can put in ACCEPT rules for whatever you want to access on that network. See the DNS rule in the picture album for an example. Actuarial Fables fucked around with this message at 23:36 on Aug 10, 2019 |
|
#
?
Aug 10, 2019 23:32
|
|
|
Yeah I am pretty sure that it’s got an active connection and has an IP address now, but I just can’t navigate to it via browser which makes sense because in my head it’s like having a totally separate router. I might see about making a rule for just my laptop to access it and disable that rule when stuff is working so there’s no chance of it accessing stuff when I don’t need to log into the device 
|
|
#
?
Aug 10, 2019 23:52
|
|
|
I decided to overhaul my home network for a side project, because I dont suffer through enough Cisco bugs and networking fun at work. So far I'm really happy with my setup, I bought a Ubiquiti ER-X router, a gig PoE switch, and a couple of their Lite APs alongside a PiHole DNS server. It's been a fun, simple, setup and I can definitely see an increase in WiFi speed, and no longer suffer from a ton of buffering when I try and stream stuff to my Chromecast. I'm not doing anything complicated and its been a pretty easy set and forget type of setup, aside from tweaking on the PiHole. That said I cant let good enough stand! I was looking at the Ubiquiti Security Gateway devices and thought that I want some fancy looking dashboards from an IPS/IDS setup. Im happy with the ER-X so I was thinking I could try and do something besides go out and buy a new device. Does anyone have any recommendations as far as home IPS/IDS setups? Ive been looking at Suricata which I think would do what I want, and can output and give me all sorts of fancy graphs and charts. Is there a better setup out there? Good old Snort maybe instead?
|
|
#
?
Aug 12, 2019 15:47
|
|
|
Generalized question for you all. What are the main benefits of using a dedicated hardware NAS solution vs running Samba/NFS/whatever off of a dedicated server with the drives attached? I'd assume transfer speeds would be throtically better than most USB drives, but that's about it from what I can guess.
|
|
#
?
Aug 13, 2019 15:32
|
|
|
A dedicated NAS box is going to have a lower power consumption than most servers, and be quieter as well.
|
|
#
?
Aug 13, 2019 16:48
|
|
|
Warbird posted:Generalized question for you all. What are the main benefits of using a dedicated hardware NAS solution vs running Samba/NFS/whatever off of a dedicated server with the drives attached? I'd assume transfer speeds would be throtically better than most USB drives, but that's about it from what I can guess. dedicated boxes like Synology will get you redundant file replication systems like ZFS and BTRFS which makes sure you don't lose data if you're suddenly (n-1) disks due to failure. Of course, if the array itself fails, welp
|
|
#
?
Aug 13, 2019 16:58
|
|
|
Is that different than the sort of functionality of UnRaid or assorted flavors of Raid? Also we're talking RasPi here if anything, so power really isn't a factor.
|
|
#
?
Aug 13, 2019 17:26
|
|
|
A Raspberry Pi makes a poor NAS, since, until the Pi 4, the ethernet controller was also on the USB2 bus, which severely limited transfer speeds. The Pi 4 is going to be better, but still slower than dedicated hardware, since all the drives have to share a USB bus. Also, there's the usual caveats with Raspberry Pis and SD cards.
|
|
#
?
Aug 13, 2019 17:53
|
|
|
Warbird posted:Generalized question for you all. What are the main benefits of using a dedicated hardware NAS solution vs running Samba/NFS/whatever off of a dedicated server with the drives attached? 
Raygereio fucked around with this message at 18:19 on Aug 13, 2019 |
|
#
?
Aug 13, 2019 17:58
|
|
|
Yeah I'd go for dedicated hardware if you can. I bought a used Lenovo TS430 on eBay at the start of the year and it's been running like a champ with UnRAID on it. Basically silent too, we're sleeping next to it. Furthermore, I've got 8 drive bays and SATA ports available to fill (well, more than that if you count the 5.25in bays). I'll admit I came from a bunch of external drives connected to an old laptop, but I prefer the new way now.
|
|
#
?
Aug 13, 2019 17:59
|
|
|
Is this a patch panel?  Moving into new house with the house wired for network, and the wires go out of this into the wall. Can’t find a model number nor it on their website.
|
|
#
?
Aug 13, 2019 19:52
|
|
|
It is, looks like a DIY job but it is a patch panel.
|
|
#
?
Aug 13, 2019 19:56
|
|
|
I hope the wall ports are numbered or the previous owners provided you a network diagram/list, otherwise you might have to spend some time figuring out which cable goes to what room.
|
|
#
?
Aug 13, 2019 20:10
|
|
|
dupersaurus posted:Is this a patch panel? Yeah, and judging by that termination job you should go ahead and spring for a cable tester / fox and hound now.
|
|
#
?
Aug 13, 2019 20:32
|
|
|
I don’t know if it was originally a DIY thing, but there has been DIY work done to it since. There is a port list, fortunately. I should have thought to get a cable tester, was just there for the house inspection  Thanks! Edit: any recs for cable tester to get? dupersaurus fucked around with this message at 21:30 on Aug 13, 2019 |
|
#
?
Aug 13, 2019 21:27
|
|
|
dupersaurus posted:I don’t know if it was originally a DIY thing, but there has been DIY work done to it since. There is a port list, fortunately. I should have thought to get a cable tester, was just there for the house inspection I punched a small incandescent onto the outer pair of one keystone jack and a battery onto another when I ran a bunch of cat6 in my house without labels. Got the job done. I guess LED would’ve worked but I didn’t want to worry about polarity.
|
|
#
?
Aug 13, 2019 21:40
|
|
|
|
| # ? May 17, 2024 19:41 |
|
|
Well, what a pleasant surprise. Cox just increased their cable speeds here from 100mb to 150mb at no charge, out of the goodness of their hearts. In completely unrelated news, Centurylink Fiber just completed a big expansion into my area.
|
|
#
?
Aug 13, 2019 22:38
|
|