|
Anyone here good at Ubiquiti? I got a dream machine pro and set it up inside my existing network. I’m not sure which options to look for to get it in “talk to the modem” state sine it probably turned off a bunch of routing features on the initial setup. Everything else is fine, I just still have my Time Machine between it and the modem which kinda defeats the purpose of the whole exercise.
|
# ? Feb 16, 2024 09:14 |
|
|
# ? May 17, 2024 14:48 |
|
qirex posted:Anyone here good at Ubiquiti? I got a dream machine pro and set it up inside my existing network. I’m not sure which options to look for to get it in “talk to the modem” state sine it probably turned off a bunch of routing features on the initial setup. Everything else is fine, I just still have my Time Machine between it and the modem which kinda defeats the purpose of the whole exercise. You would have had to do some manual stuff in the past to get it to that point as the initial setup wouldn’t disable any features. Just plug the modem into the wan port. Or factory reset it with a paper clip to be extra safe.
|
# ? Feb 16, 2024 11:03 |
|
qirex posted:Anyone here good at Ubiquiti? I got a dream machine pro and set it up inside my existing network. I’m not sure which options to look for to get it in “talk to the modem” state sine it probably turned off a bunch of routing features on the initial setup. Everything else is fine, I just still have my Time Machine between it and the modem which kinda defeats the purpose of the whole exercise. This is how I set mine up initially too. Then after I had it configured I swapped it in with modem/gateway feeding the wan port and adjusted the settings on my gateway so that bridge mode would continue working and pass through the external IP to my UDM Pro.
|
# ? Feb 16, 2024 13:33 |
|
Cyks posted:You would have had to do some manual stuff in the past to get it to that point as the initial setup wouldn’t disable any features. Just plug the modem into the wan port. Nope, not a thing, it just went "ding, fries are done" then when I took the old router out it sits there complaining "no IP." I gave it 30 minutes or so to figure it out and even rebooted the modem. I didn't change a single networking option. It is doing routing since I can't see the upstream devices. I'll probably just go factory reset, I haven't set anything complicated up yet.
|
# ? Feb 16, 2024 17:27 |
|
I wonder if the lease for your WAN IP address was still active, and when the UDM came on and requested an IP your ISP basically went "hold up, you get one IP and that's already been assigned to [whatever MAC address your old router had]" Might try setting your UDM's WAN port to have the same MAC that your old router did and see if that does it.
|
# ? Feb 16, 2024 18:22 |
|
it might also be that your old router was doing PPPOE, and you need to set that up
|
# ? Feb 16, 2024 18:31 |
|
You might also have to go into the modem's settings and see if it's only allowing a specific MAC address to get an IP
|
# ? Feb 16, 2024 19:35 |
|
Shumagorath posted:Is there some kind of chicken sacrifice to get pfSense installed on bare metal? It’s bad enough that I had to kill secure boot, but now the installer just craps out at an IRQ mapping error that I’m unable to resolve. This is after pf-on-Proxmox wanted one more NIC than I had. I eventually hacked something together but it took me way more time than if I’d bought even a low-end Netgate. Shumagorath fucked around with this message at 04:46 on Feb 17, 2024 |
# ? Feb 17, 2024 03:24 |
|
Shumagorath posted:Is there some kind of chicken sacrifice to get pfSense installed on bare metal? It’s FreeBSD, so hardware support is going to be poor, at least not OpenBSD levels. I thought there was a fork on Linux, but that appears to be TrueNAS.
|
# ? Feb 17, 2024 15:26 |
|
MrMoo posted:It’s FreeBSD, so hardware support is going to be poor, at least not OpenBSD levels. I thought there was a fork on Linux, but that appears to be TrueNAS. quote:Supported hardware
|
# ? Feb 17, 2024 16:42 |
|
I mean one way some people work it is by installing a hypervisor first, so try ProxMox and then install pfsense as a VM. If you want the same family, try TNSR, which is Linux based due to something about performance or hardware support, https://www.netgate.com/tnsr MrMoo fucked around with this message at 17:11 on Feb 17, 2024 |
# ? Feb 17, 2024 17:09 |
|
Shumagorath posted:If anyone was curious, I had to change an obscure setting in the installer’s boot config to get around GIANT-LOCKED or some poo poo. I got pfSense installed and then it didn’t have the right driver for the unit’s 2.5G port I use VLANs to get around not having enough ports, it works quite well, but you obviously need managed switches.
|
# ? Feb 17, 2024 17:13 |
|
Wibla posted:I use VLANs to get around not having enough ports, it works quite well, but you obviously need managed switches. Right now I have: -Personal PC w/ tiny VM to talk to the management switch on separate subnet -Dual NIC VPN gateway - "WAN" goes into the managed switch, LAN goes out to other devices that need a wire for the VPN (this would run pfSense, OPNsense or a VM thereof, ideally headless, with management on the same subnet as the switch) -Nothing -Nothing -Uplink port that goes out to the raw gateway
|
# ? Feb 17, 2024 17:23 |
|
Simply put untagged ports are for endpoint devices don't know about VLANs or that you don't want to trust with access to more than one specific VLAN. So a regular PC or whatever might go on an untagged port for a specific VLAN. A server running VMs might have a port with various tagged VLANs so the hypervisor can feed different ones to different VMs. Such a port (sometimes called hybrid) for switch<->device rather than switch<->switch, will also have a VLAN assigned for untagged traffic, usually called the PVID. So any untagged traffic from the device will go on that VLAN. You don't have to use it, if your VM/host device is setup to tag everything, but often a VLAN-aware device will do management/configuration on the untagged traffic, so you'd put that on whatever management VLAN you preferred. Rescue Toaster fucked around with this message at 18:38 on Feb 17, 2024 |
# ? Feb 17, 2024 18:33 |
|
Shumagorath posted:I have one! But my knowledge of when I need a tagged or an untagged port has rotted; what setup do you use? VLAN 10: Internet VLAN 20: Lan (management, only trusted devices go here) VLAN 30: Wifi (separate firewall zone, untrusted, has no access to LAN/Web) VLAN 40: Web (separate firewall zone, untrusted, has no access LAN/Wifi) Switches are Mikrotik RB260GS with one SFP port, I run gigabit bidi SFPs and a 2mm thick fibre patch cord around the livingroom Switch 1: Port 1: Internet - VLAN 10 untagged Port 2: Proxmox - VLAN 10 tagged, 20 (untagged/default), 30, 40 tagged Port 3: LAN port 20 untagged - used for when I need to dump a lot of files to my laptops, they otherwise connect via wifi and run tailscale for access to internal resources. Port 4: Ikea trådfri gateway, VLAN 30 (untagged) Port 5: Wifi AP - VLAN 30 (untagged) Trunk SFP: VLAN 20 (untagged/default), 30 and 40 tagged Switch 2: Port 1: WS - VLAN 20 untagged Port 2: NAS - VLAN 20 untagged Port 3: Proxmox host 2 - VLAN 20 untagged, 30, 40 tagged Port 4: NAD D7050 amplifier, VLAN 30 untagged Port 5: LAN - VLAN 20 untagged Trunk SFP: VLAN 20 (untagged/default), 30 and 40 tagged I also have a direct connection between the NAS and WS, using 10 gig NICs and a DAC cable.
|
# ? Feb 17, 2024 19:32 |
|
Rescue Toaster posted:Simply put untagged ports are for endpoint devices don't know about VLANs or that you don't want to trust with access to more than one specific VLAN. Wibla posted:I run a few VLANs, with pfsense in a VM on a Lenovo Tiny M93P.
|
# ? Feb 17, 2024 19:44 |
|
MrMoo posted:If you want the same family, try TNSR, which is Linux based due to something about performance or hardware support, Tnsr is their software router product, so while it can do filters, it's not designed to be a firewall and doesn't have a good Gui for end user management.
|
# ? Feb 17, 2024 20:15 |
|
While screwing around with this dual-NIC box I saw that Ubuntu has an ez-mode “share this connection with other computers” button in Network Manager. How would I replicate that with Ubuntu Server if I wanted to run headless? I guess I need a DHCP server + NAT + …?
|
# ? Feb 19, 2024 23:58 |
|
NetworkManager is probably what’s underneath, and you can drive that from a CLJ or TUI on a server, if that helps.
|
# ? Feb 20, 2024 00:20 |
|
I seem to have resolved my Unifi problem via MAC spoofing even though my service shouldn’t be locked [it’s all my own equipment including the cable modem].
|
# ? Feb 20, 2024 01:20 |
|
qirex posted:I seem to have resolved my Unifi problem via MAC spoofing even though my service shouldn’t be locked [it’s all my own equipment including the cable modem]. does your equipment get your WAN IP address via DHCP? if so, i bet if you released the DHCP lease and then turned off MAC spoofing, you'd get an IP address on the native MAC address but, it's working right now as-is, so probably not really worth the effort to futz around with it further
|
# ? Feb 20, 2024 01:33 |
|
qirex posted:I seem to have resolved my Unifi problem via MAC spoofing even though my service shouldn’t be locked [it’s all my own equipment including the cable modem]. I've come across some isp providers that lock to the Mac address as long as the dhcp lease is technically valid (and they set the lifetime to like a month) and you only get 1 address. So if you don't dhcp release it before trying new gear, you have to spoof/copy/whatever your existing address to make it work. Edit:
|
# ? Feb 20, 2024 01:38 |
|
Subjunctive posted:NetworkManager is probably what’s underneath, and you can drive that from a CLJ or TUI on a server, if that helps. e: second read leads me to think Command Line / Terminal so I guess it’s off to Network Manager’s docs for the night. I haven’t done most of this since ifconfig was the standard, but Netplan is kinda fun and harder to shoot yourself so that’s nice from SSH. Shumagorath fucked around with this message at 05:45 on Feb 20, 2024 |
# ? Feb 20, 2024 02:06 |
|
H110Hawk posted:Not to mention fiber is a whole different thing from coaxial. Fiber is, generally speaking, either up or down. Coax it's more based on what mood the wire is in, ambient humidity, if your cat is currently asleep, that sort of thing. Basically business support is what residential support should be, or at least much closer to it. As someone who works tier 3 for a regional fiber provider, this take on fiber being either up or down offends me personally. Granted, the physical plant issues are a lot less common than with coax, and I'm probably a little biased since I tend to only get the edge cases that cause the most problems.
|
# ? Feb 20, 2024 18:23 |
|
Shumagorath posted:Gonna go ahead and admit I don't know what either of those are Might have helped if I’d spelled “CLI” correctly, apologies!
|
# ? Feb 21, 2024 02:36 |
|
n0tqu1tesane posted:As someone who works tier 3 for a regional fiber provider, this take on fiber being either up or down offends me personally. Generally speaking for residential ISP customers, and when compared to the issues of coaxial, you would need to graph them with log scale to even get the ambiguous fiber issues off the bottom of the chart. By the time we've reached tier 3 support you've rolled a truck and might have even otdr'd it to prove a clean fiber from the consumer MPOE to the head end physical plant. We are no longer "generally speaking", generally speaking. If the signal comes up enough to sync the ONT you can at least get light usable light stats (assuming the ONT supports it, and it would be insane for them... wait this is a residential monopoly isp nevermind.) Either way I get what you're saying, I lease DIA, lit waves, and dark fiber from various providers on the commercial side. The number of "up but only kinda" are very few and far between. Whoops I blew this cheap fs.com optic is way more common, followed by whoops I bumped the fiber working in the fiber tray / patch panel, and then ugh the line card is dead. We really should own an OTDR in our bigger sites. I wish the datacenters would loan them out (with technician.)
|
# ? Feb 21, 2024 17:29 |
|
So Ubiquiti dropped two new products today which is like the 10th so far this year. First is an 8 port PoE switch that can be powered by PoE+ and PoE++ or an adapter. The other is more interesting, the UCG-Ultra. Looks to be a UDM without the NVR/Talk/Protect stuff and small form factor at $129. But it has a 2.5g WAN port and 4 Gbe LAN ports with dual-WAN support. At the same price as the UXG-Lite, it seems better in every way.
|
# ? Feb 22, 2024 02:21 |
|
drat that UCG Ultra looks pretty sweet. Definitely makes a UDM Pro/se less necessary in my home use case, I have a PoE switch already for the APs. The page is a little confusing with the 1Gbps IDS/IPS mentioned on the wan port and it only mentions it is 2.5G in the hardware specs.
|
# ? Feb 22, 2024 05:32 |
The Unifi Cloud Gateway Ultra (which has a name that makes me think it always relies on the cloud, which doesn't seem accurate) isn't PoE powdered, is it? I genuinely don't understand why they don't offer that on any of their lighter CPE-replacement devices - it's much better to have one good PSU that powers everything, and can be put on a UPS, than it is to have three or four bad AC adapters that each need a UPS port.
|
|
# ? Feb 22, 2024 15:34 |
|
priznat posted:The page is a little confusing with the 1Gbps IDS/IPS mentioned on the wan port and it only mentions it is 2.5G in the hardware specs. I read that in an advertorial piece too, 1Gbps routing on a 2.5 Gbps NIC. It reads that they simply got a better offer on the faster NIC?
|
# ? Feb 22, 2024 15:46 |
|
I interpret that as "the link can run at 2.5Gbps, but whatever ASIC/CPU is performing IDS/IPS functions is only rated to do that for up to 1G of traffic". Might mean that it could handle more if you run a reduced feature set on the WAN link. It could definitely be more clearly written if that's the case though.
|
# ? Feb 22, 2024 16:06 |
Inspection features continue to get added, and the computational load to do that gets more ridiculous as we keep easily pushing faster and faster speeds. Coming at it from my EE perspective I imagine there is a point somewhere around 25G where you want to just flash your ruleset to an FPGA rather than eat the power bill of general compute to do it. If the "Ultra" (lol) is anything like the rest of them you can just turn off some features to hit the line speed if you don't care about packet inspection and just want low cost firewall features.
|
|
# ? Feb 22, 2024 16:13 |
|
priznat posted:
This is extremely common on all ids/IPS products even in the enterprise / datacenter space. With only l3/l4 pattern matching I bet it's full line rate.
|
# ? Feb 22, 2024 16:20 |
|
Dumb question: do two machines on the same switch that want to swap files with each other need to have all that traffic go through the router as well? Router -> switch -> two machines Put another way, does all intranet traffic between those two machines need to go through the switch to the router then back through the switch to the other machine? Or does the traffic go through the switch and to the other machine while never hitting the router? E: I guess my reason for asking is my router is limited to 1Gbe (and so are my internet speeds) but am wondering if it is worth getting a 2.5Gbe switch for NAS transfer purposes to other machines attached to the same switch as the NAS Kibner fucked around with this message at 16:30 on Feb 22, 2024 |
# ? Feb 22, 2024 16:27 |
|
Kibner posted:Dumb question: do two machines on the same switch that want to swap files with each other need to have all that traffic go through the router as well? If they are on the same subnet, no. It will all be local to the switch. The router is what routes traffic from one subnet to the other. From my ccna days it is (or was) ironically called the switching function. It switches networks. Switches perform forwarding functions or something.
|
# ? Feb 22, 2024 16:34 |
M_Gargantua posted:Inspection features continue to get added, and the computational load to do that gets more ridiculous as we keep easily pushing faster and faster speeds. Coming at it from my EE perspective I imagine there is a point somewhere around 25G where you want to just flash your ruleset to an FPGA rather than eat the power bill of general compute to do it. JunOS switched to only using FreeBSD in the control plane, with the data plane being entirely made up of FPGAs a long time ago. Nowadays, the SRX5800 can handle ~3Tbps of traffic statefully - which is just loving nuts.
|
|
# ? Feb 22, 2024 17:12 |
|
Kibner posted:Dumb question: do two machines on the same switch that want to swap files with each other need to have all that traffic go through the router as well? Generally all the ports on the LAN side of a consumer router will be attached to the same port ASIC. This chip is able to make forwarding decisions between these ports based on a MAC address table (concisely, "switching") with a relatively low power budget and little if any involvement from the CPU. However, any traffic between an inside client and something beyond the WAN port is going to involve a forwarding decision based on an IP address table instead ("routing"). This can be handled by ASICs, and often is for enterprise platforms which need to go faster than a CPU core can handle. However, at 1G speeds it's viable to just use the CPU so consumer routers usually just have the switching ASIC punt the packet over to a software process which handles routing.
|
# ? Feb 22, 2024 17:48 |
|
H110Hawk posted:This is extremely common on all ids/IPS products even in the enterprise / datacenter space. With only l3/l4 pattern matching I bet it's full line rate. Yah I kind of clued into this when reading what the heck IDS/IPS was it was just weird to not put the 2.5G more front and center, I guess the security feature is an even bigger selling point to more people (it wasn’t something I was aware of but looks cool after reading on it)
|
# ? Feb 22, 2024 17:54 |
|
priznat posted:Yah I kind of clued into this when reading what the heck IDS/IPS was it was just weird to not put the 2.5G more front and center, I guess the security feature is an even bigger selling point to more people (it wasn’t something I was aware of but looks cool after reading on it) Well according to this thread https://community.ui.com/releases/U...a1-39807da71ff7 The 2.5G WAN port is useless. According to the Unifi rep “Well, the console itself can make use of it, e.g. when downloading firmware” which is a laughably bad response. May as well have just used a 1G NIC. Not a big concern for me as I don’t need multigig WAN, but still.
|
# ? Feb 22, 2024 17:59 |
|
|
# ? May 17, 2024 14:48 |
|
Cyks posted:Well according to this thread Definitely just to tick a box if people are blindly searching for a feature of 2.5Gb WAN
|
# ? Feb 22, 2024 18:07 |