|
Well, finally pulled the trigger on switching over to Unifi gear. I'm going to transition a few pieces of my current setup (Zyxel USG + eeros) to my mother-in-law's to help get her setup more stable (and allow us to VPN into her network to fix computer issues directly). Picked up a USG-PRO-4, a Cloud Key Gen2+, and an UAP-AC-PRO just to get the core of the network functioning for now. I'll replace my current switch as well eventually (probably with a 24 port regular and a 24-port POE to reduce cost and I've got the rackspace), but wanted to spread the cost out a little bit - so I"ll be sticking with my TP-Link unmanaged switch for now. I've been living without VLANs this long, I can go a little longer - especially with the UniFi built in guest network - I previously had to run that off a whole separate AP and LAN with my Zyxel setup and firewall it off manually. I'll be curious to see how the AC-PRO performs by itself - it's a 1900 sq ft. single story that I need wifi extending out into my driveway and yard. I assume I'll need to add more APs eventually, but didn't want to pull the trigger until I saw how a single AP centrally located performed. Fortunately my house is already wired with Cat6 (the half we've remodeled) - and the rest of the house can pretty easily have it added as needed to place an extra unit if necessary. Anything I really need to know for setup, or a "make sure you do this now because it is more painful later?" Based on the documentation and videos it seems pretty brainless to just get things up and running for internet and basic networking. It can take me longer to get a VPN up and running again - just gotta make sure the wife has internet for now. I know I'll have more questions when I try to get VLANs up and running - but for now I just don't want to lock myself into some bad setup early on that I regret later as I expand out. Thanks in advance.
|
#
¿
Jan 3, 2019 19:29
|
|
|
|
| # ¿ May 15, 2024 00:28 |
|
|
Well, everything went pretty quick with the setup. Worst part was wrangling cage nuts in and out of my already fairly full rack - the tabs on the USG were just deep enough I couldn't really use my existing fasteners, and had to swap the cage nuts to match the thread of the longer fasteners that came with the USG. Forgot what a pain those things are when you have two next to each other. My rack is kind of a mess right now - but once I get new switches I will reorganize everything, make new cables, and make it up neatly again. Anyways, the setup was pretty painless overall - it took just as long to setup everything and flash the firmware as it did to go through and identify and name all my clients. I don't think the single AC-PRO is going to be sufficient - I can't reliably get either of the cars on the wifi, and the 5G signal is getting weak enough the other end of the house that my Pixel 2 gets a pretty miserable signal. The AP also isn't in the ceiling (just sitting on the top of the 12U rack on the ground), so it definitely isn't installed in an optimal way. Might pick up two more APs to help fill things out. Definitely need to get some unifi switches in here now - gotta fill out that topology map! Only negative experience so far is that since the switch-over, my chromecast (wired) seems to have a slight delay on the video compared to the audio (~5-8 ms). Its solvable enough with the built in audio delay adjustment in google home, but it is a little odd overall. May just be a coincidence - we'll see if it resolves itself eventually - might be a hulu problem or something. Can't imagine what in the gateway would be causing that issue, although I'm not smart enough with how streaming data is packetized to know if that is an expected outcome of DPI or not. ROJO fucked around with this message at 01:03 on Jan 4, 2019 |
|
#
¿
Jan 4, 2019 01:00
|
|
|
So, finally went in deep and added a 16-port POE, 48-port, and an 8-port Unifi switch to my setup: (the 8-port is remote and running off the 16-port POE - and I can't find my crimping tool which is the reasons for the random cables going into the 16-port and not from the patch panel) What can I say, but drat - I love POE and love managed switches. The 48-port switch took FOREVER to adopt and upgrade - rebooted multiple times, and wasn't fully finished for at least 20 minutes - long enough I thought I got a bum switch. But everything finally adopted and updated and things are back up and running. The combined 64 switch ports are overkill for my house, but this was cheaper than buying the 48-port POE, and the 16-port is essentially silent, which apparently isn't the case for the higher port count POE switches. The USG is definitely the serious noisemaker in the cabinet, and I picked up some Noctua fans to swap into it next time I can kill the internet for awhile. With picking up a POE switch, I also picked up a G3 Flex camera to play around with/spy on our dogs, and Unifi protect seems pretty straightforward and easy. Will definitely expand it out to a couple external cameras to watch our front door, etc. With a camera, the 8-port switch, 2 Pro APs, PiHole, and Cloudkey Gen2+, its only pulling about 25W on the dashboard. Continue to be pretty drat impressed with Unifi, thanks to everyone in the thread who suggested it 
|
|
#
¿
Mar 31, 2019 05:27
|
|
|
guppy posted:I'm not familiar with the Ubiquiti line, so maybe there's something about them I'm missing, but I have two questions looking at his. You only have 10 lines connected here, so what's the point of the 48-port switch, versus running everything off the 16-port? And if you're going to have the two switches, it looks like the USG has two SFP ports, so why daisy chain one off the other rather than just uplinking both switches directly to that? So, as far as port count goes, a lot of those in the patch panel are either wired to wall plates that aren't in active use (4 in each room on average, 6 in the office), not wired to the half the house I haven't ripped back to the studs yet, or will eventually be run up into the attic for APs and cameras. I'm sure I won't ever use them all simultaneously, but I wanted to have plenty of flexibility for when I get the whole house setup. According to the dashboard i am using 58/78 ports that Unifi can see (including the 8-port switch at my home theater), and there are at least 12 ports on that patch panel that are wired up in the house with no devices currently on them. That patch panel will be around 80% wired up to the house by the time I finish everything. As far as the SFP goes, the SFP and WAN ports are tied together in pairs on the USG-4 (but re-assignable to different interfaces), so you can't have both SFP ports active on the LAN interface - the other SFP/WAN pair has to be used to go to my modem. I can't seem to find a way to even enable the RJ45 LAN ports on the same LAN interface as the SFP (can't bridge between the two ports), so I don't think it's unique to using SFP - I would be daisy chaining either way. Willing to admit I may be missing something somewhere in the UI though.... edit: I suppose I could reassign the RJ45 LAN port to WAN and put the modem in there - but I still couldn't assign the second SFP port to the same LAN interface as the other. While I could setup two different LANs and route between them......I'm not that concerned about daisy chaining. ROJO fucked around with this message at 06:44 on Mar 31, 2019 |
|
#
¿
Mar 31, 2019 06:31
|
|
|
I know this is a long shot, but has anyone who has isolated google home devices on a separate VLAN been able to successfully see speaker groups across VLANs? I can see all of the devices themselves just fine (usually), but I can never see speaker groups across VLANs. If I switch my phone over to the IOT VLAN, I see them just fine. This is on a full unifi setup. A reasonable google search seemed to show a number of people with a similar problem but no hints at something that would help solve the problem.
|
|
#
¿
Apr 20, 2019 02:01
|
|
|
So, not technically networking gear, but network adjacent. My 1U cyberpower UPS died last night, not the battery capacity or anything, just its ability to power any electronics. It was reading 90V output when in the rack, but once I dismantled it out if the rack and tried plugging it into the wall, it now won't come on at all (just a beep and a blank screen). It was five years old, which isn't a bad run by any means, but I would have hoped for better based on it just being power electronics. Since I'm in the market for a new one, does anyone have any guidance? The cyberpower ones still seem well reviewed so I'm inclined to just do the same again and hope I get more time out of it.
|
|
#
¿
Jun 28, 2019 04:07
|
|
|
Piggy Smalls posted:Taking some advice and going to try to wire cable in the house not outside. What is the name of the round rubber donut things you use to make a hole smaller and have the cable run through the center and it pinches it enough to let the cable go through and keep other stuff out. Am I making sense. A cable grommet?
|
|
#
¿
Jun 28, 2019 18:25
|
|
|
threeagainstfour posted:I'm also heading into a crawl space to run some cat6 through my house. Depends on how dirty your crawlspace is frankly, I tend to use a mechanics jumpsuit because it's what I have, I'm under there a decent amount, and it's washable - but a disposable Tyvek suit would work great too if you don't imagine being under their often. I wouldn't really worry about black widows unless you know you have an significant quantity of them or are going to be actively disturbing tons of webs. In my experience (east SF bay area) where we routinely get widows outside, I have never seen one in my crawlspace - they always tend to be other types of spiders. Unless your crawlspace is totally webbed in you should be fine - so it will be more about how dirty you are willing to get to do the job. Regardless, a set of Tyvek coveralls should protect you from both dirt and spiders at the same time. Also, those of you worried about your cat6 getting eaten by rodents....maybe you should pay more attention to pest exclusion than running your cat6 in metal conduit. Based on the mass damage to our waste pipes, HVAC ductwork, and insulation, rats owned our house at one point before we bought it, and we have had zero problems since paying attention to their ingress points. I have tons of cat6 running bare suspended from my floor joists with no problems for 5+ years. Rats will gently caress up way more in your house than just your network cable - better to stop them to begin with than to harden a (relatively) non-critical part of your home infrastructure.
|
|
#
¿
Jul 25, 2019 04:00
|
|
|
Beverly Cleavage posted:What would you do here? To echo what others have said, pull more cable than you need while you're at it, might as well put something in every bedroom even if you don't see a need for it now. Even if you just hide it in the walls without terminating in a wall jack. Two cables to one location is just as easy as a single cable, and may save you from needing a switch there later. Definitely put things in a rack, and I would definitely consider just getting a rack mount POE switch to go alongside the whatever normal switch is serving the house. While the APs come with injectors, it is so much cleaner to use a POE switch. Also makes other things, like POE-fed 8-port switches to serve home theater stuff, etc easier.
|
|
#
¿
Mar 6, 2020 19:11
|
|
|
namlosh posted:This has to be the worst The proper  is probably more along the lines of Tesla and advertising features that don't truly exist in their cars yet. Unifi seems to have a real bad habit of releasing things too early for general use. Its worth noting that all the features you're looking for work fine on my USG-4-PRO, the UDM-PRO just isn't there yet.
|
|
#
¿
Mar 27, 2020 19:43
|
|
|
Did you actually create a new network in the "Network" pane, called something like VLAN, and tag it with the right VLAN identifier? You can't just point an AP/SSID to a vlan without having created the actual corresponding VLAN network in the router. For example, I have "VLAN30 IOT" tagged to vlan 30 in my network pane, and attach my IoT SSID to vlan30, then apply firewall rules to segregate out vlan30 from everything i care about. Alternatively, just use the guest network functionality. edit: oh wait, I didn't realize you didn't have a USG/UDM, just the standalone APs and a controller. Yeah you at least need a router that will handle vlans. I'm not even sure if the unifi guest network functionality works without a USG/UDM. ROJO fucked around with this message at 18:40 on May 10, 2020 |
|
#
¿
May 10, 2020 18:37
|
|
|
Yeah, the UDM still sounds like a bit of a headache, but my USG and all my other stuff has been rock solid. These times are only indicative of how often I update things, not stability (then it would be years): ....which in itself is a good lesson on using ubiquiti.....let the updates mellow in the wild a bit before you apply. ROJO fucked around with this message at 02:14 on May 11, 2020 |
|
#
¿
May 11, 2020 01:59
|
|
|
derk posted:i went back to my ER-X. was using a USG 3P, was having latency issues gaming, turned DPI off, it helped but would still spike to hell. went back to ER-X, 0 problems. I have 2 AC-LITE AP's going with the ER-X. solid equipment minus my usg giving me problems. it was nice looking at all the extra stats and controlling everything from the controller, but i cant be having spikes like that while gaming, too frequent to ignore. Have had no issues with my USG with DPI and IPS enabled, even with latency dependent gaming. Not trying to say your experience is invalid, just throwing another data point out. Maybe it's the difference between the 4P and the 3P? Granted this is only with despicable 300/15 Comcast internet, nothing approaching gigabit.
|
|
#
¿
May 11, 2020 04:04
|
|
|
Buff Hardback posted:IIRC max throughput on USG with IDS/IPS is only like 200Mbps at best I think Unifi specced 250 or so for the 4Pro (but I can't find the actual number on their site anymore) - but in practice I get ~330 down with DPI and IPS, which for my internet is fine.
|
|
#
¿
May 11, 2020 16:17
|
|
|
I know this is an oddly specific question, but xfinity support is even harder to get a hold of these days than normal and didn't know a better place to ask. I've had a 300/10 plan that the promo pricing has expired on ($70->$100), and was looking at other options to reduce my bill below the non-promo price. I can jump on a 600/15 for $10 less than I had been paying, but I only have an Arris SB6183 modem, which isn't rated for those speeds (it currently accomplished around 325/12 on my current plan, and supposedly tops out at 375). Does anyone know if I were to upgrade my plan to 600 down, would my modem continue to work, just at less than the 600 Mbps rated plan? Would my current speed actually go down because of how the total bandwidth would be distributed across the channels my modem can operate on? Or would it cease working altogether because it isn't DOCSIS 3.1 and I'd be totally SOL? Thanks in advance. edit: also, what does IDS/IPS cap out at for a USG-4-PRO? It hasn't slowed me down yet at 325, but I assume if I did upgrade to a SB8200, it couldn't push all the way to 600Mbps? It's not a big deal either way - I never gotten a hit on anything that didn't turn out to be explainable so I'd just turn it off it was limiting - just curious. ROJO fucked around with this message at 21:27 on Sep 12, 2020 |
|
#
¿
Sep 12, 2020 21:10
|
|
|
Cyks posted:I 100% recommend against getting a USG at this point in time and a cloud key is a waste of money for a home network. What is wrong with the USG? I have never heard any recent complaints about the USG3/USG4-PRO - just the newer UDMs. I'm still happily using a USG (albeit a 4-PRO) with absolutely zero complaints. Sure they have throughput issues if you are looking for IDS/IPS, but those are mostly worthless anyways.
|
|
#
¿
Sep 18, 2020 23:12
|
|
|
stevewm posted:Pick each product for its strong point. Ubiquiti is good for wifi... not so good for routing/firewall usage yet apparently. pfSense or its fork OpnSense are tried and true solutions for a router/firewall. I would consider the USG3/USG-4-Pro tried and true routing/firewall solutions - all the current complaints about Unifi routing seem to stem from the UDM and UDM-Pro not being ready for prime time. The USGs don't have the full blown capability of some other solutions (IPS at gigabit speeds, more expansive VPN options, etc) - but my experience and what I believe the experience of most users who have them is - they work very well within their advertised feature set. That cannot currently be said about the UDM products. Not knocking pfsense in any way - a lot of people just seem to lump the USGs in with all the poo poo about the UDMs, and I haven't really seen anything that bears that out. edit: actually, there is the recent issue with upgrading the controller software to v6.0 that caused a lot of issues across all of the unifi routing products, and I believe affected the USGs. It didn't hit me because I follow a rigorous method of ignoring Unifi updates on all hardware until they have been in place long enough that they aren't alpha testing on the general public anymore. That is a good rule for all unifi products, as they really don't do enough internal testing before rolling things out... ROJO fucked around with this message at 19:35 on Sep 29, 2020 |
|
#
¿
Sep 29, 2020 19:29
|
|
|
TraderStav posted:I must have been misinformed then. I thought that some software had to be run on some other piece of hardware. Yeah, you can run the controller on dedicated hardware (cloudkey, built in UDM controller), or on some other general purpose machine - but the controller does NOT need to be running for the network to function. It is required to help setup and provision the network properly or make changes, and having it running full time gives you nice data and things like that, but it does not need to be up for the network to do it's job. That said, having it built in and running 24/7 is real nice! Good luck with your UDM-Pro
|
|
#
¿
Sep 29, 2020 20:54
|
|
|
SwissArmyDruid posted:Best as I can figure, yes, the weight of the cable + channel torqued the AP off its mount. Why didn't the retention clip hold it in place? Uh, because it's designed to hold the weight of the AP, not the off-balanced load of what appears to be at least 10' of cable and channel trying to twist it off the clip? I'm sorry, this isn't an engineering defect, especially since it sounds like it all fell off at once, so it was a dynamic load rather than a static load. On the other hand, what AP is that? That mounting plate looks really small - mine are almost the size of the APs themselves, and have a steel plate that backs it up on the backside of my ceiling.
|
|
#
¿
Oct 19, 2020 02:09
|
|
|
TraderStav posted:Metal plate is for when you mount it on a drop ceiling tile and you bolt it tight to the clip. When you mount to a drywall ceiling you use the anchors and it's up there really solid. I have my Ethernet drops coming in from the ceiling so if anything there's an upward pull though. Yeah, they're definitely meant for drop ceilings, but I went ahead and used 'em since I had ready access via the attic and had to run the cat6 up there anyways. Definitely overkill, but I try to avoid drywall anchors if there is ever another solution.
|
|
#
¿
Oct 19, 2020 04:24
|
|
|
CaptainSarcastic posted:Just out of curiosity, does anyone else with Comcast find their web portal for account management to generally be comically slow? Just about every time I log into the website to pay my bill or whatever it is painfully slow to use. Yes, it is complete dogshit.
|
|
#
¿
Oct 22, 2020 04:00
|
|
|
DaveSauce posted:So would the Unifi APs do a mesh network? I never really checked, but that's one of the reasons I'd be willing to overhaul the network. No real reason to get 2 new APs if they're going to have different SSIDs. Yes, Unifi APs can mesh if you can't run a cable from a switch to one of them, although you will still have to run a cable from an outlet & POE injector to provide the power to the remote AP.
|
|
#
¿
Nov 19, 2020 02:29
|
|
|
DaveSauce posted:This is my understanding as well so I guess I'm game for an explainer if someone can I guess I'll admit to maybe not understanding the specifics of what "mesh" really entails (I think of it as it tends to be used in consumer hardware - a dynamic wireless network topology between nodes) - but I was referring to the ability of the Unifi APs to wirelessly bridge to other APs on the same network to extend coverage (and use the same SSID(s), have transparent handoffs, etc) because I guess I missed you were able to hardwire everything. If you can hardwire both APs, then even better. Exactly same functionality, just doesn't rely on a wireless radios for the backhaul traffic. I have 3 Unifi APs across my house (all wired) - and all 3 of my wireless networks are completely seamless. I used to have one wirelessly bridged, and it worked identically, although I never fully probed the performance of the one wireless unit. edit: as the poster above said, if you tune your radio settings for the APs you can make things even better - but even when I ran default settings I had no complaints about handoffs, performance, etc. ROJO fucked around with this message at 15:22 on Nov 19, 2020 |
|
#
¿
Nov 19, 2020 15:17
|
|
|
rufius posted:Anyone got a 12-18 SFP+ port switch they like. I was looking at the Ubiquiti US-16-XG but that’s part of the Unifi line and I know the thread’s been grumpy about that gear. There is really nothing wrong with the general Unifi line, besides the two UDM products (and the 6.X controller firmware which has pretty much been resolved). I have 3 different Unifi switch products (an 8-port, a 16-port POE, and a 48-port) and they are all rock solid. I can't vouch for the 16-XG personally, but I don't think there are really any broad complaints about the Unifi switch products (or the older gateways).
|
|
#
¿
Dec 25, 2020 01:08
|
|
|
So, to walk back some of my previous comments are Unifi products being great except the UDM - it looks like the battery in my Cloudkey Gen2+ has failed. The device no longer performs a graceful powerdown when it loses POE power, which resulted in a corrupt database on my last brief power outage (because it turns out my UPS batteries have also failed!). Looking online, failure and/or comical levels of battery swelling seem to unfortunately be a common issue with this device that can manifest at any time  I've initiated the RMA process which will hopefully be approved under warranty, but unfortunately this seems to be a inherent design issue that occurs frequently (and probably goes unnoticed by a large number of people). So, I'm not hopeful about my replacement being a long term solution either since the cloudkeys seem to be a dead end product with the move to integrated controllers of the UDMs. I've taken the cloudkey out of service in case the battery is swelling/damaged (I haven't opened it to verify since I'm hopeful on a warranty replacement), and if the RMA isn't approved, I guess I'll open it up to remove the battery and just make sure to regularly download backups of the config. ROJO fucked around with this message at 02:19 on Jan 2, 2021 |
|
#
¿
Jan 2, 2021 02:15
|
|
|
movax posted:New hopefully quick question — I have a giant spool of solid core, riser-rated Cat6A I use for all my in-wall runs to jacks and such. I also have a box of Monoprice Cat6 stranded for patches that I swear to god ends up being the hardest loving thing in the world to crimp compared to Cat5e I usually use, but that's probably because of the wire gauge. For my cameras (and other cables in my house that aren't being plugged/unplugged constantly (runs from wall jacks to stationary devices) - I just crimp straight on the solid core. Haven't had any problems  My cameras are directly mounted to the soffits they hang from, with just a small hole under them to pass the cable through. I crimped the RJ45 on after fishing the cable through.
|
|
#
¿
Jan 5, 2021 20:38
|
|
|
No ads for me, but I'm on a USG4-PRO (latest 6.X update though). That would piss the hell out of me. edit: nvm, not on the latest controller firmware, mine is a month old or so. not touching that update button (good Unifi rule in general IMO).
|
|
#
¿
Mar 30, 2021 16:53
|
|
|
The only thing that you have to use Unifi SSO for (as far as I can tell) - is remote management through the web portal, and Protect if you want things viewable in the app vs logging into the controller. You absolutely need it for initial controller setup since the new controller overhaul, but it can be turned off immediately after setup.
|
|
#
¿
Mar 31, 2021 03:46
|
|
|
SwissArmyDruid posted:We used to like Ubiquiti. But then the top-end engineering talent left, and the marketing ghouls took over, and now they want to be the Apple of prosumer network hardware, where they know what's best for you, no, you don't have any options except to use the cloud. Except, you don't need to use the cloud. You can turn it off after the initial setup. edit: this doesn't forgive all the other bullshit of course
|
|
#
¿
Apr 21, 2021 05:35
|
|
|
Gyshall posted:Having a weird issue with my UDM Pro/Protect app on Android - for whatever reason, I cannot get the App to recognize I am locally accessing the device when I'm on a my Wifi, so it uses the remote connection. Via web browser it works as expected locally. Any thoughts on what I can do to troubleshoot this? If I'm understanding you question correctly, I believe the Protect mobile app has no allowance for being on the same LAN as your protect controller - it will always rely on a remote connection. Accessing the protect controller directly by IP (even on a mobile browser) does not have the same restriction. This is one of my major frustrations about how Protect is implemented - I cannot use the mobile app, even on my own LAN, because I don't want to expose my controller to the internet.
|
|
#
¿
Aug 12, 2021 05:54
|
|
|
raditts posted:Looks like you were right, at least one of them I redid with the wires closer to the cable and it worked after that. The other still isn't working and I'm not sure why, but it's in the same room so it doesn't matter as much, but I went around and did some of the other outlets as well and now I don't have to set up trip hazards all over my house to get wired internet! Feels good. If you want to further troubleshoot, or plan on doing any other cabling down the road, having a cheapo cable tester helps find serious gently caress ups. I have this one and have been happy with it: https://www.amazon.com/gp/product/B0000AZK08/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1
|
|
#
¿
Aug 30, 2021 04:49
|
|
|
redreader posted:I don't see a need to go super hard but I suppose 200 MB/s up and down will be good enough for online gaming, netflix, movies, etc. currently happy with 120 up and 120 down on fiber. Thanks for the page link! 200/200 on Xfinity??  Hope you aren't attached to your symmetric upload... But in all seriousness, have been happy with my SB8200 on their 1200/40 plan. Should give you tons of head room if you are only getting in at 200 down or so. Not that I am happy with only 40 up....
|
|
#
¿
Sep 11, 2021 05:55
|
|
|
unknown posted:There's a bug in the gen1 cloud key that corrupts the nvram sometimes on a power outage when it's writing. Gen2 added a large power capacitor to give it the couple of seconds of backup to finish writing. Yeah it is this. Bonus note, the Gen2 cloudkey internal batteries seem to routinely fail around the 2-year mark, so I had to have mine replaced (just barely within warranty) because it was falling victim to the same corruption issue when my UPS would run down.
|
|
#
¿
Oct 11, 2021 18:21
|
|
|
So, I upgraded my old Pixel 2 to a Pixel 6, and now that I have Android 12, I see they have deprecated L2TP/IPsec VPN support, which I had been utilizing on my USG4 Pro to get back into my home network. Since it doesn't appear any better VPN support exists within Unifi, even on the UDMs at this point, what is my best option here as I've never run a VPN not on my gateway? In terms of 24/7 clients on my network, I have a PiHole and an RS815 Synology running all the time that I think are technically capable - but they may not be the best solution. My only real requirements is that it needs to be supported in Android 12, iOS, and Windows, preferably natively, but I'm willing to run an app if necessary. Is something running Wireguard the preferred option? Primary use is remote NAS access for files or Plex - I don't intentionally expose anything to the internet and rely on the VPN to get in and access as if I was local. Would like it to have the capability to at least saturate my 40mbps upstream, which has been a challenge on the USG4 apparently. Thanks in advance. ROJO fucked around with this message at 22:25 on Dec 20, 2021 |
|
#
¿
Dec 20, 2021 22:05
|
|
|
IOwnCalculus posted:I would put it in transparent bridge mode, and then let your TPLink handle everything else. You'll probably need to hit up support to get your pppoe credentials first. RPi 3B+ with a POE hat, running only Pihole currently.
|
|
#
¿
Dec 20, 2021 23:10
|
|
|
IOwnCalculus posted:What hardware is your pi-hole on and how is it deployed? I'd run Wireguard on that in your shoes most likely, even a Pi 2 can hit ~100Mbps throughput. Pi-hole has documentation on one way to set it up, though I'm personally a big fan of the LSIO docker version. So, I got wireguard up and running on my RPi, like it a lot so far, especially the CLI QR codes to get it going on mobile devices super easy. Seems super snappy, although my cell signal is so bad at my house I'm only topping out at 20mbps or so and can't saturate my home uplink to test throughput (although I'm sure it is fine). The one issue I've run into as a side effect is some DNS fuckery with my PiHole. I have my PiHole as the DNS for all my VLANs, with a firewall rule allowing Port 53 traffic from my non-trusted VLANs to the static IP of my PiHole on the trusted LAN. In order for the PiHole to work with the wireguard connection, I need to enable the "Listen on all interfaces" option in the PiHole DNS settings, which breaks the inter-VLAN DNS for things like my IOT VLAN (I assume because for that qualifies as "more than one hop away" on eth0 so it is rejected):  The "Listen on all interfaces, permit all origins" will fix the issue and everything (VPN and VLANs alike) gets DNS just fine from the PiHole, but the warning there makes me nervous. My PiHole sits behind the USG4 NAT, and besides trusted LAN traffic, only gets the port-forwarding of my wireguard port from WAN, and the Port 53 traffic from my non-trusted VLANs. Assuming the idiot who setup all the firewall rules (me) did it right, is there really anything to be concerned about with that "permit all origins" setting? Along similar security lines, is there anything else I can or need to do to improve the security of wireguard other than utilizing pre-shared keys and using a non-default port? ROJO fucked around with this message at 18:52 on Dec 21, 2021 |
|
#
¿
Dec 21, 2021 18:48
|
|
|
Alright, maybe this isn't the best thread for this, but I'm in need of UPS suggestions. I've been through two CyberPower OR700LCDRM1U units (and a warranty battery replacement on one of them) - and it is again not actually keeping my networking gear up when the power drops. It acts like it is in battery mode, but immediately goes to <50% battery capacity and all my network gear is offline. I've also had what I suspect are power transients that have been resolved quickly, but not quick enough that my NAS (ds1821+) doesn't restart, despite my network gear staying up. Anyways, I'm tired of these units and their poor longevity, and am interested in doing something different, and getting a larger battery capacity (1500VA). I have a shallow two post, 12U rack, so I recognize I am liking going to have to move to something that sits on top of the rack cabinet rather than being inside - as I don't really see larger UPSs that are capable of a two post mount due to size and weight. Right now the 4 things I have on UPS power are an SB8200, USG-PRO-4, US-16-150W (which runs my 3 wifi APs among other, less important things I don't care about in a power outage), and the DS1821+. I was looking at 1500VA options from APC in their Smart-UPS line. I recognize those may be overkill, but I would rather spend a little more than deal with a poo poo UPS failing on me in 2-3 years again. I also like the idea of ostensibly better power-conditioning and switchover time, since it appears my NAS is somewhat sensitive. Does anyone have experience with the Smart-UPS line, or anything else in that rough class to give me some insight or re-direct me?
|
|
#
¿
Nov 25, 2022 20:10
|
|
|
Hansolio posted:They're expensive, but APC does have a short depth two post rack compatible 1500VA Li-Ion unit in the Smart-UPS line. The expected life is 8-10 years. https://www.apc.com/us/en/product/S...-depth-avr-lcd/ Hah, thanks. Didn't see this is my earlier searching, but that cost, drat  Wound up going with the admittedly also pricey SMT1500, but $600 is a lot more palatable than $2400. Maybe if I win the lottery by the time this SMT1500 burns out....
|
|
#
¿
Dec 3, 2022 19:13
|
|
|
So, got a flyer that AT&T fiber was finally going to be available, which is at least nice to have an option compared to Comcast. Talked with them about it, and I can get 1G symmetric with no caps for the same price I am paying for 1200/40 with a 1.2TB cap - so I'm definitely interested (I honestly would probably save a few bucks and downgrade to 500/500). Speaking with the rep more and inquiring about their required equipment, they will provide a BGW320 combo ONT/modem/router that they say can be put into "IP pass through" mode. I am running a full unifi setup with a USG-4-PRO as the gateway, which I absolutely want to keep using. While I have zero complaints about comcast all things told, I would be happy to get away from them even if I have to go back to using an ISP owned ONT/modem. With the talk on the previous page about the small NAT table potentially still being an issue/enforced even in a bridge mode (?) - is there any other things I should be concerned about? Main WAN use case is general internet/streaming/WFH, a wireguard VPN for travel access, private plex server, and usenet, no torrents. Have about 45 active clients all things told right now on my networks between computers, phones, tablets, consoles, IoT crap, etc. Thanks!
|
|
#
¿
Jul 12, 2023 05:10
|
|
|
|
| # ¿ May 15, 2024 00:28 |
|
|
M_Gargantua posted:There isn't really a need to upgrade the Edgerouter until you have a gigabit internet provider. I'd say for what you want just buy another unifi switch. You don't need a dream machine either. They're "nice" in that they're an all in one solution, but they're also terrible because they're an all in one solution. Its still lightyears ahead of a Netgear or a Cisco box, but you lose something. You'll still need a controller, you technically only need it when you're doing setup and updates though, only need it running all the time for logging and analytics. Since you already have pi's you can just run whatever Unifi apps you want on one of those. I've got a PiHole that doubles as my controller and data logger. If you want to go this route and replace the Edgerounter (Which again, no need too unless you can tap into more speed) you have the USG available for $140 which will do gigabit, or the UXG-Pro which can do 10G. Wait, I thought the UDMs didn't need a separate controller?
|
|
#
¿
Aug 8, 2023 05:45
|
|