UniFi Network Application 8.1.113: Big Update! UI Changes, OSPF, Switch ACLs & More!
Vložit
- čas přidán 6. 08. 2024
- lawrence.video/unifi
community.ui.com/releases/Uni...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag/
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 10% off your order at
🛒 www.techsupplydirect.com?aff=2
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
Chapters
00:00 UniFi Network 8.1.113
01:31 Release Notes
02:37 Topology Rotation
03:19 Side Panel Tabs
03:56 Networks View
04:46 Firewall Rules UI
05:40 UniFi Switch ACL
06:25 OSPF
07:00 Hopeful Future Features - Věda a technologie
Lets not forget, the cloud portal greets you with even more "WAIT" screens while it jams or times-out. Still need to go to LEGACY to view traffic by users, can't in NEW. LEGACY needed at times to clear logs.
I wish they did a 'topology' representation of FW rules. What you set/see in tables gets displayed as topology flows.
Great video! :) I always look forward to your overviews whenever Unifi releases new controller versions.
I work from home and use VLANs to isolate my work computer/keep my homelab segregated/etc., and also have a 10 Gbps network segment, so I feel like I'm pretty much just a home user with a few extra layers of complication.
I'd love to be able to migrate away from my OPNSense box and mishmash of various switches and APs to a stack of products from a single vendor managed in a single interface. It sounds from your video like I would be fine with switching to a Unifi Dream Machine SE and Unifi switches at this point without regrets. One thing I'm not sure about at this point is whether it makes more sense to migrate the firewall to Unifi first, and slowly replace the non-Unifi switches, or replace the downstream devices with Unifi devices first and replace the OPNSense box last. I'm going to have to do it in stages, unfortunately. It seems like it'd be easier to replace the downstream switches one by one first, but I'm just guessing.
I'm definitely looking forward to your future videos Unifi's products. It seems like you're a lot more impressed with where they are now than where they were a year ago.
In addition to what was presented, another thing that helped me migrate some pfSense that were still on version 2.7.0 was the OpenVPN part of the Unifi Controller in UDM Pro, where it now allows me to define which protocol I want to use (AES256-CGM, etc) for Site2Site Shared Key.
I had 2 clients that I couldn't update because this location uses Starlink in CGNAT and I couldn't close another type of tunnel to Site2Site.
The latest EA for protect is awesome too. Ui changed, for the better. Google drive integration is slick too
Being able to use my UniFi Layer 3 switch I bought a year ago as a...well, layer 3 switch will be a good day!
For me when i go to 'Security' > 'Traffic & Firewall Rules' i still get the message that tells me its only for Unifi Gateway, so I don't know if yet again they still haven't given us L3 switching with ACLs on L3 switches... guess im staying on my router on a stick config.
I was surprised, this morning the layout changed :D
This is the thing with UI. They are now making available to you, via their products, features which have long been available on other products for umpteen years! Just thank God we don't live isolated dimensions like VLANS, otherwise we'd be here thinking how glorious and wonderful UI is for thinking up all these miracle innovations we are seeing today and be like Wow!!! They're blowing my mind! No, they're not. They're slow, and behind the times. They're good at impressing you if you don't know, or aren't exposed to anything better. All that glitters isn't gold? That's UI.
I've been running UniFi products at home for years (Gatewat, Switches, AP's and Cams), and although I do like their stuff, it's never failed on me. I'd have expected a lot more features to be available (or not taken away from the 'New' UI) for the price point. The staff are also quite rude and unprofessional on their forums. I view UniFi stuff as a network/IT persons 'nice' upgrade over standard ISP provided kit.
I was looking for a way to spoof a mac address on a Wan interface, which a random tp link router let me do right in the ui, and there was just no way to do it. I could probably do it in the cli but when a router/switch/AP combo can do it in the GUI, i was expecting a unifi product to be able to as well. But it's not the first or last time I've been disappointed by their ui and features
@@Tumleren I can do this on my Unifi Express under.
Setting -> Internet -> MAC Address Clone
Have to change "Advanced": to Manual to reveal this setting I believe.
I configured this yesterday when I switched from my old router to the Unifi Express and didn't want to hassle with the ISP MAC timeouts.
@@robertb6276 Setting isn't there for me that I can see, so it's probably because I'm running in a 1st gen cloud key which doesn't support unifi network v8. So still on v7. I'm actually working on migrating to a self hosted so I can get the new features. Though I still feel it should be able to do it
Love the new UI
But it would really be great if it allowed you to show a 3rd party Gateway in the Topology map. It knows what the Gateway ip is and showing it where it connects would make this Product really polished.
Not everyone can run a Unifi gateway.
Thanks for this Unifi update, just out curiosity what switches should you use for HA environments?
So basically this release is bringing old features back into the new UI
Pretty much. As soon as I saw the release notes, all I thought was "It's about damn time!". Seriously, what took Ubiquiti so long to bring the legacy features to the new interface?
I mean at least they are bringing them back.. Usually companies remove features and never bring them back.. Or charge you extra to access them. lol
😂😂
My big feature here is that WPA2/WPA3 Mixed mode will work on 6GHz devices now (also together with non-6GHz devices in your network mixed together) so you can keep using your WPA2 compliment clients together with 6GHz cliënt devices.
Some really great usability features here. I'm really looking forward to MLAG support
@@tdwhite93 I haven't seen any indication either but hoping it comes soon. Like you, I have environments that would really benefit.
Lawrence, love the videos. Keep ‘em coming. Would you still recommend putting pfSense before the UDM Pro in 2024? If yes, are you planning on an updated video of the pfSense + UDM Pro? Cheers!
I wish they would add round-robin routing like pf has
Maybe we have a lot of sites on a small azure VM but this update took a good 15 minutes + to run on our server. But it fixed that weird pausing thing for me too.
Love the Cat 6 T-shirt
I may update just for the topology change. I have way too many devices to see easily in the vertical arrangement.
BGP is coming soon as well.
That is what I forgot to mention! Thanks
Whoa!
Hmmm I'm looking forward to the UI update in a month or so when we finally roll over to the system on our self-hosted controller. A lot of good additions with this update... now lets see if they fixed the false-positive rogue AP alerts.
Updated my UDR and ever since then the CPU utilization is now averaging about 50% or more. Prior to the update, the utilization was typically under 25%. I have not noticed any specific issues related to the increased utilization, and everything else is working as it was.
Hi Tom, I would love to see HA-Features on the one side (my Core and Distribution Switches from Cisco are getting old) and on the other side I would love to see the network graph include devices detected by LLDP, so current gaps where non-UI equipement is used could be closed. Still waiting for real Layer 3 on switches, because the current state is just marketing. Cheers!
Nice one Unifi
My favorite feature would be a stable version. Looking for this since I bought Unifi stuff years ago. Can’t remember any Version where all features works as expected.
A super important not so emphasized by ubiquiti note.
While they have added OSPF you CAN NOT run OSPF over an IPSEC tunnel just yet. This is coming according to their notes.
However they push you to use site magic if you need to do this without mentioning that site magic is only available between ubiquiti devices. Leaving folks with a multi vendor environment hanging out to dry.
I hope they will add application based route it will be very useful
DNS over HTTPS! Whats taken so long!!!!!!!!!!!!!!!! thanks for the review
oh horizontal topology... FINALLY
Has this update resolved the captive portal loading issue?
Would like to hear your thoughts overall with this new release.
What you're waiting for has always been in the Edgerouter line. Command line only in some cases, but totally doable, and most network engineers I know prefer the command line over a gui so we can drop a script in and go.
I am a 1 man MSP/show and don't have time for CLI whilst deploying. You are correct in how much better it is but not same target - that's good for a place for an IT guy.
@@FrankChibu I would think that as a single person shop, you'd be even more interested in automation. That's a whole other discussion. Also why I specified network engineers, GUIs just slow us down and tend to more mistakes....
I don't want to be the guy that takes down a chunk of the Internet by messing up a BGP route! 😱
My last corporate job my title was 'Network Engineer'. It sucked. I'd rather boots on ground deploy ALL IT , config, get home, check and tweak. Then another job tomorrow. Each is different, if this UI stuff is setup right for a small office it will run fine for a long time.. 500 miles in the car tomorrow for a 15 camera gig :) @@TravisHershberger
My topology display is off, 2 devices on a port and in the wrong place , had a pc by mistake connected throught LAN and WIFI , AI kicked is , STP loop , nice but loop is not present anymore but the topolgy is not corect, googled on this and many people have this problem can not solve it.
a better support for Ipv6 (especaly in wireguard server) would be a really nice to have
Isolate networks - does that need a switch with layer 3 capability or is it independent of hardware?
You need a UNiFi switch that has support for that feature.
Is in release candidate still. It has to be paired with UniFi Switch 7.0.44 in order to use ACL.
Layer 3 UniFi switch needed for ACL
how is a loop AI ?, its spanning tree that detects this , i doubt what AI could bring into the eqation.
Any body else catch that known issue item? OSPF default route redistribution is ineffective, this will be fixed in UnifFi OS 4.0? Makes me wonder just how stable their ospf process is. BGP next? Maybe they should bulletproof ospf before tackling bgp.
can you upload a firewall list like phole to it, we can with pfsense, that would be handy if unifi can just replace the pihole with easy to update rule lists.
i had pihole for a while but the downside ot this was that google search results when shopping were blokked and i had to whitelist to many things that is decided to remove it again. i now use ublock in web browser, did not try the new ad block in ubnt , but i think that you need to use the dream machine as DNS server otherwise it can not filter out the request.
If I'm building a network stack from scratch (small business), would you recommend Unifi?
My other option would be firewalla + switch. Either unifi, AIO, Omada etc.
UniFi does work well for small business as long as it has the features you need.
Still waiting for the day when UniFi and UNMS/UISP devices play nicer with each other and learn to share. It'd be so much more convenient to get port info about what's plugged into an EdgeSwitch from the UniFi controller, but I'm not holding my breath.. 😅
My home network system is all Unifi, and I'm using the USM-Pro since it first came out. The topography has been consistently wrong, and the UDM-Pro ports constantly rack up errors. I have replaced cables several times, use cat 6, and the errors persist. I also get lots of mac's showing up in the device screen that I am fairly sure are the mac's of the switches. Anybody else seeing weird stuff like this? I've had an ongoing dialog with Unifi support going on two years and they have been pretty much useless helping me determine the root causes of these issues...
VRRP would be nice
Not related to this video, but it's your latest....
I tried searching CZcams for a video on "how to move a Truenas (core) VM to bare metal" but haven't really come across anything, do you have or can you do a video on this and while you have the hardware running maybe vice-versa for those who need that?
Or if anyone else knows of a good video on this and is willing to share. I'm under the impression I can just make a backup of my current setup (including "secret keys" and all) then build the new system and import the backup and be done, but I think I tried that once going from bare metal to vm and it didn't work, i could be mistaken though.
Thanks!!
still no MLO for wifi7.... And Wifi 7 vlan still bugged with EA FW.
I hope they add OSPF to their layer3 switches so we can propagate routes between campus p2p. Also proper switch stacking.
You really should move to a better product at that point.
@@ikiris9456 I agree and do. Typically Cisco cats or Meraki. However for clients with a more limited budget I would love to build a more robust setup.
8.2.93 Where did the left hand networks tab go!🤔
New install on UDM Pro (UniFi Network Application 8.1.113)
Some parent device is wrong, also DHCP on mobile wifi subnet is oddly(some device just 169.254.X.X, but some work fine).............
Side panels, finally again!
Hands down the best feature to come in this update is OSPF, however limited in scope UniFi's current deployment of such a great IGP is at the moment. I can only hope that VRRP and a fully-featured OSPF are in the pipeline.
Hands down or pants down?
I just want them to actually support OSPF over IPSEC tunnels properly.
Custom SOURCE NAT is Still Missing !!!
Still no „disable NAT on WAN“ … 😒
Still no multiple DNS records or wild card for local device
Do you think the performance of the Dream Machine with this last version are enough to manage a large school network with 55 AP and around 2000 device connected on three SSID (teachers, students, guests)?
I would go with something bigger.
For example ?@@LAWRENCESYSTEMS
fully automatic vrrp should definitely be the main priority as the next big update.
Honestly, who cares about ospf/bgp within the UniFi solution.. If you have multiple routers and require those routing protocols, you're not using UniFi anyways as you require much more fine grained options for pretty much every single thing in UniFi..
Because some folks may be looking for multi-site capabilities and not want to deal with static routes when perfectly capable routing protocols exist?
Not that asinine of an ask.
They broke the site-to-site IPsec VPN feature in this release.
Don't update during business hours and make sure you have a checkpoint or backup to roll back to
Where did you get that shirt?
lawrence.video/swag
what is the best way to get in contact with you for consulting? I've tried email, but it seems it's not getting though
lawrencesystems.com/hire-us/
@@LAWRENCESYSTEMS we did, but unfortunately never heard back
Nice, they finally conquered their fear of adding layer 3 functions. Now, they need to fix their product naming team so that they can come up with practical names and models. Maybe go with series numbers and less "ultra" and "enterprise."
I did the upgrade today from 8.0.28 and now it's all gone bust 😖
No more access to the web application. I guess it's due to MongoDB 3.6 but can't be sure. Been trying to fix this for hours to no avail.
Not even creating a new VM on Proxmox and starting from scratch seems to work since it als fails on MongoDB 3.6. All input is welcome :-)
Build a new controller and import the backup file czcams.com/video/LP4dIl8Y_Xw/video.htmlsi=PgGLTqnrILnZOo1w
Just checking in .....Great to see you're still making the killer vids!!!! ....maaan....Hair is on fleek, or whatever the kids say these days : ) Open Shortest pATH First - Ha!
Did anyone notice the BEER wifi has a client connected to it called Big Fucking-T.... ? I laughed at that!
Not sure what I was supposed to call it,it's a really big TV 🤣
haha details, details.. Wonder if he knows that IW has an FE link, and has a less-than-optimized experience :P
They have ha for there firewalls. Yes you need to swap one cable but is there and they are working on making it a true ha without changing cables.
Warm spare is not the same as a true HA setup.
@@LAWRENCESYSTEMSagree, but this is what they are advertising and trying to do. Hope they finish it soon.
@@LAWRENCESYSTEMSagreed a warm spare does you no good for true fault tolerance. You may as well just keep good backups and have a unit sitting with no power it’ll be just as useful in my opinion.
Yeah rotate
Man UI stuff is the only game at that price, but so many quirks that can waste a lot of time deploying - this is mainly with the cameras. 1 problem, resetting the cam etc costs you 15 minutes, I quit prepping cameras with updates ahead of time. The Mesh ACs are a bit whack - hopefully this major network update helps them sort. They caused me a LOT more problems than helped when I tried to 'mesh' them.
Aruba Instant On isn't a bad alternative for the price, the GUI is far more limited but you can get enterprise equipment with life-time warranty's and really solid products for a much better price than their higher tier products.
You just need to be really careful with how many devices you are hosting as there are hard limits with the product, its about the only downside I've seen with it thus far besides the above mentioned interface. A really good value option though that provides enterprise equipment.
Dear Unifi.
I only have so much money. I don't have Unifi switches (at the moment).
Please for the love of all that is holy let me add a dummy/manual switches to the topology layout so my Unifi APs don't somehow nest inside each other and completely break the topology layout.
Just let me add a 3rd party switch, say how many ports it has and link the AP to the port so the layout is correct. I know where things are connected. I can manually update it for my small home network.
Thanks
first
The lack of MC-LAG in their switches is a showstopper for me. They're nice toys and I wouldn't mind using them at home, but they have no place in a business environment.
love ubiquiti and i will always love them more
Second!!!!