Unifi Network update 8.1.113 : Switch ACLs, OSPF
Vložit
- čas přidán 5. 08. 2024
- In this video I take a look at the new Unifi network application update 8.1.113. This update brought a bunch of new features including Layer 3 switch access list, OSPF, NAT Pool and more...
Unifi Network application 8.1.113 release notes:
community.ui.com/releases/Uni...
▶ Ubiquiti affiliate link :
store.ui.com/us/en?a_aid=MacT...
▶ Hire us on our website
mactelecomnetworks.com/
▶ Watch my VLOG channel:
/ @techntails
▶ Join our Discord Channel:
/ discord
------------------------------------------------------------------------------------
Affiliates I use:
▶ VOIP.MS
www.voip.ms/en/code/Mactelecom
▶Canadian Amazon Store front:
www.amazon.ca/shop/mactelecom...
▶USA Amazon store front:
www.amazon.com/shop/macteleco...
▶NordVPN:
go.nordvpn.net/aff_c?offer_id...
------------------------------------------------------------------------------------
▶ Find us on social media:
▶ Instagram:
/ mactelecomnetworks
▶ Facebook:
/ mactelecomnetworks
▶ Twitter:
/ mactelecomn
▶ TikTok:
/ mactelecomnetworks
▶ Linkedin:
/ cody-maccallum-29311b6b
▶ Twitch:
/ frozil3
0:00 Intro
0:52 Network viewer
3:26 Layer 3 switch Access list
7:38 Topology Rotation
8:09 OSPF
8:31 Changes to Firewall rules
9:50 Side tabs
10:26 Pro max breathing
10:52 Final thoughts - Věda a technologie
Once Ubiquiti releases the next firmware that brings more fine grained features to L3 ACLs (already confirmed by Glenn@UI), it would be cool if you did a new video on setting up a network with a UDM SE, an L3 top switch, and a couple L2 switches, and a wifi AP or two, and a NAS. Then show everyone the best way to currently set everything up in the newer user interface as far as how the physical layout is, the newest way to do wifi SSIDs with multiple passwords to send clients to different vlans, using the L3 switch as the vlan router to take load off the firewall, using ACLs for securing the vlans, and adding some traffic rules on top for internet related traffic stuff. There have been a lot of new features the past 6 months or so, as well as major UI changes, so I think a new video will be in order that includes all the newest things.
Until they add unidirectional ACLs I view them as pretty useless. I can't isolate my IoT VLAN from my management VLAN without also isolating management from IoT. From another channel's review isolation generates two rules, one for each direction, suggesting that the underlying hardware supports one-way rules. That this isn't exposed in the GUI is inexcusably lazy, as I doubt that would have been more than a couple of extra hours to write up properly.
This version comes loaded with improvements, I think we'll need a new full setup video as they've moved many settings around. On another note, I want to take this opportunity to thank you for all the help you provide us with both these informative videos and the tutorials, Thanks!
Nice, I would love to see how you do routing and firewall rules with the new simple and advanced... Especially intervlan communication vs. Isolation
This Update is, or will be a huge step in the right direction, again! I dont't really have a use case for OSPF or the ACLs in Unifi, since I don't use any Layer 3 capabilities of Ubiquti. For me, the best feature is that they brought back the side tabs. I loved them in the legacy UI!
ACLs and OSPF!!! Finally!! Great update, great video!
sorta.....
@@rezenclowd3 Haven't dug into the change logs yet myself: What is missing this time?
@Timi7007 he states in the vid. Acl applies to entire network/subnet. Ie if I want to only allow 1 devixe for mgmt or say 1 printer, you can't.
@@rezenclowd3 Oh, right! But I can still use firewall rules for that.
@Timi7007 which is slow, unless your using a vpp firewall/router
WOW! OSPF and BGP coming, L3 ACL? They are crushing it. Combined with their site support offering this will let them go up market a bit for sure. I was looking for some alternatives and I think this may mean no need.
Will start testing 8.1.113 soon! Nice video!
Just went Network 8.2.93 and remembered your channel and came back to see if there is any new video on new releases. Would really appreciate these for new releases.
Loving these changes Matt. Thank you!
Great update - lots of new features - thank you
A new video build with the new setting will be great....thank you for your great videos Bravo!!!
great update from Ubiquiti & great content from you as well :)
The advanced FW rule layout is huge for those of us that deal with FWs often and are used to seeing this type of layout for security management.
Nice summary Cody. Keep up the great work!
Vertical topology! It’s about time!
Thanks for the update. Next I'd like to see MLAG support from Ubiquiti
🇵🇹 Many thks for this update !! 🙏🏻😁👊🏻
as usual pack and loaded with content while keeping good timing
Thx for the short overview
When will they allow uploading icons for devices?
as always top vid. what would I like to see? multiple taggable VLANs on WAN please :)
Thank you.
Suggestion, give an example use case for new features.
This was great, thanks Cody! I still don't know if I should migrate to L3 yet, I am thinking no until we have more controls over the ACLs.
Finally getting there - we put Mellanox switches in the core. Having the chance to go OSPF when talking to the access layer is kind of a sexy step forward.
Thank you very any update on the reporting ,creating custom reports
Thanks for the update Cody. Maybe instead of one big configuration video, maybe you could break it down into smaller topics and tie them together with a Playlist. It might be easier to make and update the videos
I agree. I also hate making long videos 😂
yes. full build video all the way.
I’m holding off on creating firewall and traffic rules - selfishly - until your next full setup video, since you do an excellent job highlighting key features and easy to follow instructions!
L3 ACL finally!
te amo, me encantan tus aplicaciones
I'd like to see a new network setup video and if IoT networks can now be better set up with the isolation rules instead of firewall rules
OSPF and BGP and other stuff really are game changer and they started to compete with Cisco
Horizontal topology was always daft for laptops as networks are normally wider than deep like monitors
I'd like to see you release a video showing how to set up Unifi Talk using Flowroute and Yealink phones.
I like the new statistics page , before it was ABC used 1.3gb of data , but you had to check each client until you found the right one , now it show which clients used that data , the threat and firewall rules enforced to user is a little hard to find , but all in all I like it .
Ya I like that to forgot to mention it in the video but a great new addition
L3 ACLs will be very useful. Now we just need stacking to make Unifi a viable option for larger corporate networks.
thanks for the video.... I would like to see how you handle roku devices on the firewall rules. with your current IoT vLan, I can't get it to work and I have to put them on my open FAmily VLan. Same goes with my kids gaming console.
I would like to see full build with the blocking of gateway!
I'll admit that the change which immediately cheered me up was the ability to rotate the topology graph. 🙂
It’s the little things 😂 I love that change as well
Where are IDS/IPS settings found on the UDM SE in this version?
Would I be able to use one of these new features to effectively disable NAT? I really like using a UDM/USG as a secondary gateway behind something else, like a Sophos firewall, but disabling NAT has been such a PITA since the new OS launch.
Awesome update as always!!! Anyone having issues with the new U6 Pros dropping and reconnecting devices at random. Also, having serious issues with wireless IP Phones
I was having connection issues after the last U6 Pro firmware update. My fix was doing a device restart from the UniFi app.
When you do a 2024 setup guide, I’d be curious to know how the new network isolation option compares to the usual custom firewall rules we usually implement for our IoT network and other networks that we don’t want talking across VLANs.
Looking forward to them adding BGP.
Gee, it only took how many years to finally get L3 capability in L3 switches? Still, happy its finally here (although it's not quite complete). At some point someone will try to figure out if it's compatible with other manufacturers which has been a long standing issue.
Rotating the topology!!! Would like to see AI security auditing.
omg topology rotation!!! finally!!!
Oh, sadly the description fields don't show in rotated (or as I like to call it "correct top-down") view.
Please make a new setup vid using new release. One thing though, PLEASE do it from start to finish. Your last video you had done some stuff ahead of time and so it was hard to follow. Please do this from the very beginning as in powering up the device for the first time.
Where are IDS/IPS settings found on the USG PRO 4 in this controller version?
Hey Cody , please make a full setup with Udm pro and 3party switch config like tp link omada switch / edgeswitch
Thanks for the update, well, not you, but the update on the update 😂😂
Visualization of FW rules is improved so now it's time to improve logging of the rules!
If L3 switch routing via the GUI ACLs is configured, are any network statistics and information sent to the router so that we can still view activity within the network application?
Would love to see a speed limitation for different networks not just sogar clients and also a download limiter per network per month
What’s the real difference between selecting isolate network in the network settings to prevent network to network communication and using L3 network isolation (ACL)?
patiently waiting for layer 2 traffic over site magic via GRE
Could you show how to use it with L3 Routing to get Speeds in lan higher than what udm pro allows? Would be awesome! :-)
Rebranding STP to "AI Detections" .... Are they poaching staff from AWS? In v8.2, look for Routing to rebranded AI Roads, and VPN to AI Underground...
Though I love new dashboard, the new UI is finally useful... they're still missing some features, that I have to dip back into the old-UI for, which they really should prioritise.
They aren't rebranding anything. The AI detections is just another place to look at logs for certain things
So this L3 ACL feature is great, but... I noticed that a lot the of Unifi equipment don't support L3. Such as UDR and the UDM SE. So if you want to use L3 ACL to secure your main network, you need to make sure that all your guest and IoT devices are connected through a L3 switch.
So if you have a UDR and you're using the build in wifi, this won't secure what you want. The same if you have a UDM-SE with one or more APs connected directly to it (as it supports PoE). I guess L3 switch features will never come to devices missing it :(
with this update and the 24/7 support, Ubiquiti might soon be seen as an option for Enterprise
Currently the support is only Monday-Friday but its a first good step
ACLs! And the firewall UI is millions of times better.
Since this update nothing but issues. Been running smoothly with minor quirks for a year and a half. Now I can't get portforwarding to work and when dowloading at full speed of my glass fiber connection it loses internet connection. Gotta do a full restart to get it back. Thinking of reverting to my fritzbox again or move on to opnsense or pfsense.
Did they remove the Identity Enterprise from the left side bar in the console settings?
Compared to my version 8.0.28, Gateway and Hotspot Manager are missing in this release.
Any updates on changing the layouts of main dashboards thank you
Not that I know of but would be nice to have customization
Can i tplink eap225 access point in to unifi dream machine pro
I would rly love scheduled vpn access so clients can only get access to the vpn at certain times
Full build video please!!!!
amazing news. Love when im seeing ubiquiti improves so much. This is what it means to care for your customers.
You poor naïve fool.
How often do they push out updates? I just purchased the dream machine pro.
Usually big updates are once every few months. Small fixes maybe once a month
THIS IS AN ORGASM
MEGA UPDATE 💯
Please make a new setup video and if you can touch more in the firewall rule
What’s the benefit of using ACLs versus the firewall rules for intra lan rules?
Using an l3 switch with ACLs takes vlan routing duties off the firewall so that the firewall can be freed up for just internet related traffic. ACLs are also far faster processing than firewall rules because they are handled within the switch ASIC instead of a general purpose CPU like the firewall runs.
@@LordSaliss would this result in a noticeable throughout difference when say, copying files between two VLANs or is it likely negligible?
I’d like to use it for education / learning purposes, but wondering if it’s overkill for the average user (1 switch, a few VLANs)
@@telnetdoogie Likely a tiny bit higher. I believe latency is measured in the high microseconds to extremely low ms range when doing the routing on the firewall, and is measured in the low microsecond to high nanosecond range when doing the work on a basic switch. The very best top end switches that are 100gb+ type now days actually measure sub-100ns packet-in to packet-out latency now! 😳That latency advantage could translate to higher file transfer bandwidth, but how much IDK. It may only matter on things like RDMA based transfers between NVME drives, but UniFi switches do not support the best RDMA method that is fastest (RoCEv2), and instead only support iWARP RDMA. You also need to either be using iSCSI protocol for the transfer method, or have a Workstation or Enterprise version of the OS to get the RDMA feature over normal SMB. So the majority of people wont be able to take advantage of it anyway.
wait, "check off" 5:05? is that a thing or just a Canadian thing?
Surprised I didn’t see North Korea in your blocked countries list :)
I wish there was proper IPv6 support.
this version it, i see unfi access point random auto restar, i dont understand ?
So obviously this is a play (ACL) to make it independent from having a UDM which is a great first step.
That said, OSPF looks very limiting so far.
Who needs firewall rules when you have ACLs
first
Am I the only one waiting for the 2024 full setup vid?
Doubtful 😂 it will be like a month or so from now
the fact that they spent any time at all on toplogy view and it wasn't fixing devices that show up under random switches they aren't connected to is a travesty
Side Tabs copied from Omada, oh wait, Omada copied the whole GUI
I can't see anything because you are using dark mode. Please use light mode for all videos
I’ll have to do a poll on that one. I think lots of people prefer dark mode
I have no issues seeing his screen in dark mode.
Maybe adjust your screen
No issues for me. Dark mode is better
Dark mode all day everyday !
UNIFI IS NOT READY FOR PRIME TIME! You have to use their server and if it doesn't work you are screwed. If you don't have the right Java or if it conflicts with something It just doesn't work. And they have had this problem for over 10 years! SAD! Where would Apple be if they put out such crap!
Sounds like a pain. If only they had their controller software available in some kind of small network device that could manage updates itself, or integrated into their higher end gateways, or even offered some kind of hosting service for it in the cloud
OH WAIT
@@DeusMaximusX ya if you want a extra proprietary device that only they provide then yes. However if you want a switch and wap Unifi sucks.
Man I want real, proper firewall logs! Give us logs, for the love of god 🫤
when MLO rollout for wifi 7?
Nope sure hopefully soon they did show it off at a convention not long ago