2022 Complete Unifi Setup Guide
Jun 10, 2024What's up guys here with mts and this is the
complete
2022
unifi
setup
guide
. Now if you're not familiar with ubiquity, they use something called software defined networking or sdn and for the sake of simplicity that basically means we have a central controller. which manages all of our devices to create a simple management interface for all of our network equipment that provides a single pane of glass, a single place for you to change all your settings, things are synced between devices, port profiles are synced, the VLANs, everything, it just makes management so much easier Now it's easier for the heart of any Unifi network to be the controller, and for the controller you have several options.
You can host the driver yourself on any PC, Mac or Linux. Ubiquiti makes the software freely available for download. You can also use one of their hardware devices, like the Cloud Key Gen 2 or Cloud Key Gen 2 Plus on 179 and respectively, but we'll use a pro se dream machine that handles several of these functions for us, including our controller, the second thing that What we have in almost any network is a router or what is taking those packets, those bits of information and sending them where they need to go, what is giving each device its address so that things know how to communicate again, that is being handled for the machine of our dreams. pro se here the third thing we are going to need is a switch or what will send our network signals to all of our devices which again are managed by our pro se dream machine and which also includes four poe ports, now poe is power . over Ethernet, which basically means you can have power and data over a single cable, so when I go to connect an access point I don't need to run two separate cables, I can run it all over one cable if I don't you do.
More Interesting Facts About,
2022 complete unifi setup guide...
If you don't have a poe switch, you can use something called a poe injector, which basically just takes a regular network signal, injects power into it, and then delivers it to you over a cable, so you don't have to have a poe switch. I recommend. having a poe switch largely because managing poe injectors becomes a headache when you have more than two now. One of the nice things about having a poe switch is that you can reboot devices remotely if a device is misbehaving or not working. By responding to your commands, you can enter the controller software, select the port on the switch, and press reset or poe cycle.
What that does is cut off the poe power to that port and then re-enable it and effectively reboot these devices without you. having to go down to your engine room and fumble around with all the wires on, I think this is the right time. We unplugged it, this makes things much easier again and our dream machine is now taking care of it along with our built-in udm pro ses switch. I'm also setting up a small 5-port desktop switch from ubiquity, the usw flex mini. Now this is a small five port gigabit managed switch that is powered via the included USBC power adapter. or via poe on the first port of our dream machine or any other poe switch we have now.
The fourth thing we are going to need is some type of access point that will take the signal from our wired network and convert it into wi-fi for all of our devices, like phones, tablets, laptops, little nintendo xyz switches, everyone. which connect and for that I will use a u6 lite and a u6 professional now because our pro se dream machine has a built in network video recorder or nvr. I'm going to set up a couple of small security cameras from Unified's protection line, the first being a g3 flex. This is a small 1080p camera that only gets power from poe and an instant g3 that gets power from the included usbc wall. adapter, but you can also get an 802.3af poe adapter, but this is a Wi-Fi only camera, it won't send your data over the network cable, it will just draw power from it, but again, I'm just going to be using the adapter USB wall socket included, now you don't have to use all the equipment I have here.
You can change these security cameras to whatever best suits your needs. Let's say you need a good bullet camera right above your garage or something. the main entrance to your office building, but you can substitute one of these cameras for the bullet g4 or anything else from the ubiquiti line. Need more switch ports, just add a different switch. The adoption process is the same. The
setup
process is the same for everyone. Of these devices, mix and match to your needs now, in addition to swapping or adding additional cameras and switches, you can do the same with your access points.Ubiquity has a number of access points for almost any use case. Need some outdoor wireless connection. Well, go with your mesh pro series or your regular mesh outdoor access points. You can also use your professional access points, the u6 professional or the apac pro, outdoors, as long as it's not directly raining and you have the rubber plugs in place now. dream machine pro and dream machine pro are varied in three main ways: the first is that the four gigabit ports on the front panel of the pro are poe so we can power devices like access points and security cameras without needing an external poe switch .
The second is that the RJ45 WAN port on the Pro SE is 2.5 gigabits instead of just gigabits on the regular UDM Pro. The third difference is that the udm pro se has 128 gigs of internal storage that you can use to
unifi
protect recordings compared to the dream machine. professional that requires a hard drive to be able to make recordings now I would recommend a pro se that also uses a hard drive because 128 gigs fill up very quickly as soon as you start working with high resolution security cameras. I happen to have the pro here, but Through a little movie magic, we're going to pretend this is pro se, but with that being said, let's go ahead and plug everything in and jump into the controller settings, so the first thing we're going to do is connect everything. and connected now, this is where we run into the first difference between my setup and yours, and that will be how your Internet Service Provider or ISP delivers your Internet connection to you, which will most commonly be done through just a standard rj45 cable. and if so, you can just plug it directly into the front port of the pro or pro se dream machine, but in some cases they may pass the internet connection to you via fiber.This will usually be done if you have a faster connection than a gigabit internet connection, I only have a gigabit internet connection, but again as a demonstration I'm going to use the sfp port and it will connect up here and we can tell by the little indicator light here. We are getting activity on the network. We also don't have the dream machine telling us to connect to the Internet. The next thing I'm going to do is connect all of these devices, so I'm just going to grab some network cables. here plug them into the first four ports of our dream machine and we can see the lights on the devices as they boot up.
Now I'm going to go ahead and plug in the instant g3 at the end because this camera has a really annoying ringer that plays at any time, it's not adapted to a controller so just to save my ears I'm going to plug this in at the end but Now that we have everything wired up, we can jump into the initial setup of our professional dream machine and get it online. adopted devices before moving to the computer for more advanced configuration. Now I entered the unifi controller app here on my phone and we can see that it found the professional machine of our dreams again.
I'm pretending this is a se but actually this is a professional dirty machine so I'm going to click configure, it's going to connect to the device and then we're going to be asked to log into our unified account, just a little side note every time you adopt for the first time. Whichever Unify OS console you're running, one of the first things you'll need to do is sign in to your ubiquity single sign-on account or your SSO account. Now what you're going to do is you're going to link your dream machine's cloud key or something to your ubiquity account and I'm going to allow you to use your remote cloud access now.
I'm already logged into the mobile app, so it didn't ask me to do so. However, your mileage may vary. Let's name the device after me. I'm just going to call this last year, I called it goodbye 2020. I'm going to say hope for the future, that's what I'm going to call it and I'm going to turn off analytics and improvements next, I'm going to test our internet connection speed to see what is able to provide us with our ISP again. I have a symmetrical gigabit fiber line, so we should see between 900 and 1000 megabits per second now since the speed test was a little slow.
I have a feeling it was just a fluke with this speed test this guy just ran. I'm going to go ahead and run another one once we get into the advanced setup options using the computer, but for now I'm just going to let this device finish updating, so a little something strange happened. I updated Dream Machine Pro s here. Well this is just the Pro and suddenly my SFP module stopped working. Now I can go ahead and go back to using RJ45, but it's not exactly a good sign. It's quite common in the industry for different manufacturers to have different standards that they use for sfp plus, so if you run into this problem, maybe make sure you get the ubiquiti specific sfp plus modules for now.
I'm going to go ahead and change my fiber internet connection to rj45 now that I changed my fiber connection to rj45, I have a connection to the pro se dream machine here via the mobile app. Now, rj45 is generally much less of a headache than fiber and sfp. because different manufacturers have different intercompatibility options for sfp instead of rj45 which is pretty much a common standard plug it in and it works so now that we have a connection to the app we'll go ahead and adopt our devices that we can see. that we have the u6 pro here ready for adoption, I'm going to press adopt device, we have our u6 light and I'm going to press adopt device and our usw flex mini is not on the list, I'm going to go ahead and try to find out.
Find out why okay so our usw flex mini just made the list. I just gave it the old unplug it and plug it back in and it seems to be working, so we'll go ahead and adopt this now with everyone as well. of our adopted devices, I will enter our udm pro se here, wait for the future, and I will scroll down to see its LAN IP address 192.168.0.1 and that is the IP address that we will use to manage the udm pro se. I'm going to go ahead and take that address, plug it into my web browser on my desktop so we can manage the advanced settings on all of these devices to configure our network and dial it up the way we want now that we're on the computer, we can dive into the advanced settings of our Unifi controller.
Now, this website I'm on now is unifi.ui.com, which will show you a list of all your Unifi OS consoles, which are all your cloud keys. They are up to date and the unified machines of your dreams; However, if you are running the self-hosted version of the unifi controller, you will want to go to the controller's IP address or networking. .unifi.ui.com and I will have all these links in the description; However, if you have connected your computer directly to the Dream Machine Pro, I would recommend going to its IP address and that is the IP address we found above. 192.168.0.1 however for this I'll just use unifi.ui.com because my computer is on a different network so we can move on and be hopeful for the future.
I'll just click on network and we get to the dashboard page of our dream unified machine, now we can see the four ports that we've populated here with all of our devices, as well as our internet connection here on the rj45 port, which is pretty good with the new graphical user interface. I'll show you exactly what port things are plugged into, we can go down here and go to our unifi devices, so these are all of our access points, switches, cameras, all that stuff and I'm going to go ahead and start renaming our devices so they have a more friendly name, so the u6 pro will go to the living room, so I will call this hotspot the living room, cool hit, apply u6 light settings, device name, I'm going to call this garage like that.
It will go to the garage, scroll down, press apply changes and the usw flex mini. I'm going to put this behind my TV, so I'm going to go to settings and rename it tv switch now that we've given it more. of a friendly name for all ourdevices, we can go in and start configuring our networks and now we will create a VLAN pair. If you're not familiar with a VLAN, it's essentially a separate network from your main network with Selective communication between two or multiple can have over 4000 VLANs, that's crazy, but the reason we would use something like a VLAN is a for safety and two for congestion.
Now network devices are quite chatty and like to talk to each other. Do you have this IP address? Yes, I have this IP address. Hello, who is the router? I am the router. Stuff like that and that's usually not a problem on a home network; However, if you're implementing something like ubiquity or unification, it's probably because you have more devices or need more than a simple ISP router can give you, so we'll try to deal with that congestion now. Congestion on a network is not linear, it does not increase linearly as you add more devices. increases exponentially because all devices also like to talk to each other, so we will use some VLANs just to simplify our lives a little.
We are going to go to Settings and it wants us to first create a Wi-Fi network, however, we are not going to do that still. Let's go to Networks and create a new network. call this our iot network or internet of things, so this is where all of our little smart plugs, smart tvs, those things that are generally less secure than something like a desktop computer or a phone, if you've seen all the big ones Chromecast tricks. or the printer hacks that kind of thing, this is to make sure that if one of those devices gets compromised, it doesn't have access to the rest of our network where our computers are, phones, tablets, that kind of thing, so I'm just going to call this.
No, we're going to disable network auto-scaling and I'm going to change this IP range to 192.168.107.1 with a netmask of 24. That's going to give us 254 usable IP addresses or 253, then we're going to come. Go to advanced settings and click manual and VLAN ID. Now I'm going to change this VLAN ID to 107 just because that's the standard IoT VLAN ID that it uses and we want to make sure that mdns is enabled or multicast. dns now what this is going to do is allow devices that are on our main network to discover devices that are on the iot network, which is important for things like Apple TV and Chromecasts because if the device was on a
complete
ly separate network , we wouldn't have the ability to cast from our phone or tablet to the TV, enabling mdns or multicast dns allows that communication to work, so we'll go ahead and leave that enabled and I'll click add network, all good.The IoT network has been created, the next thing we will do is create a guest network for any guest that comes to my house now, if a guest comes and has a virus on their laptop, I don't want that to happen. able to access devices on my network, so we want to make sure they are separate from my network. I want guests' devices to be theirs. All they need is Internet access. They will not have the ability to control my network. Chromecasts aren't going to have the ability to talk to anyone else on the network, they're just getting the Internet, so let's go ahead and create a new network.
I'm just going to call this guest network. I'm going to disable the auto scaling network and I'm going to change this network to a point 10. So we're at 192.168.10. then I'm going to go into manual and I'm going to change this VLAN ID to 10. I usually try to make my VLAN ID the same as whatever, so we're also going to apply guest policies by creating a guest network now, which they do guest policies is basically telling devices, hey, you're on your own, you can't see any other devices on the network, the only thing you can see is the Internet, so let's say I have Billy's iPhone and Jimmy's tablet.
Those two devices can't communicate with each other even though they are on the same network, which is exactly what we want for a guest network. I'm also going to disable mdns because I don't want them to communicate with my Chromecasts. or something like that, everything else looks good. I'm going to go ahead and click add network. Now let's go ahead and create one more network. Let's create a network for our cameras now because these cameras are working. being outside is an external ethernet connection that's the ability for someone to access that camera line and get access to our entire network and we don't want the cameras to really just talk to the nvr or the dream machine so let's go to configure a VLAN for our cameras.
I'm going to go ahead and create a new network. We will call these cameras. Disable network auto-scaling. We'll just set this to 2. In fact, I'll change this. to 20. go down to the manual here change the vlan id and disable mdns and we are ready to go now that we have all our networks configured it's time to create our ssids or wi-fi networks that go along with all our wired networks so which I'm going to go to wi-fi and by default it's going to put us on the lan network so this will be the network or the wi-fi network that all my devices will connect to.
I'll be on our main LAN. I'm going to go ahead and call it mts and for the password I'm just going to use password and all the other settings are actually pretty good out of the box so I'm not going to bother changing any of these. I'll just click Add Wi-Fi Network. Next, we'll create our iot Wi-Fi network for all of our little smart plugs, Chromecast smart TVs, whatever connects to create Wi-Fi. fi network I'm going to call this mts underscore iot and for the password I'm going to use another password, but the iot password just again to test, don't make your password something like this and for the network we're going to select iot Now, what What this network configuration does is that any device that we connect to our IoT Wi-Fi network will be downloaded to our IoT network, the actual back-end network, so I'm going to change these settings here a little bit.
I'm going to go to the manual and I'm going to disable 5 gigahertz. I've had issues with smart devices in the past not having the ability to see a combined ssid, so a combined ssid is when you have your 2.4 gigahertz and your 5 gigahertz names are the same, so they appear on their devices as a single network. However, I've had some issues with smart devices not liking it if they can't connect at five gigahertz, so I generally do 2.4 gigahertz-only IoT networks and all of these. other configurations look good. I'm going to go ahead and click on add wi-fi network and for guest wi-fi mts guest and I'm just going to make the password welcome as guest so I'm going to put them in the guest network or guest network and all these settings They look good so I'm going to go ahead and click on add wi-fi network and just like that we will have all of our main networks and wi-fi networks set up, however our iot network and our main network can still communicate.
We haven't told you that you can't do this on most network equipment now. The default rule is to block traffic or have no rules configured except with ubiquity. Its default policy is to allow traffic between everyone. Vlans, so we need to tell you not to do that, so we're going to go ahead and get into the firewall and the firewall security rules. Let's click Add. Let's say Lan in the description. Block iot from Lan. We will click reject or discard all traffic from the iot network to the destination network and that should be it, save the changes.
Now let's create one more rule which will simply be an iot lan block to drop all lan packets to the iot destination network and apply changes and last but not least we need to create the firewall rules to the camera network so that it cannot communicate with any other network, so we will create a new lan rule on the block cameras. from lan we are going to click on place network cameras on lan network and press apply and we have to do the same for our iot network too, so lan on block iot cameras drop iot network or iot network cameras and that should be all our LAN rules that we need now, we simply block all traffic from our iot network and our LAN network from being able to communicate with each other except with mdns.
Now there is some traffic I want to allow. I have a Plex server set up on my main network and I want devices on my IoT network, specifically my Apple TVs, to be able to see my Plex server, so if you know the port I use, it's 32400, that's the default port Plex uses if you don't know. If you don't know what port your app uses, usually a simple Google search will be able to tell you, so Little Casa's smart Wi-Fi plugs use port 9999 Plex, they use 32 and Minecraft servers are usually on two five five six five, for example, a unified controller. it's on port 8443 and port 8080.
So if you know the ports you can make the networks talk to each other so I'm going to go ahead and open up the iot network so I can see my plex server with that I'm going to do. create a new port and IP group and I'll just call this port and IP group plex and plug in the details of 32400 so I'll go ahead and enter plex and 32 400. Click add and hit apply changes now if we get to the profiles, we can see that we have our plex port and we count one, so to apply this rule to our iot network, we're going to go ahead and create a new rule.
I'm going to change this. for lan in description allow plex in iot before predefined rules and our source the source is where the traffic is coming from or what network is making the request because our iot network is going to make the request we need to change this to iot network and We're going to allow the destination to be a port group, a plex port group, so this will ensure that any device on our iot network can connect to our plex server on our main network, but nothing else, and let's go. To apply changes now that we have all of our firewall rules configured, we need to go ahead and change the priority of them.
Ubiquity works on a highest priority basis, meaning the higher you are in the list of firewall rules, the higher priority you have. So, because we have our blocking rules above the allow rules, everything will be blocked on our iot and lan network before plex is allowed through and we don't want that to happen, so what we need to do is do is move this permission. plex in iot is on top of these other rules and we can do that by just grabbing it from here on the side and dragging it to the top now that should remove all of our firewall rules except for now we're not taking advantage of one of the key features of udm pro and is traffic threat management, so we're going to get here to threat management and we're going to select detect and block impact, apply one of the things I forgot to mention is that you If you want to change the sensitivity of the system for threat management , they have three built-in profiles, low, medium and high, as well as custom, where you can manually edit the threat categories, such as blocking trojans, dns, user agents, web servers, icmp, ftp, really whatever you want.
It occurs to me and we're done. We now have a fully managed and configured unified network that should be up and running. That being said, let's do a test. I'm going to run a speed test on my desktop here just to see what we're getting a one millisecond ping on our wired network. I have a symmetrical gigabit fiber line that runs to my house, so we can see that we are getting about 900 megabytes of download and let's see what our load is and we are getting very similar numbers. In our upload, by going into the Wi-Fi settings on my phone, we can see our mts mts guest and mts iot networks.
I'm going to click on mts and type the password, which is just password, so I went ahead and connected to our mts network and I'm going to click Go. Now I'm using an iPhone 10, so I can't take full advantage our six Wi-Fi access points, but still 213 below plus 100 200 something more, more than enough. for a phone Now that we've made sure our Wi-Fi is working, I'm going to go ahead and start configuring some VLAN profiles on our switch. Now, if we move on to devices, remember that I now have this TV switch. The goal with the little five port mini flex switch is to put it behind my TV and have one port as an uplink and three ports that are on the iot network for my TV sound bar and my Playstation and then I want to have that fifth port on. my main LAN to set up something like an HTPC every time I do VR in the living room, so I'm going to go into our switch settings and port settings, select port 2 and let's go put it on iot and press apply changes, I will do the same with port 3, apply changes, iot ports and apply changes and then for the last one, I will make sure it is on my LAN, apply changes and Just like that, now I have all the devices that are will connectautomatically to the IoT network as soon as they connect.
Now that we have changed all the port settings on our TV switch, it is time to do the same for our safety. cameras, if you remember, we connected that little g3 flex camera earlier and now that we have our own dedicated camera network, we need to make sure that that camera is connected to the camera network, because it is connected directly to our udm pro se. To be hopeful about future configuration ports, the first port, the flexible camera is only 10 100, so it's very easily identifiable here as this 100 megabit connection. I'm going to change the port profile to cameras and press apply changes now that we have all of our network settings fully configured it's time to set up Unifi Protect so let's hope for the future our little cookie up here and we're going to select Unifi Protect and this is the protection panel that doesn't I don't see all the little ports occupied on this board, but you can see the little pictures from the camera when it detects motion.
I've got the camera right behind me here, so let's zoom in on the devices and we can see our little g3. flex and we can open a little live view now let's change our unified protection settings so that way it's something that makes sense because by default ubiquity doesn't have any information about this camera it just shows the ubiquity logo or the unify, that's a bit stupid, so let's move on to recording here and the recording quality maxes out everything at 25 fps, better image quality if you're using a lot of security cameras in a business environment you could probably reduce this to about 10 fps , but since I only have a handful of cameras and a one terabyte hard drive, I'll just change the settings on everything so that the image quality is 100, frame rate 25 fps and tell you.
By default, it always records on the detections, but I prefer to always record and then alert me about detections so that all these settings look good. You can set up privacy zones, so if there's something you can't film, say you have a camera. outside and you don't want to film like the house across the street or the business across the street or especially like a highway, if your camera is facing a road, you don't want to trigger motion detections from all the cars you drive. they pass by there. So you can set up a privacy zone and that's essentially a little mask where the camera won't record, basically blacking it out.
However, I don't need a mask, so I just discard the changes next thing we do. What we're going to do is change our overlay settings because this unified logo here isn't very useful, so in settings we're going to change our overlay information, disable the logo because that's stupid, enable camera name and time because it's actually useful information and press apply. changes, I'm also going to disable the status light. I don't like having status lights on my cameras because let's say it's an area with a lot of foot traffic, if someone wants to rob me, they see the light on the camera all the time. time and then on the day the camera light is off, hey, it's probably off, that's a good opportunity, so I don't like to give more information than necessary with my cameras, so the status light goes off. turn off, you also have the ability to disable the microphone permanently now, disabling the microphone permanently will disable the microphone, but to reactivate it you will have to manually reset the camera approaching it and hold the reset button if you want to turn it back on. turn on the microphone.
Now this is usually done for a reason and that is that some jurisdictions do not allow audio recording on security cameras because it violates people's privacy, so make sure you are aware of the security camera laws in your area. area and I'm also going to go ahead and rename this 2 bedroom g3 flex because it's just going to be a camera that's going to keep an eye on who's coming in and out of my bedroom. The bathroom in my bedroom in this apartment is actually the bathroom you're expected to use if you're like a guest coming over, so I want to make sure people aren't walking down my little hallway to my room, they're just using the bathroom, so I'm going to follow this here in my room now that we have our g3 flex set up, let's go ahead and set up our little g3 instant.
Now our g3 instant is a small wi-fi camera and will simply connect to our main wi-fi network. I could put it. I'll connect it to the iot network if I wanted to, but I'll put it on the main LAN. I have no problem doing this and I have no problem with it not being on its own VLAN because it is a wireless device. people won't be able to use that camera to easily connect their laptop, well, easily connect their laptop to my cameras and get access to my entire network, so since it's probably a wi-fi camera inside my house, it's okay just being on the main network now I went ahead and plugged in my little g3 instant camera and pretty soon it will boot up and you can hear the uh yeah this doesn't go away but we can see that our website here has I found the G3 Instant so which I'll go ahead and click on it and hit Adopt Device and hopefully it will close now that our little G3 Instant has been updated.
We'll go ahead and change the settings. Also, record again always records with quality, image quality, 100 motion detection settings. I want one second of movement to be required to count as movement. We will tell you to record 10 seconds before, 10 seconds after and apply the changes. We're also going to come here to our settings. uh, I'm going to turn off the status light and change our overlay information. I'm going to call this living room and press apply changes. Now I forgot to change our motion settings on the flex g3 camera, so off I go. to go ahead and do that now go to the recording motion detection settings in bedroom 1, 10 and 10, apply the changes now, this doesn't really matter because I'm recording all the time;
However, if you have multiple cameras, you may want to conserve disk space. and not recording 24/7, then these settings become very important, that way you make sure you know the person driving, make sure you know the person you know after they've passed next to the camera simply recording and thus protect unifi. is set up, we have a camera system and a network system ready to go and now that we have everything set up we can manage our network and view our recordings remotely using the unifi network and secure apps on our phone or using unify.ui. .com as well as the hostname of the controller, but anyway guys, thanks everyone for watching, if you enjoyed this video, go ahead and leave a like if you really liked it.
They want to see more of me in their subscription, but then they can move on. and subscribe. I'll have links in the description to all of the products I talked about in this video, as well as the tools and wiring that I use when I do these jobs at these facilities while you're there. Go ahead and leave a comment, let me know what you think about this
guide
. Is there anything I could have included or what you would have done differently after watching this? If you find any of this too daunting for you. I offer a network.Consultation as well as full remote setup, you can visit my website millermediastl.com and click on the Get Started button, but anyway guys, thank you all for watching and I'll see you in the next one.
If you have any copyright issue, please Contact
