@JaredBusch not necessarily abnormal but surely a mix of 3 independent repos.

Just wanted to add @bj to this thread that I think a $100-ish Cloud Router from Mikrotik would blow most hardware away, including Ubiquiti, on pure performance. With the $50 and under models you are still getting 1 million PPS. The new cloud router series really has a crazy amount of power.

This still coming from a pure PPS (packets per second) point of view.

I think the cheapest cloud router has 12 to 16 cores That would only count for the core routers I am more familiar with (12 to 24 now) in the $500 range.

Very poor marketing in the states but very popular with western country WISPS.

Grandstream has an NVR unit as well.

http://www.grandstream.com/products/ip-video-surveillance/network-video-recorders/product/gvr3552

@Mike-Davis said in ubiquiti indoor wifi receiver, any?:

If it was just printers I wouldn't think twice about just using some APs in bridged mode. For PCs I would make sure their (the users) expectations are set correctly and make sure you don't have a some database application that is real sensitive to latency running on the link. As cheap as it is to try, I would try it for one set up and then do the rest if it meets their expectations.

Depending on the units, you can get really good latency on wireless links. but you need good ones. Some people argue that it beats wired. it doesn't, but it's good enough that people start to imagine that it does.

With T56 series here the 48s dropped down to $170 range, everything else has gotten even cheaper.

The t56a is the cost that Yealink 48s was a month ago, and it is android. About $199.

I got Ubiquiti phones in to test and have updated them a couple times. At last pass they still couldn't park or use BLF reliably.

I can't imagine leaving Yealink.

@stacksofplates said in Ubiquiti vulnerability:

@JaredBusch said in Ubiquiti vulnerability:

@stacksofplates said in Ubiquiti vulnerability:

@JaredBusch said in Ubiquiti vulnerability:

None of that is the EdgeMax series.

That is all the original wireless stuff before even the Unifi line.

Yes it is all still currently available, but not nearly as horrible as that article is trying to insinuate.

All that gear should be behind a router normally.

Ya I was looking through it and noticed that. The tough switch was in there, but that's the only non bridge type device I saw.

The tough switch has been a dead product for years.

Ah didn't realize that. I've seen it for sale a few places, but never noticed they weren't produced any more.

It might still be produced, but it has not been developed against at all.

@Dashrender said in Considering a New VPN:

@JaredBusch said in Considering a New VPN:

@scottalanmiller said in Considering a New VPN:

@JaredBusch said in Considering a New VPN:

@scottalanmiller said in Considering a New VPN:

@JaredBusch said in Considering a New VPN:

@scottalanmiller said in Considering a New VPN:

@Carnival-Boy said in Considering a New VPN:

Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

I was leaving that out for simplicity as he's not going to build custom Linux systems for this.

Why? Because a single VM setup as a gateway means that ZT now meets all needs also.

No different than replacing a router, etc.

I've not used it, does it require you to change your IP range or can you keep what you have?

The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet.

I use ZT in a number of places, but not using the gateway anywhere yet.

Right, so being inclusive means that you did follow Scott's recommendation, only that you bent ZT to the current setup, instead of making a whole new IP setup with this in mind.

Did that solve all of the Windows DNS issues?

I have no idea WTF you are talking about. You are implying and inferring things that are not being discussed here.

Found it:
https://community.ubnt.com/t5/EdgeMAX/ERL-Performance-Testing-with-IPSec-VPN/m-p/1053799#M44593

@JaredBusch said in Unifi switch - tagged traffic issues:

@Dashrender said in Unifi switch - tagged traffic issues:

Found the problem - the uplink from my Unifi to my core switch, VLAN 2 wasn't allowed on the connection.

Enabled VLAN2, problem solved.

Aww the little things.

on which switch.

Also, reinforcing the issue with VLAN complicating things.

The core switch, in my case an HP 2824.

I don't disagree that VLANs can/do add complication. But in this case it was pre-existing complication that I had to work through, not remove at this point.

@JaredBusch said in Ubiquiti switches: UniFi vs EdgeMax:

@coliver said in Ubiquiti switches: UniFi vs EdgeMax:

@thwr said in Ubiquiti switches: UniFi vs EdgeMax:

Mh, is the EdgeSwitch able to run a VPN tunnel on its own? I need to connect a "remote" office to my server room. The office is in the 3rd floor, my server room in the basement and I need to run through a "public" patch room (primary cabling junction for the building).

Like:
3rd floor "remote" office -> fiber -> public patch room -> fiber -> my Serverroom (basement) -> Office

I doubt it has the ability to configure a VPN that seems like an edge device is needed for that.

It does not. That would be the router's job.

Yeah, could have been. Probably the same software behind the scenes etc.

@Breffni-Potter exactly. There is a clear market for this, why is there any question why they provide a product where there is demand?

I found these guys on Amazon a few months ago looking for something else. I have not used or tried the products but looks like what you need.
https://www.gl-inet.com/

Seems pretty clear that UBNT has gone public with this at this point.

I have 26 devices and no problems... I know JB has had some issue with updates but he can update it manually.

Yup, and cheap enough to swap while someone else is trying to fix something is huge. I'll take two devices that I can swap when one dies for a total price of $600 long before I'll take one of $3,000 that fails "a little less often" but can take a day for someone to repair!

@Kelly said in Ubiquiti now available retail:

Just so we're clear on terms, firewall vs UTM, the difference you all are noting is access rules vs packet inspection?

All firewalls do access rules and FAIAP packet inspection. Anything less and it is just a router.

@Dashrender I saw it before... I was prepared.

@JaredBusch said in Unifi AP refusing to upgrade:

@Dashrender said in Unifi AP refusing to upgrade:

@brianlittlejohn said in Unifi AP refusing to upgrade:

Did yall notice that the new update has the ability to export and import individual sites instead of the entire config?

didn't JB post about that a week or so ago?

Nope.

I must have just read it in a released then.

@art_of_shred said in Thoughts on a Ubiquiti/Cisco comparo?:

This is just a project. What's the line? "Not my circus, not my monkeys"?

I think it goes "not my circus, not my Sonicwall".

Yeah, WTF?

Are you connecting a permanent IPSEC tunnel with some other network you do not control?

@JaredBusch said in Ubiquiti on the Evolution of Home Wifi Part 1:

@coliver said in Ubiquiti on the Evolution of Home Wifi Part 1:

@Dashrender said in Ubiquiti on the Evolution of Home Wifi Part 1:

lol

Can't wait for the smart contact lens.... or a brain to machine interface.

Yep pretty much...

I have not had anyone desire this level of connection in their ERL, so I have no direct experience.

@dafyre said in EdgeRouter PoE high CPU usage:

@travisdh1 -- Maybe he should start with something simple... like a reboot? (I haven't seen him mention that anywhere).

The entire reason it came back up is that the unit rebooted itself (crashed) at 1300 CDT yesterday.

For a super simple no VPNs network, the USG works great, pretty straight forward and has some nice pictograms in the Controller.

The issue I ran into was a VPN tunnel between two endpoints that both had static IPs. This just didn't work. A few people have posted their work arounds on my UBNT thread about putting the IP into the JSON config file and not using the GUI to enter the static IPs and have it work.

@Mike-Davis said in Ubnt ER - random quick disconnects RDP:

yes. published a remote app. Users need access to that from machines that may not be company owned. Put RDPguard in place to ban IPs of multiple failed login attempts.

If there is a VPN, then we presume that there is no UDP traffic. Most VPNs are TCP.

We've been able to Default the remaining APs and they are adopted. We have one that is being stubborn, while it 'pings' it's not reachable. Suspect an issue with the AP itself. One just lost the heartbeat, but, it was found and adopted.

All in all, four of the six are running and good to go. lot better than where we started.

Thanks

@travisdh1 said in Ubiquiti ER-X Initial Firmware Update:

So I uploaded the 1.9.0 firmware file with scp (the ER-X doesn't have internet access yet, not final install.)

add system image ER-e50.v1.9.0.4901118.tar

Complained about not enough space available. Fine, uploaded through the gui, and it worked fine. ???

I'll have to tackle the duel WAN tomorrow, after verifying I got all my documentation correct.

Well, it's setup and being used. I'm have a feeling I'm going to have to limit http and https traffic with the QOS settings on it tho. Two 700k/300k DSL connections don't go very far :(

I also need to get the static routing figured out. I tried adding a static route to our web host (viviotech.net), and it still sends traffic out of whichever of the WAN ports it decides is better. Bet I forgot a NAT setting somewhere, now that I think about it?

The boxes are amazing for the price.

@Dashrender said in EdgeMAX EdgeRouter software release v1.9.0:

I used to do VLANs for broadcast storm reasons.. but as I've sense learned, if you have broadcast storms, you have another problems you need to solve anyway... and the VLANs probably won't save you, the switches will still be swarmed and might be brought to their knees anyhow... so, yeah.. today, if I need more than 250 devices in a network, move from /24 to /23 or even /22.

Migrating an existing network though - kinda a huge pain in the ass.

Definitely true. But to bring this full circle, the person in question wants to setup VLAN for learning how to implement them and how they work, and that is awesome.