@marcinozga said in EdgeOS 2 released: @scottalanmiller It's only $60 for new one (ER-X), so not that bad. I'll have more time to play with the bricked router this weekend, but I'm not putting 2.0 on new one any time soon. They added some kind of emergency recovery thing to EdgeOS a while back. no idea how to use it. https://help.ubnt.com/hc/en-us/articles/360002231073-EdgeRouter-How-to-Use-SSH-Recovery-

@mroth911 said in locking down network: so basically I am helping with my church/School , they need to connect to apple/android store. youtube. but social media sites locked down and p2p networks and anything inappropriate for k-12. So OpenDNS is doing the trick for now., However there is no cherry picking, and certain users need the ability to connect to facebook as well. Posting via webpage what is going on in school etc. Thats the situation at hand. They received a letter that someone on the network was downloading from BitTorrent. and it broke digital media anti-piracy law. etc. So they are naturally freaking out. This is something I want to setup and walk away.. I am just doing this to help them. Blocking Bittorrent without an application level firewall isn't that easy. Talking to the tracker happens via DNS, but talking to the other clients normally is just via IP address. You could block all non needed outbound ports - but again, I think Bittorrent can work over port 80 and 443, so not really that helpful.

I upgraded to 1.10.7 2 weeks ago. Pulling the trigger on 1.10.8.

@JaredBusch said in Yealink VoIP Phone Powered by Ubiquiti ER-X PoE: @scottalanmiller said in Yealink VoIP Phone Powered by Ubiquiti ER-X PoE: Anyone tried this combination? Does the power output on the one PoE port of the UBNT ER-X properly power the PoE input on a Yealink phone? We are specifically looking at the T42S. The ERX should work if the power injector that you’re passing through is one design for the phone and not the fixed voltage unifi The ER-X models have warnings in the manual that you need a different power source than the included wall wart if you're going to provide PoE to a device. At that point, just use passthrough from a compatible phone adapter. @JaredBusch already nailed it.

@dbeato said in ubnt CloudKey - refused connection: @bbigford said in ubnt CloudKey - refused connection: option but honestly I just haven't explored it yet for a multi-client setup. I have one Unifi Controller with 70 Customers and they have each their own login and can manage it from their end. This one is not hosted on Vultr but rather in AWS but it is working well. Moving to Vultr though very soon. Yeah, I've worked with a single instance managing 200+ customers. Easy, especially when you can adopt a new AP before taking it on site.

@Mike-Davis said in daisy chain Ubiquiti AC Pros?: @DustinB3403 said in daisy chain Ubiquiti AC Pros?: This is why you don't use pre-made cables. What does it cost to have fiber terminated? $150/hr? Since this is in the mountains, I'm guessing the nearest city is 1.5 hours away, so drive time on top of that. I'm just guessing at the labor since I haven't ever had it quoted. Right, so if oyu are confident that premade will pull in quantiy, then by all means go with it. The good thing about fiber, is that it doesn't matter if you coil up the left over.

Think i've got this down to 3 possible switch that meet the requirments:- (rough pricing ) 2x Ubiquiti EdgeSwitch 48 Port - £920ea 1 pack of 10G Transceivers - £35 2x RJ45 10G Transceivers - £62ea Total - £2000 2x HP 1950-48G - £1230ea 2x 10G-SR Transceivers - £600ea *Don't need any Transceivers for the one in same building as it as 10G copper already Total - £3660 2x Netgear S3300 - £1020ea 2x 10G-SR Transceivers - £238ea Again already has 10G Copper. Total - £2516 I see we can get "compatible" Transceivers to reduce costs to:- HP £16ea - £2492 Netgear £13ea - £2066

@scottalanmiller said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t: That and removing the silly "modem" from the chain. It's direct now. I asked that and didn’t get an answer.

@jaredbusch said in Ubiquiti ER3 to ER4 Upgrade?: @scottalanmiller said in Ubiquiti ER3 to ER4 Upgrade?: @mroth911 said in ubiquiti Er3 to 4 Upgrade?: Can I just back up my er3 and upload it to the 4 I believe so. I have never tried, but it should handle it because it only bring the /config folder in, and nothing in the hardware of the 3 vs 4 is all that different. To clarify, I have migrated from ERL to ER4 a couple times. But I manually migrate. I don’t try to restore the old config.

I typically run with Dahua (or Hikvision in a pinch) mixed with their own branded NVRs or, if software based, BlueIris. Both models of cameras are professional grade and look the part but can be a little costly. The Dahua cameras have several models with the "Starlight" sensor which makes low light situations look fantastic and easy to identify. Check out https://ipcamtalk.com for tons of reviews, footage, etc of many different cameras. Dahua aren't usually sold to "end users" in North America but there's a guy on Alibaba that ships straight from China cheaply and with NA firmware. He's highly used on IPCamTalk and I've personally purchased a few dozen cameras from him. https://www.aliexpress.com/store/1859367

So we didn't figure out a good explanation for the exact issue. We did discover that the customer left devices plugged into the modem forcing Cox into DHCP instead of static causing all kinds of issues. So we got it fixed, but the error is weird.

@gjacobse said in Help troubleshooting L2TP over IPSEC VPN connections.: jeeze,.. that is a sad state to think that we have nbeen fighting this for that long,... @JaredBusch @scottalanmiller Can a cron be set to restart the ipsec every 24 hours? Yes.

@dustinb3403 I see Polycom has some higher end models now. Nice and colourful.

@jaredbusch said in Unifi Video: I recently discovered Wyze. https://wyzecam.com These are fucking awesome. That is an awesome find.

@ccwtech said in Unifi 5.7 on Ubuntu 18.04: Scott, why did you go with Ubuntu vs. Fedora? (Asking for a friend) Because it's the official OS of the product. Absolutely no reason to use Fedora here. Unifi only supports Ubuntu and Debian, and Jared and I have opposite views here. Ubuntu is the business product of the Debian family, Debian is the hobby project that is used as the basis for it. Debian is great, I love the project and they do great work, but it doesn't have primary vendor support, you are at the mercy of a hobby project. Ubuntu uses that basis and turns it into a production ready release with vendor and market support options. Ubuntu isn't Fedora, but it's still extremely good.

@penguinwrangler said in Connect Ubiquiti APs to a New Controller: @jaredbusch said in Connect Ubiquiti APs to a New Controller: @penguinwrangler said in Connect Ubiquiti APs to a New Controller: @jaredbusch said in Connect Ubiquiti APs to a New Controller: Controlled migrations have lots of tools and options. But a downed controller has pretty much no option except to default the APs and readopt. You will not even be able to SSH into the APs if you cannot log into the controller and get the device admin password for the site. @JaredBusch is right. If you lost the controller it is a reset process. I recently went through something similar, however, it was the fact that our ISP at a location I manage decided to change out there cable modem and in doing so changed them from a static IP to a dynamic IP. Which is fine and easier for me but they didn't tell the client that they might have to reconfigure their equipment and didn't even bother to make sure they had internet. Switch cable modem and left. Client calls me and I get there and well the Ubiquiti Secure Gateway wasn't working because it was set to use a static IP on the WAN side. I was mad. So I had to reset the Ubiquiti Secure Gateway. Now here is the kicker, it would show up in my controller once I set the inform address but for some reason at least on the smaller USG's is that you had to ssh into them and set the inform address. Click on adopt in the controller and then while it says adopting in the controller run the inform command in ssh again. If you didn't do that it would be adopted but say disconnected. It was a long night until I found those instructions. Grrrr. I hate the USG. Such a piece of crap. I know, I wasn't the one that put it in, it is this one: https://www.ubnt.com/unifi-routing/usg/ They have the newer USG that are bigger. Are those any better? https://www.ubnt.com/unifi-routing/unifi-security-gateway-pro-4/ https://unifi-xg.ubnt.com/usg-xg-8 It is better hardware under the hood, but it is still UniFi. UniFi is shit on a router.

I updated all the sites that could be rebooted mid work day already. The rest will happen this evening.

@jaredbusch said in EdgeSwitch firmware 1.7.4.5075842 released: Adding a VLAN is a snap. It was already trivial!

@bbigford said in Does any one have a EdgeRouter 4 online and can test L2TP: Any insight on maybe why that worked? I've had issues with the default group on another manufacturer, but I wouldn't think 14 was default. It worked prior to changing to DH 14 on my iPhone. I had to add a proposal with DH 14 for Windows 10 to work.

@dbeato said in UNMS 0.12 rc2 released yesterday: @bnrstnr said in UNMS 0.12 rc2 released yesterday: DHCP stuff being in there for the EdgeRouter devices, but I also don't see it in the added features list. Regardless, it's pretty useful for me. It was there before. Yes, it has been there since at least version 0.10.0

Wow! Interesting to follow up.

@jaredbusch said in ERL and Smart Queue throughput: If the CPU was not limiting things, the unit should be pull 100Mbps The Smart Queue is set to 100. Of course, that is what I was referring.

@360col said in schedule time per client not possible: Opps this was meant as a reply to the Unifi Schedule thread. No idea why it became a separate topic Can someone fix up this or close this thread. Thanks. Probably because you tried posting it as below:

@mike-davis said in Unifi Time Schedule: Ah, maybe the best approach would be to have two SSIDs. One on a schedule and one on all the time. Then only allow devices you want to connect to the all on SSID. This is what I have done in the past for myself and my friends/family. I setup a SSID for parents and then sometimes a SSID for each child. That way the parent can turn off the internet for one child and not bother the other children. Of course I always think that the punishment imposed by the children on other children for everyone losing internet because of the actions for one is a great way to get them to behave.

I think I have it figured out.. when I'm back on that network I'll get a screen shot. Hope to spend the afternoon testing it, have a few other pieces of gear to setup for it.

@mattbagan said in Looking for stock of the EdgeRouter 4: @JaredBusch ubnt has them in their store now https://store.ubnt.com/collections/routing-switching/products/edgerouter-4 I ended up purchasing from DoubleRadius.

@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite: @dashrender said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite: @dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite: @eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite: Thanks to @Dashrender for the assist. It looks like the problem was authentication. I authenticated to the VPN using domain\username rather than using the User Principal Name. Doing the latter allowed me to reach DFS shares. Woops, that's crazy but definitely there is an issue with DNS huh? If the user cannot login with UPN there is an issue with DNS.... As you should be able to use domain.com. User can login with UPN. They were using the old domain\username method rather than UPN, which apparently caused problems with accessing stuff via the DFS namespace.

@FATeknollogee You've said that the bosses want the networks to be separate. You've also said that company B provides a service for company A akin to B providing email services to A, so A needs access to B's network for that single service. All that said - what is the goal in splitting the networks? Why do it? If you don't know why the bosses want this - ask them. Let's not worry about the how of splitting yet allowing things to continue to work, let's work on the why first - because the helps lead to the correct solution for the goal.

@jaredbusch I have it up and running. (DNS) Even my guest WIFI on a VLan is now getting DHCP addresses. Everything is working great now.

@dashrender said in Ubiquiti publicly rolls out UNMS Beta: @scottalanmiller said in Ubiquiti publicly rolls out UNMS Beta: @dashrender said in Ubiquiti publicly rolls out UNMS Beta: @scottalanmiller said in Ubiquiti publicly rolls out UNMS Beta: @dashrender said in Ubiquiti publicly rolls out UNMS Beta: @scottalanmiller said in Ubiquiti publicly rolls out UNMS Beta: @dashrender said in Ubiquiti publicly rolls out UNMS Beta: @scottalanmiller said in Ubiquiti publicly rolls out UNMS Beta: @dashrender said in Ubiquiti publicly rolls out UNMS Beta: @scottalanmiller said in Ubiquiti publicly rolls out UNMS Beta: https://en.wikipedia.org/wiki/Software_release_life_cycle Beta literally means it's not reached candidacy for release yet. RC is still not released, but is what they might consider for release once tested. Notice Beta is in the middle of the "non-released" period. These are as the terms have always been used, even going back to the early 1980s and, I assume, long before that. Release being such a structured term that it is nearly impossible to define released without using the term released itself. While I'm sure this has no baring in reality - for me release is a point but the public can get support for the thing. That's not quite accurate. There is no reason that something unreleased can't offer support. How else do you really do your testing, get feedback, and so forth? It's an expectation that anything that the public can get would get some amount of support most likely, because otherwise, what is the purpose of the public nature of the testing? Perhaps I should have added the words "expect to" to the support portion. As you said with the other thread, There should be no expectation of support for the product that was still in beta. So, here is a question then, does Microsoft ever release software? Because nothing that MS makes comes with support. What about Debian Linux, is it ever released? Expect <> free. But free software has all the same release guidelines as commercial software. And MS products aren't normally free. Again - what does cost have to do with anything? As I also said - you'd all probably disagree with me. Because you mentioned it in the post I quoted. Please highlight the part where I mentioned costs. Same thing I quoted and you responded to.