@scottalanmiller said in Internet connection sharing: @fuznutz04 said in Internet connection sharing: @scottalanmiller said in Internet connection sharing: I think that the key thing here might be in interpretation of the language. "We have another business in the building" could mean that they own two companies and those two "companies" are sharing a connection. We might use that terminology for two divisions that do different things but legally can share a connection no problem. Or it might be some random business that just happens to be in the same building that is trying to not pay for their own Internet, in which case this is a big problem. Everyone is assuming the second, but I had read it assuming it was the first. But both are just assumptions, to know what the best options are and what is an option really requires understanding that. Wow, I am terrible at following up with posts in a timely manner.... Yes, it is the first. So you assumed correctly. So I think we are all set with just breaking out the connection via a switch after the modem. Thanks! If it was me and it was two companies that I controlled, I'd use an EdgeRouter Lite, it has one WAN in and two LAN out. That way I'd have central control. Make that control owned by the "parent" organization. Then have each place have their own switches after that point. But only one router. This is also how I would do it. There would only be one company in control of the one router.

@WrCombs said in Unifi AP on unrouted Network - Issues: @WrCombs said in Unifi AP on unrouted Network - Issues: How do you Export/Import Sites into new controllers ? Never mind I figured it out. I went into "site" settings , In the bottom left corner there was "export site" option. Click on that, download the backup file, create network on other Controller, then import site. You can then (if you have a domain set up) migrate the AP to that Controller. I didn't have this issue; I installed and it's working properly, can view, and edit the AP .

@Dashrender said in How to set up Unifi Controller For Unrouted Private Network?: @WrCombs said in How to set up Unifi Controller For Unrouted Private Network?: update: https://i.imgur.com/L6U1LJA.png The tablet connects to the Network, with a Static IP of 192.168.128.103 the Ip of the AP is showing as 192.168.2.41 .. But it is connected.. is that normal?? sure, it can be. All depends on the routing. I assume you have the AP connected somehow to the second port on the ER-L, and that it's getting DHCP from that, but that same switch also has a connection to the secondary NIC in your Server, so the static IP'ed traffic can get around on that. You've kinda created a bridge between the networks via the AP, and if the password is the default, that could be a problem. password is not default.

@Romo said in Unifi USG VPN from Behind NAT Firewall: Also add the changes to a config.gateway.json file in the controller to changes directly made on the USG don't get deleted on next provision. One reason I hate these units.

OK late to the thread. We use a cheap travel router for this purpose. GL.iNET GL-MT300N think we paid $25 for it. Supports up to 4 SSID's and can do VLAN's though we only use 1. We can actual do wifi to wifi bridging with it. We use it for these wifi Sapling clocks that need to connect to a pre-provided WPA2-PSK ssid for initial setup. This is the newest version: https://store.gl-inet.com/collections/travel-routers/products/gl-mt300n-v2-mini-smart-router Can get these on Amazon now for $25

The scanning software can't tell you where it is getting the issue?

@JaredBusch said in EdgeOS 2.0.3 released and available in UNMS: @dafyre said in EdgeOS 2.0.3 released and available in UNMS: @JaredBusch said in EdgeOS 2.0.3 released and available in UNMS: @davide-bonavita said in EdgeOS 2.0.3 released and available in UNMS: lol it was bugged as fu** and now "Throughput degradation by 5-10% when comparing with v1.10.9 firmware with older kernel" Yeah the comments.. I have not been following the beta cycle as I have been too busy. I did put it on a test router (ERL) with no issues. Does the 2.0.x series work with ZT? I have an ERX now and was going to try it out. The ERX doesn't work well with the 2.0.X firmware yet from what I have seen. But yes. You can put ZT on the 2.X firmware. Thanks for the heads up. I already have routing and all set up through a VM, so it's not critical, just thought I'd ask.

@manxam said in USG to EdgeRouter VPN: Interesting. The last time that I looked at the GUI (as we typically use CLI for VPN), it didn't give the option of DH group like so : Wonder in what version this changed? It has had it for as long as I recall. At least 1.5. The CLI has had it 100% of the time since release at version 1.2.0

We have a MicroCenter 5 miles from the office, so it's swing by on the way to the client now that they carry a decent selection of Ubiquiti APs.

@scottalanmiller said in 10Gb/s Firewall Choice for Colocation: @bnrstnr said in 10Gb/s Firewall Choice for Colocation: Looks like the ER‑8‑XG could also be a good fit if you prefer the EdgeRouter series over the Unifi stuff. Also slightly less expensive, and better performance. https://www.ui.com/edgemax/edgerouter-infinity/ And ordered... we should have it on Monday. From the only vendor offering prime?

i'm not going to turn on logging to find out.

@JaredBusch said in EdgeOS 2 released: It is now showing up in my UNMS for installation. I have had a couple systems on 2.0.1 for a few weeks with no issues. But it had to be done manually. Showing up in UNMS is new to me. Upgrading now.

@mroth911 said in locking down network: so basically I am helping with my church/School , they need to connect to apple/android store. youtube. but social media sites locked down and p2p networks and anything inappropriate for k-12. So OpenDNS is doing the trick for now., However there is no cherry picking, and certain users need the ability to connect to facebook as well. Posting via webpage what is going on in school etc. Thats the situation at hand. They received a letter that someone on the network was downloading from BitTorrent. and it broke digital media anti-piracy law. etc. So they are naturally freaking out. This is something I want to setup and walk away.. I am just doing this to help them. Blocking Bittorrent without an application level firewall isn't that easy. Talking to the tracker happens via DNS, but talking to the other clients normally is just via IP address. You could block all non needed outbound ports - but again, I think Bittorrent can work over port 80 and 443, so not really that helpful.

I upgraded to 1.10.7 2 weeks ago. Pulling the trigger on 1.10.8.

@JaredBusch said in Yealink VoIP Phone Powered by Ubiquiti ER-X PoE: @scottalanmiller said in Yealink VoIP Phone Powered by Ubiquiti ER-X PoE: Anyone tried this combination? Does the power output on the one PoE port of the UBNT ER-X properly power the PoE input on a Yealink phone? We are specifically looking at the T42S. The ERX should work if the power injector that you’re passing through is one design for the phone and not the fixed voltage unifi The ER-X models have warnings in the manual that you need a different power source than the included wall wart if you're going to provide PoE to a device. At that point, just use passthrough from a compatible phone adapter. @JaredBusch already nailed it.

@dbeato said in ubnt CloudKey - refused connection: @bbigford said in ubnt CloudKey - refused connection: option but honestly I just haven't explored it yet for a multi-client setup. I have one Unifi Controller with 70 Customers and they have each their own login and can manage it from their end. This one is not hosted on Vultr but rather in AWS but it is working well. Moving to Vultr though very soon. Yeah, I've worked with a single instance managing 200+ customers. Easy, especially when you can adopt a new AP before taking it on site.

@Mike-Davis said in daisy chain Ubiquiti AC Pros?: @DustinB3403 said in daisy chain Ubiquiti AC Pros?: This is why you don't use pre-made cables. What does it cost to have fiber terminated? $150/hr? Since this is in the mountains, I'm guessing the nearest city is 1.5 hours away, so drive time on top of that. I'm just guessing at the labor since I haven't ever had it quoted. Right, so if oyu are confident that premade will pull in quantiy, then by all means go with it. The good thing about fiber, is that it doesn't matter if you coil up the left over.

Think i've got this down to 3 possible switch that meet the requirments:- (rough pricing ) 2x Ubiquiti EdgeSwitch 48 Port - £920ea 1 pack of 10G Transceivers - £35 2x RJ45 10G Transceivers - £62ea Total - £2000 2x HP 1950-48G - £1230ea 2x 10G-SR Transceivers - £600ea *Don't need any Transceivers for the one in same building as it as 10G copper already Total - £3660 2x Netgear S3300 - £1020ea 2x 10G-SR Transceivers - £238ea Again already has 10G Copper. Total - £2516 I see we can get "compatible" Transceivers to reduce costs to:- HP £16ea - £2492 Netgear £13ea - £2066

@scottalanmiller said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t: That and removing the silly "modem" from the chain. It's direct now. I asked that and didn’t get an answer.

@jaredbusch said in Ubiquiti ER3 to ER4 Upgrade?: @scottalanmiller said in Ubiquiti ER3 to ER4 Upgrade?: @mroth911 said in ubiquiti Er3 to 4 Upgrade?: Can I just back up my er3 and upload it to the 4 I believe so. I have never tried, but it should handle it because it only bring the /config folder in, and nothing in the hardware of the 3 vs 4 is all that different. To clarify, I have migrated from ERL to ER4 a couple times. But I manually migrate. I don’t try to restore the old config.

I typically run with Dahua (or Hikvision in a pinch) mixed with their own branded NVRs or, if software based, BlueIris. Both models of cameras are professional grade and look the part but can be a little costly. The Dahua cameras have several models with the "Starlight" sensor which makes low light situations look fantastic and easy to identify. Check out https://ipcamtalk.com for tons of reviews, footage, etc of many different cameras. Dahua aren't usually sold to "end users" in North America but there's a guy on Alibaba that ships straight from China cheaply and with NA firmware. He's highly used on IPCamTalk and I've personally purchased a few dozen cameras from him. https://www.aliexpress.com/store/1859367

So we didn't figure out a good explanation for the exact issue. We did discover that the customer left devices plugged into the modem forcing Cox into DHCP instead of static causing all kinds of issues. So we got it fixed, but the error is weird.

@gjacobse said in Help troubleshooting L2TP over IPSEC VPN connections.: jeeze,.. that is a sad state to think that we have nbeen fighting this for that long,... @JaredBusch @scottalanmiller Can a cron be set to restart the ipsec every 24 hours? Yes.

@dustinb3403 I see Polycom has some higher end models now. Nice and colourful.

@jaredbusch said in Unifi Video: I recently discovered Wyze. https://wyzecam.com These are fucking awesome. That is an awesome find.

@ccwtech said in Unifi 5.7 on Ubuntu 18.04: Scott, why did you go with Ubuntu vs. Fedora? (Asking for a friend) Because it's the official OS of the product. Absolutely no reason to use Fedora here. Unifi only supports Ubuntu and Debian, and Jared and I have opposite views here. Ubuntu is the business product of the Debian family, Debian is the hobby project that is used as the basis for it. Debian is great, I love the project and they do great work, but it doesn't have primary vendor support, you are at the mercy of a hobby project. Ubuntu uses that basis and turns it into a production ready release with vendor and market support options. Ubuntu isn't Fedora, but it's still extremely good.

@penguinwrangler said in Connect Ubiquiti APs to a New Controller: @jaredbusch said in Connect Ubiquiti APs to a New Controller: @penguinwrangler said in Connect Ubiquiti APs to a New Controller: @jaredbusch said in Connect Ubiquiti APs to a New Controller: Controlled migrations have lots of tools and options. But a downed controller has pretty much no option except to default the APs and readopt. You will not even be able to SSH into the APs if you cannot log into the controller and get the device admin password for the site. @JaredBusch is right. If you lost the controller it is a reset process. I recently went through something similar, however, it was the fact that our ISP at a location I manage decided to change out there cable modem and in doing so changed them from a static IP to a dynamic IP. Which is fine and easier for me but they didn't tell the client that they might have to reconfigure their equipment and didn't even bother to make sure they had internet. Switch cable modem and left. Client calls me and I get there and well the Ubiquiti Secure Gateway wasn't working because it was set to use a static IP on the WAN side. I was mad. So I had to reset the Ubiquiti Secure Gateway. Now here is the kicker, it would show up in my controller once I set the inform address but for some reason at least on the smaller USG's is that you had to ssh into them and set the inform address. Click on adopt in the controller and then while it says adopting in the controller run the inform command in ssh again. If you didn't do that it would be adopted but say disconnected. It was a long night until I found those instructions. Grrrr. I hate the USG. Such a piece of crap. I know, I wasn't the one that put it in, it is this one: https://www.ubnt.com/unifi-routing/usg/ They have the newer USG that are bigger. Are those any better? https://www.ubnt.com/unifi-routing/unifi-security-gateway-pro-4/ https://unifi-xg.ubnt.com/usg-xg-8 It is better hardware under the hood, but it is still UniFi. UniFi is shit on a router.

I updated all the sites that could be rebooted mid work day already. The rest will happen this evening.

@jaredbusch said in EdgeSwitch firmware 1.7.4.5075842 released: Adding a VLAN is a snap. It was already trivial!