 So all this pile of networking gear here is actually going somewhere so While it's going somewhere. We decided to do a video before it all gets deployed So I'm gonna do kind of an in-depth video on the Unify But I thought why not take it another step further and build it all out and mount it all the things in yeah Plug all the things in we'll show you how it mounts how it works and kind of do a detail of you So once I get this mounted I'll show you kind of what it looks like physically Then I'll do a little network map of how we're going to do this and then I'll show you how we deploy a unified network So I do this in a way that gives you an idea of what it looks like Install but then we're going to get into the software details But I've done reviews in detail on these switches specifically. This is what they look like mounted We didn't put all the screws in it. So someone points out that I missed the screw I know these are temporarily sitting in our studio here. Anyway, so we can get that out of the way This is a feed line from my lab that's going to feed the internet to our USG That's the head end of the system is going to be the USG after the USG. We got the 24 port switch So we come out of the LAN port on the USG go to port one on the 24 port switch And we're going to cover this with a whole schematic when we're done one where you actually see how the software is set up Then out of here we got port 24 We got this red wire and we fished it down here and it comes back up here I would have loved to use the SFP ports on these. I just don't happen to have any handy right now So we're out of port 24 and into port 48 These other two lines that you see were one here and one here go to power bricks on the back And these power bricks on the back power these two unifies. So we have an slightly older. This is your standard AP LR Unify and then this is the APAC LR right here. This is the newer APAC model This is the older one. We plug both these in. This is all part of our demo and we show you how we hook all these up I mean ideally these things would be installed at different points in an office But we're doing this all in my lab in my studio here, but I just wanted to mount it all It's also keeping it off the table while you all this testing because there's some other stuff on a table Going on so figured to put it up here and we have this APC rack that we had laying around so I mounted that up here But it kind of give me an idea of what it looks like mounted up I mean normally we'd have a bunch of stuff in this 48 port I'm not gonna run a punch a bunch of wires for the demo But I think a few of you asked and maybe we're gonna do some videos like in our lab to kind of walk you through How you set up a patch panel you normally have a lot of patching in between here I'm just gonna plug a handful of devices in around the office for some of the demo purposes as we dig into how the software works Now all these are factory reset fresh with the latest firmware So the next thing we do is start with how we load the unify software And they go from how to load the unify software to set up the USG to set up the 24 The 48 and then the subsequent Unify Wireless and how we set all this up and we'll go over how the v-lands gets set up and how the separate networks get it's up So now that we've looked at this whole rack Here where it'll sit Let's jump into the software side of this and show you how to actually all the configuration works Okay, everything's plugged in everything's hooked up and because I wanted to Do this review as a full top-to-bottom review The first thing we do is install the unify software so the default IP address of the USG which is the head end of this network is 192.168.11 You can go to it, but you can't really do much other than get it online and It wants you to install the unify controller software to manage the gateway It links here and we're gonna be loading version 5.6.22 my preferred way to do this is in a Small virtual machine on the same network It has to be on the inside same network as you're setting network on for setup purposes and for the purposes of this video Yes, you can use external controllers. Yes, there's other ways to manage it Now you have separate videos on that you can find in my unify list But this is specifically setting up a top-to-bottom network and you're controlling it Let's say you're the only one network not a multi-hosted system externally. So we have the DB and controller it is version 5.6.22. So it's the latest version of the software I've already got it here. Now something interesting whenever you download the software Clear this real quick It always calls it unify underscore sysv in it underscore all dot deb when you're downloading it no matter what version It is so just a little side note when you it will tell you what version one is installing But it will when you download it always call it the same file name So let's run the installer real quick I'm logged in as root And I've done a video on how to install this, but I'll still walk you through it Unpacking and it should give me an error and it did now It's just telling you that there's a few things and dependencies and that it needs. This is my reason for Loving Debbie and then I switched to it like 17 years ago because I can do this after get installed as chef It's gonna find those dependencies. Yep. I'm just gonna press enter. Whoops I need to add DNS to this my bad. Let me fix that real quick. I Booted this up. It did not this is actually the config didn't have a DNS setting So he's gonna add that into this particular machine one second app get installed a chef just says find all those dependencies and Loads all the extra things needed to get the unify system up and running and after a few seconds here with this small vm It'll be up and running now. It doesn't take a lot of power to run the unify controller software this vm has a Giga RAM dedicated to it and like a single processor. It's very low powered I think I've seen some people even come up with ways you can run this on like a raspberry pi That might be a little bit slow. So you want something rot moderately fast We're gonna play with some of the more advanced stuff in here, but it really is not much of a processor hog It's a it's a pretty small system here. Okay, we have the machine up and running like I said it's barely using anything we're about to go through the setup it runs in its own Java VM and It's using all of about 500 out of the gig a ram. I have assigned to this virtual machine So it's like I said not real and pretensive processor wise. All right, let's jump over and start logging in Now no matter what you install the unify on the IP address You want to go to is whatever the IP address of the server as you load it on colon H443, but don't forget to start with the HTTPS So here we are first time logging in Gonna get the error from the self sign certificate and we're gonna run through the wizard Now it's what it finds all the devices that we have plugged into the network and wants us to say hey Do you want to adopt these in we're actually gonna go ahead and skip this and we'll adopt them once we get into the system itself We'll skip the Wi-Fi setup as well. We'll do that all inside the system now I use a so-so password that was easy. I guess I won't let me even do a so-so password That's actually a nice feature. I didn't know they added this We mostly have been upgrading our in-place installation and I use last pass, but apparently with this It's won't let me just use a bad password. So come up with something a little better. There we go finish and Should bring me to the login page I'm not we're not gonna do the cloud access. I may do a separate video on a cloud access, but I don't really use it What it does is allows you to tie into their cloud systems I click to keep everything self-contained and self-hosted which is one of the reasons I really like the unify software You can host your own cloud controller and server, which is exactly what we do All right logged in with the good password I had And it's not gonna have much in here because now we could start adopting devices Now I'm not gonna save that devices Now there's some firmware updates, which is cool. So we have some firmware we can load on here We have found in the past most of these can be updated to new firmware without doing the Adoption process, but I go ahead and adopt them first unless there's a problem I was we've actually run into with the USG where it does not like to do an upgrade not adopted But it's not a big deal. We're just gonna start adopting them and setting up the network in here So first things first get this done Now something I'm gonna change in here. You can change your preferences and I'm gonna add a feature Enable the refresh button Save and close and This refreshes by itself on its own timer, but this is how you can actually say update this page now There's not always a need for it But if you want to know if it's only refreshing every two minutes and it's done You have to wait another two minutes for it shows something on here You just go here and you can set preferences on a per-account basis So right now it's going through the provisioning mode so we'll refresh it again All right It has been adopted now where I'm gonna go and adopt all the other devices and then we'll start rolling through the upgrades adopt adopt adopt and Whoop adopt So now it's adopting and provisioning all of those Now you may have noticed down here into my wired connection deactivated When it provisions these which is also why I don't want to do the upgrades You wanted to stage the upgrades based on this when it's provisioning it restarts each of the switches the 24 port switch and a 48 port switch are gonna get restarted and that's what I'm plugged into So obviously I don't want to be pushing firmware to devices connecting to them while those are getting provisioned and restarted So now this one's connected and provisioned this one should come next and then these should be provisioned now when I do the Firmware upgrades. I'm gonna start with the connected devices Then do the switches last you just got think about the order you're doing You don't want to push all the firmware at the same time because it's smart And it should stop it from doing something stupid But just in case anything's overlooked why chance firmware, you know running into an error with that So now I'm gonna run through the upgrades. We're gonna start with the peripheral devices I'm gonna update this and then this particular APC LR needs an upgrade and then lastly I'll do the switches All right now I have all the units adopted and I realized I made a mistake and I'll actually cover it in videos when you first Seen me adopting them you seen them all require an upgrade and I wanted to upgrade them and they wouldn't upgrade That was completely my mistake because I had statically assigned the name server when I loaded the Debian virtual machine so when I loaded it it was on one network and when I moved on this network It was looking for the wrong name server And it turns out because it didn't have the right name server when you logged into it It couldn't go to the internet and make sure each of these had the latest firmware so just by putting in the right DNS server they all have the new firmwares I thought they did and Now it actually has the option except for this one we for unit one does need an upgrade So I'm going to go ahead and upgrade this one and go ahead and hit confirm and it'll provision the upgrade on there so we have Everything adopted everything is up to date all the latest firmware versions and the network is Fully connected, but we haven't set up anything else. Let's start diving into the unified software and kind of walk you through how it works Now this is the latest version as of December 1st, which is 5.622 We were on the device manager, which is where we adopt and get everything set up and now we're going to jump over here to the Dashboard So here's how it looks from the dashboard We have One active way in here land device land device and what we're actually seeing is the layout of the network is how this is too So here's another land device. Here's the one in here And let me just jump over to the map and show you how that worked This is the mapping function now the maps interesting because this is the default image that they throw in here and what we can do is Drag where they are in your office and say all right. We have this switch This maybe this is a room. There we go Maybe we have another switch in this room over here And we have one of the Wi-Fi's we'll put it in this little conference room put another one over here and We'll say that this one's in this room here Now this is kind of neat because what they're letting you do is Map out where things are physically this is a default image But you can add a new map and edit the map and upload different images for different floors and zoom in and out and Lay out all your devices in reference to where things are so you up you have a drawing every building you can upload it on there and It will then you know overlay these this makes it really easy We've done this with like I said a lot of deployments in schools And if we have a schematic of the school we can put it on there and we can drag all of them And a nice thing is the controls to can do things on these is actually going to be right here to get Statistics to get information on them and how it's set up Topology this is so cool that it does this It says okay internet comes in from the USG here and I can move these around it goes into the 24-part switch Here's the one Wi-Fi unit plugged in a 24 per switch like we showed you at the beginning Then the 24 per switch goes into the 48 port switch, and then we have another Wi-Fi unit plugged in This system will actually show you all the devices as they get connected like this. It's really rather clever Right now I click on 2g coverage 5g coverage or nothing here And we're going to jump real quick and just add a network to this to show how that works So we're going to go over here to settings Wireless networks and so far I've left everything at default. These are still out of the box things everything is very customizable in here All right now we can create a new wireless network We'll call this one studio network one and we're going to go ahead and set it to WPA personal security key We can set to where we want and nice thing is you can click here. I Decided to be password 123 for this demo and we're going to leave everything at a fault But you do have advanced options and we'll get into that in a second here so hit save and Now we're going to jump over to devices to show you what's going on These have now switched into provisioning mode and only takes a second and what they're doing is they're provisioning out these settings So these are in provisioning, you know, so there's no options to click on anything All right, so now that we're back over here at maps I Refresh the page and you can see here's my 5g coverage because only this one's 5g this one's not here's our 2g coverage Now granted it's making Estimations based on size as you put into the building to try to determine the coverage and of course with any Wi-Fi We can't determine what's in the walls and what the penetration level will be whenever we do Wi-Fi testing We literally bring these units onsite set them in the offices where we plan to use them and see how far the reach is That's a separate video for Wi-Fi deployments but there's no magic sauce that will determine the exact construction of a building and Absolutely give me a clear picture without taking a Wi-Fi unit there to just how far the reach is so these are best guess estimates Now granted if you are doing the estimates in an open area and open field You obviously get a lot better coverage and you can kind of estimate those But how often are you deploying Wi-Fi in an open field? Not that often usually you're dealing with buildings and everything else But what this does is gives you kind of like a heat map to where the coverage should be estimated to be and you can Change and adjust the receiver sensitivity over here. This is the physical map though for how we can take a look at things and look at the Devices, let's jump over to the other type of map that's in here, which is a topology map And while we showed that you can see the linking between the devices This is a visualization for the linking between devices So right here's the Wi-Fi there Wi-Fi there and then we can also hit show clients So there's the unify controller the virtual box. There's my laptop And how it's connected currently we have nothing connected through here and here and the nice thing is if I move my laptop and I plug this in To this switch within about a minute or two it will re-update and show my client going that way also by clicking these You can expand and contract things Now i'm going to go ahead and connect my phone to This unit right here All right, so now I connected my phone. So here's my phone and it just has an id there now if we go over here to the clients Here it is studio network one And how it's connected overview of it statistics Packet inspection with nothing's available yet But you get the idea that each of the devices plugged in Whoops go to the map here again Change it to topology And you can see how the clients connect Now like I said this updates about every two minutes and you can get insights into each device connecting Now that's really nice because if you're trying to trace out problems It lets you go there and when you double click on any of these devices and we'll go over here For example, let me close these real quick so you can see what pops open So we'll click on the unify controller here It brings up these property dialogue boxes and we can pop them out just like we did with the switches And you can also name them if you want so you can get statistics on them what they're doing where they're going Information history of when they connected if it has any of that information And then you can give them an alias so you can understand Where they are or even create groups that they belong to And this is where you can assign a fixed IP address now because of the way the unify software works It's kind of nice But maybe a little bit different because you're used to going to everything to a series of tables They have this design concept because you everything through here that okay. I want to assign a fixed IP address 249 is what I want to assign to this save now. I've statically assigned that device to that address So it's almost a little bit confusing how it works But it's also a little bit more intuitive if you're you know, if you're used to doing networks It's hard if you're not used to it You're like, oh, I just click on it and assign an address and hit save right It's it's a little bit different how some of the network works But it's also really convenient once you're used to it and it makes managing things, you know, really And while we're here, we'll name this this is actually my laptop Tom's laptop Notes if you want to put them in there Tom's think pad save close Refresh this I think it should actually change it in here as well I think to jump to in our page or it takes a second because it's probably versioning some of that information There we go. Now it's refreshed And we can see Tom's laptop right here now. We'll go a step further because it says 24 port switch in rack number four What this is actually telling us And you can see which on the rack I'm plugged into port four so I can actually then go and name port four as well Tom's laptop apply Yeah, I'm updating the same port the controllers in because it realizes the controllers in this port It does give you a warning which I think is really smart because if you were about to block this port For example, because one of the other options we're going to get into here is how you can change Vlands and ports if I were to block this port I would have a real big problem because I would be blocking the port that the Unify controller itself was plugged in you don't get that message on any other port But only if unify a sense is that this but what your changes could possibly disrupt it Not that the change I did was disrupting But when you're making a change to a port for example turning the port off That would actually be the last thing you did and you'd have to plug into a different port to get back on the network Uh, so you don't want to do that especially because we manage a lot of these remotely I like these little warnings so they make me go. Huh, hold on before I change this Let me make sure and double check all the settings because you can't switch it back because it's the controlling port So Kind of that's kind of the rough overview of how things are connected Let's get a little deeper and show you into the settings. So we already seen the wi-fi up here So we're going to start with this is the wireless network And this is where we created one and we'll get into creating more of them But we've got to do a few other things first I haven't any problems doing it But there is a warning because it's some some of the stuff's in beta like the speed tests and some of the port remapping features And what this actually lets you do for example, like there's three ports on The usg this allow you to take a port labeled as void and turn it into like a second wan port for example And this actually would also allow you to have some of the automatic uplink failovers And what this is a really weird but neat feature If you have a device a wireless device that gets broken off from the network But it's within range of another wi-fi device that it is on the network Which means it got disconnected from network, but it's still powered on and of course their poe That doesn't usually happen, but he can it can then identify diagnose and then set to a bridge mode across the antennas Just keep extending the wi-fi network without a physical network connection. It's kind of like a mesh system It's kind of clever that they built these in I find it really interesting I don't really I haven't really used the feature. I do like it though that it monitors them And what happens is and actually I'll show you this as a test that tells you that they're in working That the unit is still working, but it's in isolated mode and we'll we'll simulate that failure here During this tutorial So here's all the if you want to enable ssh you can set an ab in a password for that I believe the password default is the password. I just set for the system Anytime I change anything here. I have to click apply and then it provisions out to this particular usg Let me close this on the side. It's not relevant Jump back over to the wireless networks Now I deployed a wireless network and it seamlessly deploys it across as many devices as I have connected So we have two of them here for this demo, but if I add another network setting I can force it to only be on one or the other But the default is to create a seamless network across all of your sites So we called this studio network one and we're going to go ahead and create a new wireless network And cleverly name it studio two Set a password for it Now here's where the advanced options come in we've got More fine control like if you want to put this on its own vlan Enable fast roaming some of the devices This helps enable like the handoffs between devices when you're wandering around it'll jump over them You can by default it's aes cmp wp2 you can control and if you had to Unfortunately, we have a client even though it's broken They have to run things in tkip because of the old devices they have on a network So we created a separate network Just for those devices to be on It's a it's all we can do because they can't afford to buy the devices that are on this because it's a big industrial controller But you can also roll back to wp1 but by default good news that's disabled You can also prevent the ssid from being broadcast here These where you can start applying groups to it I haven't really tested the power saving but uh the schedule is really clever because you can Schedule what time you want your wi-fi to turn on and off. We actually did our store When we're not here, we just have the wi-fi We have multiple networks, but we have one of the networks that's generally our customer side network land we just have that turn off and Keeps things separated and no one even knows the wi-fi's there once you're Once it's after hours, then you have all kinds of rate and beaking controls whitelist blacklist mac filtering so you can create Mac filters and say only this type of filtering and that's not a per network not a per device So as I create each network I can create a mac filtered network If I want more security where only allow these mac dresses on yes I know you can spoof a mac address, but it adds another layer of Trouble it is to jump on that network so you can keep it very filtered It also has radius authentication support. So you can use radius authentication to determine what is going to get on there With with an actual level of security Now let's look at the networks themselves. So we're going to create a new network is here, but we're going to go back I'm just going to go back and edit the existing when we have so the land corporate You want it to be a guest and you can't really choose these other options vlan only remote user site to site You have to do all that within The next ones it needs a primary land and this is where you're going to set the settings and this will cascade all the settings across now I've headed assign the manual that's not the 999 server. You can leave it to auto For testing I was putting in here, but you just took just auto it'll act as a dns forwarder Uh, you can set the domain name whether or not you want igmp snooping on It does support dhcp relay is a beta feature, but I thought that's kind of nice that had it in there I've had not often, but I have run into times when we need that If you want to enable upnp on the land you can do that Not usually in a corporate environment, but if you happen to be using a usg at home If you're running gaming systems, especially like the xbox or the playstations Their popular need is having that on there then set your lease times and you know, what do you want things just to be as they are So let's go back over the networks. Let's create a second network cancel Create new network some guests will be what we'll call the network and There's one physical port. So we're actually going to go ahead and give this a vlan id of 10 And when you type this in it let me automatically update to dhcp range and just follow the suit here and then I'm going to customize it 100 to 200 And what I did here was vlan id 10. So it's going to have physically the same interface 192.168.10.1 would be the IP address. It's a slash 24 network. You just type it in Put the notation in there We'll call it guests as the domain And I'm going to leave everything else as is hit save vlan id 10 And we should go back over here to devices And it's provisioning it out right now And now it provisions it out to all the other devices that need to have provisioning All right, so everything's provisioned and we have that second network recreated on vlan 10 Now let's talk about actually how we push that across the network So let's go over here and look at the clients because I plugged another laptop in And It's called the name of the system happens to be equal top And it's 48 port switch Studio rack number six now. Let's just jump over here to map real quick and I was going to show you that the way the clients look Topology So it comes from the usg goes out of the 24 goes here. So this is where it is and we can get statistics what it's doing configuration network and Jump over here to clients And we can see the ip address 192 168 106 It's still on the dot one network and we want to get this over on the dot 10 network So we're going to go click on the switch here And it brings us because I clicked on it here right to the port that this is in so we're going to go here And it's actually steve's laptop I took Steve's laptop and we want this to be on some guest 10 And what this let me know gives me a warning It's going to be overriding any of the customizations I had to this and I covered this in the full switch review It just real quick you can edit any individual port to Function differently a mirroring port an aggregate port manual link You can go in new and you know get all the details set up for each of these ports But we're taking this and we don't care about the profile overrides We want that port to be long to the some guest vlan 10 that we created Now all we had to do is create that in the network if this Option to change any port to belong to a vlan is universally everywhere. It's All the switches if we had 20 switches it gets deployed That's what the provisioning was when you change a network is pushing all these configuration settings So when I want to create a new vlan I go ahead and create the vlan and all of my network that's on this network all the devices on this network get that vlan information now obviously it's tedious to Edit individual ports one at a time But yes in case you're wondering you can select multiple ports like this And select them An edit group supports at a time like this And assign those groups of ports to a particular setting So that is that is an option Just so you know if you're don't want to go through tediously doing it Especially if you have like 20 or 48 port units You're like, okay these group this way these group that way You notice how when I selected these it lets you select groups of ports That is an option when you're doing it, but we set that one. So now that laptop I may have to refresh the IP address on it All right, just took a second to refresh here in our network So now we can see equal top is on the 192 168 10 network The connection is the some guests so instead of studio one network or just our standard LAN It gives the vlan name Pretty straightforward to follow and now I can move anyone I want now this also applies to wireless Let's go back over and look at our topology again And so we still see the same connectivity Physically where he's at so it's going from equal top to the 48 port switch to the 24 port switch to the usg But when we double click it we can see that it's on the some guests network So we can still it picked up the name of it and we can still rename it and call it something else Different friendly name, whichever we want to group Name it to for convenience and follow that device now. Please note because the naming is tied to the MAC address Whenever it moves to another port it will Move the name as well. So if I move my computer to a different port It'll move over and my name because it's named based on MAC address will follow suit And that took about less than a minute From when I moved to maybe almost two minutes I'm unplugged of mine from the 24 plugged it into the 48 port switch And you can see where my system now moved over. I kind of like the animation for when things are moving over As you get a larger network, it's crazy how this looks Because you can drill down a lot. That's also why you have the Show clients and not show clients on there now We also have the ability to have link labels on here. So when I add the link labels, it gets that much more interesting It's equal top port number six into the 48 tom and the unify controller because it's actually running on my laptop And a virtual machine are both plugged into port 32 So it very cleverly lets you know which network that the device is connected to And how it's connected So and then it then lets you know that this goes from 48 to 24 And then this goes into one and goes here now Let's take a look at the switches real quick and start looking a little bit in the details of how those Switches appear the switches are smart and they know Which ports are for what? So it realizes and it's kind of small, but it's got a little up arrow. This is the uplink port So it knows that this is where the port is uplinked to the other switch And then the green ones represent other devices we plugged in And the orange just means things connected but because that wi-fi unit's older It only links at 100. So that's the label right here That's the 100 meg versus a gigabit connection. Let's take a look at the 24 port switch Same thing different though because it realizes that the uplink ports here to the usg And now this is kind of neat It doesn't give a symbol for the downlink port, but it has it here It lets you know the uplink and downlink for it now So right here's the downlink to the 48 port switch It knows that's the next device in the network So you can look at it from a non-graphical version by opening up each switch and determining this But I just really love the way it maps things out for you as all the devices get plugged in Because if you're trying to trace things out on a network that becomes a really handy thing to do So let's go back over to the network settings again down here at the gears Wireless networks Studio network one let's go ahead and create one Call it studio network two We didn't hit save last time. That's why it wasn't there from before advanced options We're going to use a vlan and we're going to put this one on that vlan 10 that we created save Now we have two separate networks and this one's on vlan 10 Look over here at devices and you'll see the wi-fi units provisioning Any provision really fast now there is a slight disruption every time you provision a wi-fi unit because it adds a setting So the wi-fi units do drop and disconnect briefly All right, so my phone's reconnected and I realized I called it studio network Not I forgot the kian network, but it's on vlan 10 And it's getting the dot 10 address which is the network we assigned for that particular vlan So we jump back over to the map again And there it is connected studio network two And that's what's kind of clever is it shows which wi-fi network you're connected to so you have each one And now we see on this one now. Let's talk about the failure mode. I wanted to show you kind of an interesting demo of So this unit right here is connected. This is wi-fi unit one and here's wi-fi unit two And this is this is a feature of the newer wi-fi units I mean, I don't know that all the the early models are supported in this particular feature And what it did is it realizes that this is isolated right now And what that means is it's on but not connected to the network. It's disconnected So it was plugged into right here But then it's unplugged because I physically reached over and unplugged it. So by doing that It just goes into an isolated mode because the other wi-fi units can see it But it can't see the network So this is a really helpful diagnostic tool because there's disconnected as in you don't see it And it'll give you an error for that until you missed heartbeat and it says, you know devices offline But this one it realizes the device is on the network in terms of power But not on the network in terms of connectivity. So it sees its broadcasting But it's not actually connected to the network Now this is where it gets another step of cool to me is if you wanted to bridge this and create like the mesh network You can actually have the units talk to each other and then create a uplink between them By selecting this And now it's going to attempt to create the bridge for you So this device will still work kind of like a repeater mode I've actually done very little testing with this because generally I'm not the biggest fan of mesh networks I've worked with them a few times and we've been called in to replace them Because I've never seen one that works as seamlessly as I think it should and generally hardline to each one It's just way faster and less prone to problems Especially because most of these networks that we put in have a lot of users So handing things off from mesh to mesh becomes kind of tricky It says not available target. I have a feeling it doesn't want to work because it's the Two different models. I'll have to try this sometime as a separate video with two new models I just don't happen to have any in stock right now. So I'm going to plug this wi-fi back in and we'll get to some more settings The nice thing is it's pretty fast from the time I plug it in until going back to connected and back up and running Now a couple side notes here as I had said you can custom config each one This is where you can override what the radios are doing And which WLANs are on there. So by default it gets each one of these I can edit and override so this particular one does not get a particular wi-fi setting I usually don't have a lot of use cases particularly for that But definitely an option if I wanted to where I can customize each one generally when we put these in We assign a couple different networks, maybe a couple different VLANs to them And disperse them throughout the companies or the areas we're putting them in And we want them all to be on the same network. So generally that's the deployment But you can override that configuration and change things around All right, so let's go back into the network settings here I will cover a couple things that I'm not going to do in depth today But this does have the option if you've seen it in there And I'm going to do separate videos because I've just not real adept at the VPNs I've not actually done I've had a few friends who have but I have not done anything with the VPNs on here for remote user VPN I was told it's pretty straightforward on these I'm going to do a separate video on how to handle the VPN So it does have a remote VPN site to site VPN or acting as a client. I've been told It's fairly straightforward to do but I have not actually tested it So I'm uh, I can't comment on that at all at this moment Any of the deployments we have for VPN as you may know if you watch my channel at all I'm a huge fan of PF Sense and that's where I always deploy my VPNs We put these in some clients networks that don't need VPN We primarily use these in small business networks Where VPNs rarely even something they're talking about They mostly just need connectivity and a nice interface for us to manage things So I'll close this one Now we'll get to the next part of networking because this is something we do a lot of Creating firewall rules and port forwarding This was confusing if you look at my previous usg video I think someone commented that it didn't have a lot of features That video is also old The nice thing about the way Unify works They get the product out there and they kind of listen to people Which is rare for a technology company And they look at what features we're looking for and start adding them in In the latest version of the Unify software I believe it's the first time they moved it to here They moved all the port forwarding rules to a Place that makes more sense to me It was a little different the way you did it before Now it's nice because we can just go create port forwarding rule And we're going to have a pretend camera Well we'll put camera system from any one port number 7443 if you didn't know that's the one for there That's the one for the Unify cameras Forward to IP 1, 2, 1, 6, 8 dot We'll say 1.10 We're making it up because it doesn't exist 7443 TCP UDP And whether or not you want logging turned on Save And we go over here to devices You can see it's provisioning that port forward to the USG And provisioning happens fairly fast And as you can see we jumped over here And it provisions fairly fast when you make a network change like that Doesn't take long at all It doesn't disrupt the system while it's doing it It added the port forwarding rules they're added So back over here to the rules Port forwarding And you're done now If you wanted to create a restriction And we'll edit this rule real quick again To say limited and only allow from a certain IP address That's easily achieved in here This makes so much more sense And I don't recall exactly But I remember being a lot more complicated The way they had it before And kind of buried in some menus This is a really simple port forwarding system It's not as advanced as some of the other firewalls But it gets the basics done So a lot of times it's all we have to do The most common deployment we see Is maybe a camera system Or a couple little things in there Now the only thing I'm not as clear about Is will it let me forward to the other network Or will it ask me questions And does it do that automatically So let's test this real quick If I hit 10.10 Anywhere Okay, let me do that Now let's try this If we put it in the .20 network Well, it should give me an error Saying that network doesn't exist It does not So I wish it was a little bit more A little bit smarter And would actually allow me to forward Something to a specific network And actually ask me what that network was But it doesn't appear to care It'll let me type in whatever I want For the forwarded IP Save Now if you want to see if the rule actually works We're going to do a quick test here Something simple So I'll create a test rule And we'll create a port number 12345 Put in the IP address of 192.168.1.66 Happens to be my laptop's address And hit save So there's a rule we're going to provision To my laptop Which is the .66 Now a couple of side notes So you notice I gave my laptop a friendly name Those friendly names don't work or show up When you're doing port forwarding rules It would be kind of nice if they would So if you would name the devices It would be nice if they showed up here So if Unify is listening or watching my video Maybe this is something that they'll do But it does not autocomplete So you don't have that really as an option in there So that's provisioned Let's look at the devices And we need our WAN address here So we're going to go over here to our USG Expand out the WAN address And we see it's 172.116.9.102 And like I said this is not really a WAN address And we know that's actually in a private range We're going to do hostname That One, two, three, four, five As the port And this is part of my lab So it's going to be the I call it VLAN69 lab It's a VLAN I have just for doing this We're going to go over to my system We're going to do a netcat Dash L for listen 192.168.1.66 My IP address One, two, three, four, five port You can see I've tested this before I said it hit up arrow Test And test port was successful And we look back over here And when it sends the command It actually closes it So we can see the netcat is done listening So definitely it works It's an easy way to test it real quick And kind of get an idea But obviously it doesn't care If I put in a different IP address It doesn't give me a warning I'm sure it cares And it won't go to the right address But that is kind of an interesting thing About the way the port forwarding works Let's back over your settings And let's talk about The firewall So the firewall itself Has a couple of its own rules To accept and drop And you can create each one of the rules That's WAN out WAN in LAN in LAN out LAN local guest in Guest out And guest local So if we go to WAN in And here is the rules auto created For the camera and the test rule So we can't actually edit those But we can create new rules And this is a nice thing about the port forwarding Is that it does allow For automatic rule creation of firewall So I only had to create it once Under port forwarding And it automatically creates A matching firewall rule To allow the traffic But if you wanted to do everything More in a manual way You can go through here And do more detailed work For distant destinations As your address group destinations Different types of filtering Drop except reject And another thing that's kind of neat You have over here More detailed tuning Of like state timeouts Protocol options If it's SIP Whether or not you want ping Or receive redirects Or send redirects Or send you can They have some decent firewall rules in here Now I have not messed much with it But if I understand correctly Because these are all built on A custom Linux kernel You can get in there And start manually writing And mainly editing firewalls So you can go beyond what the interface here Will let you do Goes beyond the scope of this talk here In this tutorial But to give you an idea Definitely if you have Those advanced skills And you want to do it Yes, you can override what's in here By logging in directly to the unit itself So it kind of gets over there And this of course is where You can just add some static routes This is the final thing In the routing firewall So if you had some custom routing options You can add them here And create static routing Now guest control This is interesting Because if you wanted to create As the guest portal, guest network That's actually an option on here So people can get on And it will create this Now this applies to the Wi-Fi rules So you start with I want to create a guest Wi-Fi Or even a guest network And I want people want to get on the network To have to log in There's an entire module here And it's kind of cool It actually gives you some editing options So you can put what you want to have in here And you can edit this And it has a mobile preview What it looks like on phone What it looks like on desktop And what it will show them When they get on the network And this is where you would upload Or add your own terms and conditions to To determine it Also where you're going to set your guest network So your guest network can be separate And the default guest rules Keep the network off of your other network So if you create another Wi-Fi Or you apply a LAN rule Or a port rule Or a separate VLAN for all of your guests You can funnel all of it right here And it's pretty straightforward to do So we jump over here to wireless Create a new wireless Network advanced And we'll call it the guest And then we check the box It says apply guest policies And I'm just going to You don't need to go to any of the advanced options At nothing unless you have something More advanced you want to do So we're just going to apply the guest policies It's provisioning it And this is back to where we finished Setting all that So we just created an open network We're going to go ahead and enable the guest portal Do you want no authentication Simple password, hot spot Now I have not tested this And I'm going to do a separate video Just to test this Because I was told it's still a little buggy And of course it is in beta right now But they have the Facebook login So one of the options is for guest options You can force them to log in to Facebook I'm not as clear Someone said it's not working well with the iPhone Based on whatever it informs I will do my own testing with this At a separate video Because it's a beta feature It was just introduced in this version of the software But once they put this in here They're going to work on it Listen to feedback And this feature is kind of up and coming So we're going to enable guest We're going to hit apply changes Also, because of things like this This is also why I've mentioned a VM You may not want something too slow as a VM Because these are moving reasonably fast But if you ran this on a Raspberry Pi as a back end And you want it doing guest authentications This all runs inside the VM module That is the Unify Controller software And I will note You don't need the Unify Controller software Running 24-7 Unless you want it gathering statistics and everything else These machines, if the Unify system goes down Or you're upgrading that particular virtual machine It goes offline Wi-Fi and everything still works You just don't get to provision anything new And nothing changes And you're not collecting any statistics Also, the guest portal runs inside of this So the guest portal will go down though If the Unify Controller software goes down So I'd sign my phone into the guest network And this is a quick screenshot I just grabbed from my phone And it says sign into guest So pretty straightforward there And once again, we can look at my phone We see the link labels And we see it's connected to the guest network All right So you're given a big overview of all the settings And getting a Wi-Fi deployed And some of the changing of port Creating a VLAN Moving things to that VLAN And how you deploy the Wi-Fi across multiple women Including how we do a guest network Now let's get into the insights Because that, of course, is really important When you're trying to diagnose a larger network Is what are the insights of things going on? So we go over here to insights And because we just did this We're going to actually switch to something simple first Before we cover what all this is And we'll start with past guest authorizations Now we just loaded this right now And for this whole video So there's not a lot of data But you get all these statistics and data inside of here That allow you to determine Like, you know, I can look at history Of when guests logged in And when things started happening So close that out Here's the guest Here is me doing the authentication there That I'm online So you can see which are the guests But there's a lot of information in here So this is really novel as well This is the neighboring access points And what the Wi-Fi units do Is they look around and go, what's around me? And they see all the different Wi-Fi access points This one's actually interesting Derek Silverado I'm guessing someone's vehicle has an access point in it Like a mobile one It sees different things that come by So this can give you access information And statistical information about things it sees in the area And it's grouping someone together Then you can also go here and pull down Known clients Here's some of the ones that are known on our network And once again, you can filter this for Different time periods Pass connections Things that were connected Now this is interesting to get a history Of what was connected when Has all the date and timestamps in there Switch statistics And what's in there This is really neat Because you got the information About what's going on in each switch port A history of it What was plugged into it If you have PoE None of these are PoE that we did in our test here But those are options in there So it would give you the PoE information It can give you the counters for statistics And then we can say link status Only show me connected devices So we can filter this real quick And make it a lot cleaner And I like the way they do this Because it's now giving me a lot of information And I can really start diagnosing the network And this is the beauty of the way Unify works One dashboard that consolidated If I had two switches like I have here Or if I have 20 switches or 200 switches I have all these different informational things I can do to start diagnosing and digging things And here's we didn't do anything This is our pretend port And this is the one we tested So we got eight packets that went through From that test that we did And go back over here to known clients Actually to show you a little bit more data Let me jump over to our network So here's a look at the stats for our network And you can see different connections And the amount of data going across Which is of course a whole lot bigger And if we do things like pass connections There's a lot of information here And then we can jump backwards for different time periods And show what was connected for that So we can drill down and see the different IP addresses That were assigned based on the different networks And trace things out Also I have my networks up a little different Because I don't have all unify switches So unify does something a little bit different When you don't know when you have some dumb switches In between so we're going to go to maps And I have only one unify eight port switch In our network and then some dumb switches But they're VLAN off So I'm using this to zoom in and out Here's some of the wifi clients But it thinks they're all connected directly to the Obviously you can't have this many devices On the eight port But switch But port number two is connected to the dumb switch So it sees all those devices And it says they're all on port number two Now my network is headed by PF Sense Which means I have none of the deep packet Inspection features you get with the USG at the head end But what it does do Is it still has the switch Tracking all the MAC addresses And the assignments through the switch And through the wifi unit To understand where my phone's physically connected Because it can see the MAC addresses that pass through The unit Kind of clever the way all this works And yes, in case you're wondering Our wifi name for our business wifi is notice me senpai So we'll go ahead and close this out And we'll finally take a look at The dashboard, what that shows us And the deep packet inspection system Now the deep packet inspection system By default is turned on So we're going to actually jump back into here Deep packet inspection And it allows you to create categories And restriction groups Based on the categories and restriction groups They came up, for example Social networks Enable restrictions You can block everything on there You can add, let me add a social network People who bypass proxies We're going to go ahead and hit save on both of these Actually, I forgot to check the block matching traffic And we'll go ahead and log it So we hit save Now this is where you can choose Where that rule gets applied So I want that rule applied to the guest network Or the LAN network Or the wifi networks You can apply this rule to that We're going to apply it to the LAN Default You can create more groups And get fine grain control and segment this out So in theory, this should And I haven't tested this And we're going to test it live here Once this is done provisioning I should no longer be able to get to Facebook on here Across this network Provisioning And here we are stuck Establishing secure connection I can get to Google Not that I ever use it But I wonder if I can get to plus.google.com Or if it restricts that I guess they don't see Google Plus as a social network So I am online And Facebook is timed out So they have decided to block it So when we take a look now I can't get to Facebook And I see Facebook's in red here So I'm guessing that means it's blocked I'm at the read a little more On the deep packet inspection I haven't really used it much Because we don't deploy a ton of USGs Out there Nor do we really get into the filtering like this Like I said, mostly PF senses are head end Sorry about that Last thing I guess I probably should have covered here Is the events thing The events list that are over here Sorry, I called it a thing The events list here And this actually gives you some Warnings errors in history of the events But it gives you all the events that occur So you can kind of track out the history of things And it actually logs all the different settings That were done Was adopted Provisionings When we add different things in here So you actually get a nice history That's searchable And we can search for example Of everything about the 48 port switch that was done Errors with it Warnings Or back to just general We'll close that I guess the last one other thing Is the maintenance on it These are fairly maintenance free You can do things like Download the backups from here So once you get it all configured and all set up The backup is really straightforward to do Download backup Not much to that And if you ever have to move this to another controller You just go to restore Or if something happens to this one Choose file, restore It restarts And everything just goes right back to normal And it has some data retention Because obviously when you're not just backing up the system You're actually backing up the data The logs and everything else So there's some options in here to determine that part of it All right, so hopefully this was helpful And getting you set up with Unify And if like I said There's something you want me to cover Something more in detail I'm overall really happy with the Unify devices I think the USGs are getting a lot better Especially since the first time I reviewed them But on the bigger side of it They're not really in-depth in features Like I said that the firewall It'll get you going But the firewall rules aren't very advanced And obviously it didn't even give me an error When I try to drop something on a network That doesn't exist And not that that's necessarily a deal breaker at all But it's something to keep in mind And it's something they could improve on But overall the system does work very well And you can't beat the price point of these You're the USG I mean I'm not going into it a little bit But you're also talking about a device That's only, you know A little over a hundred dollars To purchase the basic USG model So you get a lot of features for a hundred bucks That is for sure The Wi-Fi and the switches All working together with this software Outstanding Being able to track your packets And figure out where everything's going And how everything's getting there And the auto drawing of the topology Being able to trace out a device That's just, I love that Being able to map these out Being able to see the connections over You know this map here So laying it out over a map here building Or being able to do the topology And have it drawn in real time To go okay this is my network connection That's some amazing stuff right there That's, that's gold as far as I'm concerned So as much as I'm mediocre on the USG A lot of times we have a PF Sense firewall Because I love all the features and VPNs That come with PF Sense So that's often ahead of a network But the rest of the network we love deploying Unify Because this system works It works really well It's really solid But for the price point I don't think you can really beat the USG And if the client doesn't have a lot of Crazy firewall configuration rules That you need to do The USG works really good for dropping it in And just needs to route traffic It will do that excellent And that aspect of it I think it's great So hopefully this was helpful If you like the content here Like and subscribe If there's something you want me to go more in depth on Let me know If it's the VPN That's going to be a separate video I don't know when I'll get that done I want to, I got to get more than one USG in here And I'm not the biggest fan of them So I don't know when I'm going to do that But if someone wants a mail you want I'll definitely do it I just don't know if I want to buy one right now Alright Thanks for listening If you liked the content here Like and subscribe