Видео

I have not used portainer, but my understanding is proxmox is acting in the same role as portainer when it comes to managing containers. However, proxmox can do other things, such as running VMs. I am a homelabber, so an all-purpose platform such as proxmox meets my needs better.

@hz777 I see, I appreciate your perspective and insight. Thank you! I intend to use this for my home lab also, I just don't have a full on Dell server to run this on. Intend to run it on a little geekom nuc. Your videos are really helpful, keep up the great work!

It should.

I don't have experience with these fibers, and I even doubt they work with my old lab 100 GbE switch.

Why did you think I removed your comment? I just checked the on-hold comment (by RUclips), but saw none.

@@hz777 well thats strange, I posted a comment . Bug in YT then I supposed. I tried now also again and again. it removes every time. maybe because there is a hyperlink inside the message..

Thanks for sending me the email. That explains why your comments were removed by RUclips: because of the paths. Url, IP address, and path may cause the comments to be removed by RUclips. Go back to the docker Hostname issue you described. As I know, unifi gateway gets the client's hostname during the DHCP process. For a docker, it may not have its hostname, so your dhclient approach makes sense. This is an interesting topic, so I may make a video about it!

@@CasaTropical I just did some testing, but did not observe similar issues as yours. I created several proxmox containers using debian 12 template. I gave them different hostnames. They were all correctly displayed wit the correct names in UniFi's client list. I also used Wireshark to see the DHCP requrests, and did see correct hostname info in the requests.

@@hz777 thank you for the time and for the response, indeed the containers will get hostnames, its about a docker inside that container . Case: debian 12 template as LXC in Proxmox. Then install docker on that debian, then in that docker place (example) a alpine python or a new debian. You'll will see no hostname in de UDM-P only the MAC. When you install the dhclient, and inside that .conf chage the name "hostname"it does. Again thanks for the great videos and time.

Yes, that's expected. Ubiquiti never officially supports it.

No and no.

If the bad guys scan VLAN B from VLAN A, you do not need a Honeypot in VLAN A for VLAN B. Otherwise, you do.

@@hz777 so in my environment, I block (for example) Access to VLAN B, from VLAN A, and reverse. I believe this is where “otherwise” comes in, lol. There’s no inter-vlaning in the network, so that’s why I asked if all VLANs should have HoneyPot, but Insee your point and I thank you for your response.

​​@@buenologysorry it seems my original reply is not clear. if no inter-vlan, each VLAN may need its Honeypot if you have concerns there.

So far I only use it in my lab environment, so no impact yet.

@@hz777 Thanks, what about IPv support ? And also L3 routing on the USW ?

IPV6? I don't use ipv6​, so don't know. L3 switch's inter-vlan traffic doesn't go to gateway, so I don't think it's supported. @@FTLN

Not yet.

Just checked but did not notice anything. I don't think Ubiquiti has any incentives to improve it.

If switch A is closer to router, and you work on switch B first, switch B is expected to be offline. I don't see a problem there. But after you finish switch A, switch B will be back. I don't understand why switch B going offline can impact switch A's configuration changes.

@@hz777 Well I don’t either I configure ports 25-26 on switch B (the USW Pro 24 PoE) first and you can see it takes the aggregation. Then I try to configure ports 6-7 on the other switch A and as soon as I hit “Apply”. the web page freezes and then when I access the cloud key again switch A (the Aggregation Pro switch) now shows no ports aggregated and switch B (the USW Pro 24 PoE) shows offline and I have to disconnect the aggregation port cables to it and restart to adopt it again. So the aggregation fails. I was talking with Ubiquiti tech support and went through the procedure with the tech (connecting only 1 cable while doing the process) and experienced the exact same symptoms. The only suggestion he had was to send him the support file and he would “get back to me”.

@@Kehf27 is usw pro's 25-26 connect to 6-7 of aggregation switch? One thing I don't follow is you said after configure 25-26, you could see usw pro takes the change. What did you mean? What you expect to see is usw pro going offline. If you can still see it online, something is wrong already.

@@hz777 yes 6-7 of the AGG Pro switch is connected to 25-26 of the USW Pro24 PoE Hmm I don’t actually see the Pro 24 going offline when I configure aggregation on it It just almost immediately shows aggregated.

Just an update for you. You have been extremely helpful in my journey thus far. I had multiple problems configuring LAGG with my hybrid pfsense/Unifi setup. Firstly, on the Unifi side I was trying to effect the aggregation on the switch ports that had the active connection to the cloud key controller. So I connected another cable (with the active connection) in parallel with the ports I was trying to aggregate then configured the most downstream switch ports in aggregate. I then configured the next upstream switches and so on. For the pfsense side I had a similar problem and the solution was similar. Additionally the ports on the pfsense device I was trying to aggregate included an existing LAN with associated VLANs already defined. With the help of the pfsense documentation I was able to migrate that LAN to a new LAGG and also transfer the existing VLANs to the new LAGG. This involved multiple steps and shuffling around and included having to effect the configuration from another LAN in parallel since the configuration steps caused me to lose communication with the cloud key controller and internet and the existing configuration on the pfsense device. I was able to complete this successfully however. Now I have a downlink of 30GB from the pfsense device to the Agg Pro switch and downstream links of 20GB between the other Pro Max switches. Thanks again for your excellent suggestions.

I don't own a non-pro udm, so don't know the answer.

I checked the android app, but did not see content filtering setting at all... Where did you see it?

I am afraid that will not be feasible. Even though the VPN itself is WireGurad, to initiate it (to make UniFi gateway connect to turn server) needs wifiman.

As I checked last time, it's 15. But you know, it's not really a hard limit. It may change any time in the future.

@@hz777 in your video it stated 20 at the beginning when you did choose networks?

Maybe...idk...if you saw that, it's the correct limit at that time.

I remember I used two devices to capture WiFi frames, one close to the roaming device, one close to the ap.

I don't use Ubiquiti Device Discovery. Do you have UniFi network controller self hosted? I know it may use port 10001. If a packet is sent for a legitimate reason, I would not block it. If there are packets you are not sure where they came from, you may want to spend time to eliminate the source.

@@hz777 The issue is running a LAN scan and Ubiquity Device Discovery Service seems to publish all the Gateway IP's even though VLAN access blocks gateway crosstraffic. 🤔

I have not encountered such a thing so I don't know... In your case, were the packets from gateway's default network IP address to other VLANs? If so that's strange...

@@hz777 i will have to investigate further. The android app "ping tools" aggressively scans the network and it can find more than nmap. Thanks for the insight

No, if just after a reboot. But it won't survive an upgrade

My other racks cannot be moved. I need the wheels :)

I believe there must be such a script on GitHub, but I have never searched for it.

You may need to login first.

@@hz777 Doesn't seem to have changed anything. Must be something else. Anyway thanks for the suggestion.

Wow! Thanks for sharing such detailed steps! Your way is much more aggressive and is to use the device solely as NAS.

I don't own a udm pro max, but assume it should be easy. Can you find the mount point for the SSD in /proc/mounts? If yes, simply use that mount point when configuring smbd. AGAIN, ABOVE IS JUST MY GUESS. TAKE YOUR OWN RISKS IF YOU WANT TO PROCEED.

@@hz777 Thanks, will give it a miss then :)