Go Cisco L3 switches !! You can buy 3x second hard "Enterprise L3 POE 48P Cisco" switches for the same price as on of these L3 24P non POE UniFi switch.
Thanks Willie... Personally, I do not know why UniFi bothered to release L3 switched when they have no industry-standard features. aka static routing between L3 switches. Also not able to enter CLI code without the ability to save it between reboots, well why truly bother with UniFi L3 switches at this stage. They are certainly are not Enterprise L3 switches! Thumbs Down on these L3 UniFi Switches
This may be controversial on a pro-Ubiquiti channel.... but there is NOTHING about Ubiquiti wired products that are enterprise - the wifi is OK-ish, but you get what you pay for. Prosumer toys at best. Anyone who needs layer 3 switching should use the major players (Cisco Catalyst, Aruba CX, Juniper, etc). Or do the routing on an appropriately sized firewall (ie FortiGate 100F or 200F)
The missing DHCP relay for the switch style gateway is a showstopper for me, because in an AD integrated DHCP infrastructure, it makes this feature unusable. Not going through a bunch of customization to relay the relay via the switch, which would put those switches and the controller in an unsupported state. Good call out on that, by the way not to edit the config manually at the CLI. 😉
Hi Willie. I'm Cheikh from Senegal (West Africa). Question: Does this switch have the firewall rules features ? for example to prevent clients from 2 different Vlan (Vlan 1 and Vlan 2)) to communicate While allowing only one client from Vlan 1 to be able to communicate to all Clients in Vlan 2. Can I do this without purchasing a UDM Pro ?
So these discrepancies being noted are for enterprise environments that have multiple brands floating in the equipment buildout, but for a home or small office that is all Ubiquiti this is not an issue? Took me reading some of the comments and watching the video from a mixed brand deployment to come up with this question.
So what if you wanting to move a flat network to using the Switch Pro Aggregation switch as the boss where all the new switches plug directly in as well using a third party firewall like Sophos XG within an Active domain directory that hosts it's own DHCP server. Would you then need to turn off the DHCP server setup on the domain controller and set DHCP on the aggregation switch? We eventually want to setup Vlans but out of the gate we just want to replace all our mismatched switches throught the company.
@@WillieHowe you can if you telnet and enable ip helper then set a helper address, eg: ip helper enable ip helper-address ( DHCP ip address here no brackets) DHCP show ip helper-address DHCP at the end of the second command is important. This is not persistent over reboots. You need to set DHCP as NONE in the controller.
^ these commands would need to be run on the switch which is acting as a gateway. This will only effect the LANs assigned as gateways to this switch. Not the default (management) one which should be connected to a different gateway on a firewall or udmp anyway. Note, the LAN gatewayed (is that even a word lol) on the L3 Switch where the Windows DHCP server is hosted will automatically grab DHCP without these commands. Any additional LANs assigned to the switch will need these commands to use the Windows DHCP. I have wrote a python script which sits on the DHCP server and checks for DHCP relay changes on the L3 switch and restores them if they drop for whatever reason. I'll publish it when I'm happy with it.
I do get though, it's not an ideal scenario and I do wish Ubiquiti would address DHCP relay on switches. It's the only thing which stops these being fairly ok L3 switches for small/medium deployments.
Thanks for the awesome video. Does interVLAN routing occur on the switch or through the router? I'm trying to figure out a way to get my UNVR (on main LAN) and Protect cameras (on their own VLAN) onto L3 routing to lessen the load on my UDM-SE. I still want the UNVR on my main LAN and may make use of both NICs of the UNVR to get this to work that way.
@@WillieHowe I could be wrong, but I thought that firewall rules are only applied on the UDM, not the switch, so you effectively have no firewall rules for a network where the "Router" is configured to be the L3 switch. Is this correct? Or maybe it's just certain rules, like "LAN In" / "LAN Out" that don't get applied?
@@speedbrake you are correct that layer 3 switches typically don't have a firewall which is stateful filtering. However what the op is looking for is ACLs (access control lists), which is stateless per packet filtering. ACLs are used to control access between vlans. Other then Unifi, every other layer 3 switch that I've ever worked with has ACLs but those were all actual enterprises class switches.
Hi, can you tell me, if it is possible to provide a udp relay on the Layer 3 Switch to make wol possible through different vlans? Or if there is any way to make that possible? Thank you!
I also found that you could not change the gateway device on an already created network or if you modify an already created layer-3 gateway back to the usg or udm.
@@WillieHowe Great! Do you have any thoughts on the stability of Unifi switches and access points since i've been hearing about bugs and such lately? I need to replace a bunch of Meraki devices in our current network at this non-profit organization.
They make good APs but I can't recommend their Unifi line of routers and switches. It's just to limited and unreliable in a corporate inviroment. I like their Edge switches and routers alot more though.
I'm couple of minutes in. You tell us is needs a firmware update but .... Then you tell us DHCP gateway doesn't work right. Shouldn't you do the firmware update before saying it doesn't work?
Why do yall cry when Unifi doesn't want Layer 3 to totally work with other routers. I think this is good strategy to reward users that deploy a full Unifi environment.
An idea like that would probably get someone fired if they tried to do that. You want your switches and wifi gear to work with other routers for sure. You think all the UI gear is going to work for all business types? of course not. You think they make most of their money from their routers? absolutely not. think about it...one router per small to mid sized site that could need 5-10 switches and 20-200 Wifi APs. Oh we don't want to sell APs and switches to that business that already has a router brand they use, so we say F them if they don't use our one $400 router - f them, we don't want to sell 10 switches and 200 APs. : D
That doesn't change the fact that changing the gateway to something other than the L3 switch defeats the purpose of having a layer 3 switch. I would be interested in learning about the use cases for the scenarios you mention.
Not having dhcp relay is basic L3 routing feature. Without it no switch can call itself enterprise level ready imo.
I agree. DHCP helper is a needed feature. I think DHCP helper is available on my L2 Cisco switches.
That's probably why Ubiquiti named it Pro and not Enterprise.
Thank you for pointing out DHCP helper config is not available in Unify L3 switches. I cannot imagine why is that difficult to implement for Unify.
Go Cisco L3 switches !! You can buy 3x second hard "Enterprise L3 POE 48P Cisco" switches for the same price as on of these L3 24P non POE UniFi switch.
I'd like to see how this compares to the EdgeSwitch line of products.
Thanks Willie... Personally, I do not know why UniFi bothered to release L3 switched when they have no industry-standard features. aka static routing between L3 switches. Also not able to enter CLI code without the ability to save it between reboots, well why truly bother with UniFi L3 switches at this stage. They are certainly are not Enterprise L3 switches! Thumbs Down on these L3 UniFi Switches
This may be controversial on a pro-Ubiquiti channel.... but there is NOTHING about Ubiquiti wired products that are enterprise - the wifi is OK-ish, but you get what you pay for. Prosumer toys at best. Anyone who needs layer 3 switching should use the major players (Cisco Catalyst, Aruba CX, Juniper, etc). Or do the routing on an appropriately sized firewall (ie FortiGate 100F or 200F)
Can you redo this video with the newest firmware
The missing DHCP relay for the switch style gateway is a showstopper for me, because in an AD integrated DHCP infrastructure, it makes this feature unusable. Not going through a bunch of customization to relay the relay via the switch, which would put those switches and the controller in an unsupported state. Good call out on that, by the way not to edit the config manually at the CLI. 😉
Hi Willie. I'm Cheikh from Senegal (West Africa). Question: Does this switch have the firewall rules features ? for example to prevent clients from 2 different Vlan (Vlan 1 and Vlan 2)) to communicate While allowing only one client from Vlan 1 to be able to communicate to all Clients in Vlan 2. Can I do this without purchasing a UDM Pro ?
No.
So these discrepancies being noted are for enterprise environments that have multiple brands floating in the equipment buildout, but for a home or small office that is all Ubiquiti this is not an issue? Took me reading some of the comments and watching the video from a mixed brand deployment to come up with this question.
So what if you wanting to move a flat network to using the Switch Pro Aggregation switch as the boss where all the new switches plug directly in as well using a third party firewall like Sophos XG within an Active domain directory that hosts it's own DHCP server. Would you then need to turn off the DHCP server setup on the domain controller and set DHCP on the aggregation switch? We eventually want to setup Vlans but out of the gate we just want to replace all our mismatched switches throught the company.
DHCP relay is done in USG and you need to configure a vlan, i had my windows server as the relay and it works.
@@WillieHowe you can if you telnet and enable ip helper then set a helper address, eg:
ip helper enable
ip helper-address ( DHCP ip address here no brackets) DHCP
show ip helper-address
DHCP at the end of the second command is important. This is not persistent over reboots. You need to set DHCP as NONE in the controller.
^ these commands would need to be run on the switch which is acting as a gateway. This will only effect the LANs assigned as gateways to this switch. Not the default (management) one which should be connected to a different gateway on a firewall or udmp anyway.
Note, the LAN gatewayed (is that even a word lol) on the L3 Switch where the Windows DHCP server is hosted will automatically grab DHCP without these commands. Any additional LANs assigned to the switch will need these commands to use the Windows DHCP.
I have wrote a python script which sits on the DHCP server and checks for DHCP relay changes on the L3 switch and restores them if they drop for whatever reason. I'll publish it when I'm happy with it.
@@WillieHowe correct, I have a python script on the DHCP server though which deal with this.
I do get though, it's not an ideal scenario and I do wish Ubiquiti would address DHCP relay on switches. It's the only thing which stops these being fairly ok L3 switches for small/medium deployments.
Thanks for the awesome video. Does interVLAN routing occur on the switch or through the router? I'm trying to figure out a way to get my UNVR (on main LAN) and Protect cameras (on their own VLAN) onto L3 routing to lessen the load on my UDM-SE. I still want the UNVR on my main LAN and may make use of both NICs of the UNVR to get this to work that way.
I've been having the same question with no answer.
I see that UniFi now has ACL in GUI. Would you consider updating this video?
how about firewall rules to separate the vlans that are on the switch or is that only cli right now as well?
@@WillieHowe I could be wrong, but I thought that firewall rules are only applied on the UDM, not the switch, so you effectively have no firewall rules for a network where the "Router" is configured to be the L3 switch. Is this correct? Or maybe it's just certain rules, like "LAN In" / "LAN Out" that don't get applied?
@@speedbrake you are correct that layer 3 switches typically don't have a firewall which is stateful filtering. However what the op is looking for is ACLs (access control lists), which is stateless per packet filtering. ACLs are used to control access between vlans. Other then Unifi, every other layer 3 switch that I've ever worked with has ACLs but those were all actual enterprises class switches.
Hi, can you tell me, if it is possible to provide a udp relay on the Layer 3 Switch to make wol possible through different vlans? Or if there is any way to make that possible? Thank you!
How do you rate these switches compared with the Cisco CBS350 range?
If they make an edge2.0 series and use this OS on the switches, that would be great!
couldnt help notice but when its in default gateway type you get DHCP relay as a option
So this L3 switch is not working with any other gateway / other router brand such as common asus /tplink /dlink.. how bout cisco router / miktrotik?
I also found that you could not change the gateway device on an already created network or if you modify an already created layer-3 gateway back to the usg or udm.
Always when you make a lan the ip adres need to be on the same subnet it's just how routing works it's basic knowledge.
So, the ACLs I added via CLI on the Switch be gone on next reboot? That sucks!
I think the amazon link in your description points to a wireless access point, not a switch :)
so if you have a third party firewall you basically cant use l3?
Can I ignore the layer 3 functionality and just use it as a regular layer 2 switch?
@@WillieHowe Great! Do you have any thoughts on the stability of Unifi switches and access points since i've been hearing about bugs and such lately? I need to replace a bunch of Meraki devices in our current network at this non-profit organization.
An other great video, please do some videos about PBR with edge router
They make good APs but I can't recommend their Unifi line of routers and switches. It's just to limited and unreliable in a corporate inviroment. I like their Edge switches and routers alot more though.
Thanks Willie!
few more years of development, but looks like something I totally do not need at home.
I'm couple of minutes in. You tell us is needs a firmware update but .... Then you tell us DHCP gateway doesn't work right. Shouldn't you do the firmware update before saying it doesn't work?
Useful information! I love knowing those things that the sales site doesn't tell me.
Funny, that was my first thought as well. The first thing you do when you discover a broken feature is make sure you have the latest updates, right?
@@jameswhite1910 Right!
@@WillieHowe Thanks for the reply. I look forward to the updated version.
it doesn't do nat, because that will eat the udm market
Name a L3 switch that is in the same price range that can do that.
Why do yall cry when Unifi doesn't want Layer 3 to totally work with other routers. I think this is good strategy to reward users that deploy a full Unifi environment.
An idea like that would probably get someone fired if they tried to do that. You want your switches and wifi gear to work with other routers for sure. You think all the UI gear is going to work for all business types? of course not. You think they make most of their money from their routers? absolutely not. think about it...one router per small to mid sized site that could need 5-10 switches and 20-200 Wifi APs. Oh we don't want to sell APs and switches to that business that already has a router brand they use, so we say F them if they don't use our one $400 router - f them, we don't want to sell 10 switches and 200 APs. : D
If you change the gateway, you're defeating the purpose of having a layer 3 switch.
That doesn't change the fact that changing the gateway to something other than the L3 switch defeats the purpose of having a layer 3 switch. I would be interested in learning about the use cases for the scenarios you mention.
Thank you, I realize the L3 switch doesn't have to be the gateway but if it's not you're defeating the purpose of having a layer 3 switch.
I really only think unifi stuff is good for a home. I wouldn’t use it in a homelab either, because it’s nothing you would use in a business.