Help me build my new home/business network

Currently reading
Help me build my new home/business network

re PoE and AC Lite AP:

this AP is compatible with: 802.3af/A PoE 24V Passive PoE (Pairs 4, 5+; 7, 8 Return)
your switch is pre-configured to “auto sense” PoE+ devices
you need configure all PoE port separately for each PoE devices
But why would Port2 autoconnect to the AP while Port1 won't? I didn't change anything in Port2 to make it connect.
 
it's really heavy topic
1. Unifi controller has written User manual also for unskilled users. Then my recommendation is open it and follow all steps for proper setup + write there your comments (for a better understanding in future). It will be also a training, how to use the controller.

2. Network:
- "Corporate network" for your main LAN (computer, NAS), use also VLAN setting for it
- "Guest" for Guest WiFi portal, you can define there VLAN field, for next "shielding" of such network, e.g. just for connection of your guest to internet, but not for your Corporate Network.

3. Firewall is your best fiend. You have to define WAN IN/OU/Local, LAN IN/OUT/Local, Guest IN/OUT/Local rules

4. Port forwarding also

5. Geo IP filtering or THREAT MANAGEMENT:
a) when you enable Geo Filtering feature, you have to also enable Hardware offload, then you can't use THREAT MANAGEMENT. In Geo IP Filtering you can define lot of possible features. For me it's better to use Threat Management (IDS) when you have WAN download line >250Mb (I have 1Gbps). But try it and test the performance of the filtering.
b) Hardware offload you can setup by the mentioned Unifi controller guide.
c) THREAT MANAGEMENT (better IPS) and its CATEGORIES - you can play with all the categories, even till a time when you chose "Game categories ON" and your children will ask you - why I can't connect to Minecraft? :cool:
this is really up to your testing. I will send you a screenshot by PM.

View attachment 1934

6. Definitely you have to enable DPI - Deep packet inspection
Then you will see what happens in your network - STATISTIC section.
You can setup all possible data category visualization (e.g. what IP or named client eat what bandwidth by what category e.g. YouTube streaming, or by Netflix, ...). or you can see all details by client (split of packet inspections).
View attachment 1933

7. for direct Unifi VPNs - Services/Radius

.... we can spend time till next morning
sorry, I should have been more clear. I can definitely dig into specifics more, but I was wondering if there are any immediate steps that I should take that might not be covered by Ubiquiti guidance. For example, everyone here recommends disabling the Admin account on our NAS, but I haven't seen that as a general rule from synology. You covered more than what I was expecting. I assume that some of the data logging stuff requires the controller to be running at all times and so is not accessible when I'm only running it part-time off my pc currently?
 
you can see the NAS IP from your Unifi controller

when you have Win based PC, download:


then open the tool and search all your devices in LAN
Note:
you have to define subnet for the search
I was able to find the NAS IP using both the Unifi controller and the IP scanner. When I right-clicked on the NAS in the IP scanner, I was able to explore the unit in File explorer and see my stored data. However, when I try entering the IP address directly into a web browser, it times out on me and I cannot access it. It still is not showing up on Synology Assistant.

edit to add: the myname.synology.me address also does not work.
 
Ubiquiti controller is far away from troubles like default admin account and default ports change as we know from Syno :) or use SSH in Syno router for deactivate default admin account.

These controller accounts have been created by you during first installation of the controller. No need worry.
You can be 100% sure that I will tell you about similar "traps" in initial configuration.

As I understand from your last wording, you have installed/operated the controller in/from your PC.

Back to beginning of our discussion weeks ago:
- running of the Unifi controller in PC is ok for the first touch. Done
- you can now migrate the operation into docker container in your NAS:
- then you will get right operation of your controller. Some reason - Guest hotspot portal needs active connection into controller. Or any remote changes from your phone (blocking communication, ...).
- Just use backup of the configs to safe place in the NAS. Then you will be happy, that no need factory reset, when something will be damaged during your setup. It will takes just minute or two for new container creating with last known configuration (restore of the backup).
 
Ubiquiti controller is far away from troubles like default admin account and default ports change as we know from Syno :) or use SSH in Syno router for deactivate default admin account.

These controller accounts have been created by you during first installation of the controller. No need worry.
You can be 100% sure that I will tell you about similar "traps" in initial configuration.

As I understand from your last wording, you have installed/operated the controller in/from your PC.

Back to beginning of our discussion weeks ago:
- running of the Unifi controller in PC is ok for the first touch. Done
- you can now migrate the operation into docker container in your NAS:

- then you will get right operation of your controller. Some reason - Guest hotspot portal needs active connection into controller. Or any remote changes from your phone (blocking communication, ...).
- Just use backup of the configs to safe place in the NAS. Then you will be happy, that no need factory reset, when something will be damaged during your setup. It will takes just minute or two for new container creating with last known configuration (restore of the backup).
Sounds good, thanks again. Docker is on the list of things to figure out, but for now getting internet up and running in general was more important. Controller is just running on PC right now, but it is a laptop so it isn't always connected and/or powered on.
 
Any idea why Synology assistant cannot find my NAS but the IP scanner can? I can right-click on my NAS in the IP scanner and explore it using windows explorer, and the unifi controller shows that the NAS is uploading and downloading data both on LAN ad WAN. I just cannot access via synology.me, IP address, or through synology assistant. If needed, I can bring it back to my old house and hook it back up to that network. I wondering if perhaps there's a firewall setting that I need to adjust? I just can't wrap my head around how I can sort of access it but not really.

1597291016007.png
 
Last edited:
Port forwarding:
Unifi controller

1. simple setup:
you need just setup http (80) & https (443) port forwarding rules (from WAN side) to your NAS IP by ports defined in DSM (http, https)
then your NAS will be available at https://your.synology.me: port

2. better setup:
keep the simple setup + define Reverse proxy in DSM
then your NAS will be available at https://your.synology.me .... no need use port
this setup is better for all next setup like Unifi controller in NAS container, ...
 
I have to say, that Ubiquiti makes next step to perfection: they have GUI and also CLI setup examples in their knowledge base guides. This is something what is missing in Syno support.
 
Sorry, I was gone on a short vacation. Router is in bridge mode. Called syno support and they got me going. I needed to do a network reset on the NAS so that the admin account would be enabled again. For whatever reason he said that the admin account had to be enabled when accessing from a new network in order to get the DNS to recognize it. I was able to get signed in after that and have now re-disabled the default admin account.

I use syno assistant to re-map my network drives. It seems that about 50% of the time when I disconnect my laptop from the hardwired network and either switch to wifi or just go completely off my network, I lose my folders that I have mapped to the NAS, even after I re-connect to the hardline. I posted a question about it last year and the suggestions there helped but didn't eliminate the problem. Now I have to go through all the ubiquiti and syno info that you've posted here and get everything set up, but at least I can access it now. thanks.
 
good luck
🍺
you need migrate the Unifi controller to NAS (Docker), then your trouble will be disappeared immediately

Q:
WiFi uses same subnet as the wired LAN?
Pls. write: What is your IP address, when you are connected by wire and what by WiFi?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top