New Gateway, considering a Ubiquiti USG

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › New Gateway, considering a Ubiquiti USG

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#207728 11-Jan-2017 13:29

I like the prettys of the Ubiquiti Controller software and are wondering about getting a USG to replace my TP Link WR0143ND running Gargoyle. I already have two UAPs (one AC-Lite and a plain UAP and two SSIDs).

So I guess I'm after someone who has one who can confirm that it can do the features of Gargoyle I use the most:

I've written a program that pulls overall usage and per device (by ip) per hour upload and download stats. It's doesn't give me the to where information that might be useful, but does allow me to see if a device is spiking for whatever reason (stuck patches, rogue devices etc). Could I pull stats off it (I have seen talk of a API), or would that be redundant as the controller will now hold all that?

I use DNSMasq options under dns4me for geo unblocking.

I have UFB so obviously need to VLAN 10 tagging

I don't have a lot of firewall rules, some incoming ssh on non standard ports, so I assume USG can do external to internal port mappings?

Static IPs, I use these a lot, and I like to set name/ips to certain ranges (ie media machines/devices between 192.168.10.30 and 192.168.10.40 for example)

Dynamic DNS via noip

I restrict a device from external communication

I have a guest network on a different subnet/vlan/SSID, with its own DHCP (a linux vm), blocked from accessing the internal network

I'm hoping a USG can do all that natively and without the need for a specific linux instance to act as a DHCP server, and that I can also allow guest access to chromecast and apple tv devices (something I can't do currently). While also having better performance for my aging WR1043ND.

Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight

1 | 2

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#1701421 11-Jan-2017 14:23

As mentioned in the @michaelmurfy's Ubiquiti EdgeRouter Tutorial:

IcI: For those interested in more Ubiquiti / UniFi info, Willie Howe has a YouTube channel covering many Ubiquiti topics.

I bought a USG in December, so still learning, but here goes.

davidcole:

* Could I pull stats off it (I have seen talk of a API), - Sorry don't know about the API

* or would that be redundant as the controller will now hold all that? The USG certainly does hold certain stats. Most used protocols, most active downloaders. I'll post pictures tonight. Generic info though, nothing detailed.

* I use DNSMasq options under dns4me for geo unblocking. - Sorry, don't know if this is built in or available via the CLI

* I have UFB so obviously need to VLAN 10 tagging - No prob. The USG doesn't support *DSL anyway. That means it doesn't have a telephone jack, only ethernet ports.

* I don't have a lot of firewall rules, some incoming ssh on non standard ports, so I assume USG can do external to internal port mappings? - Firewall rules supported. Will post pictures tonight

* Static IPs, I use these a lot, - Possible, once the device has obtained an address. Don't know if you can pre-allocate reservations via the GUI. Maybe via the CLI

* and I like to set name/ips to certain ranges (ie media machines/devices between 192.168.10.30 and 192.168.10.40 for example) - Not via GUI

* Dynamic DNS via noip - Don't remember

* I restrict a device from external communication - Yes

* I have a guest network on a different subnet/vlan/SSID, with its own DHCP (a linux vm), blocked from accessing the internal network - Different VLANs / networks & SSIDs possible.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#1701422 11-Jan-2017 14:23

I am sure Michael Murfy will chime in... but I think you would be better with the EdgeRouter. Being that you can hack the crap out of it. The USG is all about Unifi and that easy to manage ecosystem.

Personally haven't seen the stats that come off it in Unifi Controller. But if they are similar to what stats you get from just using a Unifi AP then it will show what you want (per device, upload, download).

But sounds like you aren't a rookie so just get the ERL and then you wont have to worry about limitations (that much).

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1701426 11-Jan-2017 14:28

chevrolux:

I am sure Michael Murfy will chime in... but I think you would be better with the EdgeRouter. Being that you can hack the crap out of it. The USG is all about Unifi and that easy to manage ecosystem.

Personally haven't seen the stats that come off it in Unifi Controller. But if they are similar to what stats you get from just using a Unifi AP then it will show what you want (per device, upload, download).

But sounds like you aren't a rookie so just get the ERL and then you wont have to worry about limitations (that much).

I'm not a rookie at being able to code stuff and hook crap together....but on networks I'd say I'm definitely in that camp

michaelmurfy

meow
13580 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1701431 11-Jan-2017 14:34

Yes the USG is the Edgerouter without most of the features and powered by the UniFi portal. As for usage stats @ZollyMonsta can comment on this in further depth.

You do get full visibility of your network via the UniFi portal + the USG and it does run dnsmasq so you're able to drop the dns4me dnsmasq file under /etc/dnsmasq.d/ to to load it. To be honest the USG will work fine with what you're needing and integrates well with the UniFi ecosystem.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#1701434 11-Jan-2017 14:37

davidcole:

chevrolux:

I am sure Michael Murfy will chime in... but I think you would be better with the EdgeRouter. Being that you can hack the crap out of it. The USG is all about Unifi and that easy to manage ecosystem.

Personally haven't seen the stats that come off it in Unifi Controller. But if they are similar to what stats you get from just using a Unifi AP then it will show what you want (per device, upload, download).

But sounds like you aren't a rookie so just get the ERL and then you wont have to worry about limitations (that much).

I'm not a rookie at being able to code stuff and hook crap together....but on networks I'd say I'm definitely in that camp

Well really the only thing with the ERL is that to get the cool stuff happening you have to jump on the CLI. But it is a pretty good CLI - tab auto-complete, help etc. So it's quite easy to work out how to do stuff.

Port forwarding, static dhcp rules, dynamic DNS, vlan tags etc can all be done on the GUI (well it could a couple of years ago so I assume its only gotten better).

And it's just a debian box at the end of the day, so if you like scripts and stuff doing things for you it would be super easy.

Benoire

2878 posts

Uber Geek
+1 received by user: 681

#1701490 11-Jan-2017 16:34

Does the USG support IPv6 via the GUI yet? I've seen it on their roadmap as a to do...

Lego

Shop now for Lego sets and other gifts (affiliate link).

michaelmurfy

meow
13580 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1701757 11-Jan-2017 23:15

Benoire:

Does the USG support IPv6 via the GUI yet? I've seen it on their roadmap as a to do...

Looking at the roadmap it is going to be very soon - it is on the roadmap for the Edgerouter too. At the moment the focus is to bring it to the same EdgeOS version as the Edgerouter so they can focus on features for both at the same time.

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#1701766 12-Jan-2017 00:29

Benoire: Does the USG support IPv6 via the GUI yet? I've seen it on their roadmap as a to do...

No, it does not. Sorry.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#1701769 12-Jan-2017 01:48

As promised, some screenshots. Except for the traffic quantify, all other stats & config options only became available once I had the USG configured as the gateway.

The default landing page for the UnifyController.

Attached clients

Stats - Detailed

Stats - Overview

Device configuration. Here you can assign a friendly name to the device (Yeah Android, I'm talking to you!) and assign the user group / traffic class

Under the network section for the device, you can "reserve" the IP

You can also view a few device specific stats

The controller also captures events (I think somebody came downstairs for a midnight snack)

and alerts

Here are various settings. I'm keeping it simple for now

Wi-Fi:

Networks:

Firewall

Guest network

User groups & throttling

Hope you enjoyed the show

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#1701771 12-Jan-2017 01:51

The one negative for me about the USG is that it only has one LAN port.

For me, it seems a wast to have a device that only has two ethernet ports, one each for LAN & WAN. I would prefer my device to have multiple LAN ports.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

michaelmurfy

meow
13580 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1701772 12-Jan-2017 01:58

IcI:

The one negative for me about the USG is that it only has one LAN port.

For me, it seems a wast to have a device that only has two ethernet ports, one each for LAN & WAN. I would prefer my device to have multiple LAN ports.

The ability to configure each port how you like is in the UniFi 5.5 software (currently in a testing stage) if you want to walk on the wild side with bleeding-edge options. With @ZollyMonsta's USG we've configured 2x WAN ports (failover) with 1x LAN port running on the UniFi 5.3.11 software (the current software running on the community cloud controller):

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified

Trusted

#1701789 12-Jan-2017 07:54

As above. And the 1 LAN port goes to a TP Link 8 port switch to give me LAN ports to play with (with a de one TP Link switch should I need more).

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

As per the usual std disclaimer.. "All thoughts typed here are my own."

D.W

747 posts

Ultimate Geek
+1 received by user: 91

#1701800 12-Jan-2017 08:23

I've just gone with the EdgeRouter X-SFP + UAP-AC-LITE. The X-SFP has 5 PoE ports so I can add additional PoE WAPs if needed in the future directly into the router without needing additional cabling for injectors.

I was considering the USG also, but I would've had to buy the USG + a Passive 24V PoE switch to connect my WAPs.

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1701805 12-Jan-2017 08:42

IcI:

Attached clients

Stats - Detailed

Stats - Overview

Thanks for that...it was really helpful. For these client pages can you set that xxxx-Ipad used xyz up/down and break it down to different periods, month, day, week etc?

But what I can't break down even further is for one of those hosts what it actually did over that hour. ie the high upload from Aragorn (right hand picture) is most likely to crashplan

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1718689 11-Feb-2017 17:10

Regarding @zollymonstas use of the voip port, I'm trying to use it as a 2nd lan for my ata. So for voip. But it never seems to connect. The network was set up as corporate (can't choose voip) on lan2 with a dhcp server in a different subnet.

But the controller never shows a connection and the ata never get an address. No idea why.

1 | 2