Ubiquiti UniFi USG and US-16-XG 10G Switch – Challenges – 653

Trying to explain how I would like my network to be working.
Using the Ubiquiti UniFi USG, the US-16-XG 10G Switch and a comming 48 port. I want two separate sections in my datacenter.

Unkyjoe’s Playhouse :

Link UK – Ubiquiti UniFi US-16 XG 10G :
Link US – Ubiquiti UniFi US-16 XG 10G : ?? I got the last ?
Link UK – Ubiquiti Networks AP AC :
Link US – Ubiquiti Networks AP AC :

Even just 1$ a month, comes out to the same as Binge-watching all of my 500+ Videos every month.

My PlayHouse is a channel where i will show, what i am working on. I have this house, it is 168 Square Meters / 1808.3ft² and it is full, of half-finished projects.

I love working with heating, insulation, Servers, computers, Datacenter, green power, alternative energy, solar, wind and more. It all costs, but I’m trying to get the most out of my money, and my time.

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Written by lena

Foodie, Performer, Water Protector, Avid Baker, Syndicate Aggregator. I probably still live in my mom's basement.


Leave a Reply
  1. Hehehe no one is downloading porn from the internet anymore… Just stream it and move on LOL Love the Channel keep it up buddy!!!

  2. I haven't fully watched your video yet.  But why don't you make an extra network interface on your PFsense VM first (LAN2)  then make a VLAN to separate that traffic to your second 19"inch rack.  Then you only have to make some routing and firewall rules in PFsense and you have a working solution. It's probably easier because you are familier with PFsense and not yet with the unifi box. Although i would always prefer a hardware based router/firewall above a virtual one.

  3. I would mention to the data monsters out there, USG routing is not a good thing if you move high amounts of traffic over your local networks (vlan to different vlan). All router on a stick options are a huge bottleneck as you get just a maximum throughput of the connection link. If you have a layer 3 switch, you can pass multiple streams between vlans allowing for more than 1 Gig throughput during inter-vlan routing. Just thought I would mention that as a 10 gig switch with different vlans will be stuck at 1 gig when traffic is passing vlan to vlan.

  4. Tag traffic in esxi, why you build your setup with more appliances, actually you have VM for everything, or you can build it! Good luck!

  5. Hi Morten! I think with this configuration, you will find yourself in a double NAT configue behind your PF box, wich is not recommended 'cause it can cause troubles with VPN connections, when you need to open specific ports and when you deal with HTTPS traffic (I believe)
    The ideal thing is to set your ubiquiti router on bridge mode, so that you can forward wan1 traffic to Pfsense for the first rack and wan2 traffic to another Pfsense for rack 2

    I'm NOT an expert, so I might said some huge bull**
    Anyways, keep up your good work !

  6. After watching your video I would recommend changing some changes.
    Since you don't plan to use the guest feature you should simplify your setup.

    You should connect you wlan intern to the wan port of the usg. Rack 1 (pfsense) should go to lan1 and rack2 (router / another pfsense).

    Then you can to a setup like Forward all ports of wanip1 to pfsense in rack1 and all ports of wanip2 to router in rack2.

    On the Backbone Switch you can sen create different vlans for like Management (iLo, KVM…), iSCSI, Network.
    I would recommend placing all you kvm and other manamagment Ports in the management vlan and also place you unifi controller there.

    Also keep in mind to enable jumbo frames on the iscsi vlan 😉

    If you have any questions feel free to reach out and keep up the good work!

  7. Unfortunatly at the moment you cannot route multiple wan IP addresses on the USG GUI, it has been promised from Unifi for ages but is still not here. You can accomplish this in the CLI but it is a PITA.

  8. Yes you can do it. I'm a Cisco guy and its simple on Cisco, just did a quick google search it says it can be done on this USG Security Gateway.

  9. Hi Morten, I run multiple unifi based networks. What you want to do can easily be done with firewall rules. The usg can do that but the feature is still in beta. Your pfsense will also do that. I'd be more than willing to help you with this. I follow you on twitter. Just drop me a message there.

  10. Hi Morten,

    I would recommend you installing the Unifi Controller software on a Linux VM (Debian or Ubuntu). It will be more stable and use fewer resources on your VMWare cluster (Because of Windows and the unnecessary GUI). You should be able to run it with 1-2 vCPU, 1-2GB of ram and 20GB of storage.

    I would also recommend on creating VLANs for all the separate management traffic (your rack, the other rack, and the network devices). That will make it possible for you to put the management interfaces of the servers behind a VPN while having the public facing network on the other interface of the servers. That way the IMM won't be public facing. It's also more secure since the servers on your local network won't be able to manage your network equipment in an unauthorized way.

    In order to "see" the USG that has been given a VLAN for management, you need to actually connect your controller to this VLAN using another interface and manually configuring the port on the switch to tag the traffic with the VLAN ID or you can trunk your main server port and create a virtual interface with the VLAN ID you gave to the USG. You could also route the traffic between both VLANs on the USG but that would defeat the whole purpose of separate VLANs.

    Also, for clarification, you don't need 2 USG, or use the PFSense along the USG, the USG would outright replace your PFSense setup. You could also just use PFSense instead of the USG since they actually serve the exact same purpose. It all depends on how you want to manage your network but mixing the PFSense with all the Ubiquiti switches and Acces Point.

    Diagram :

    I would be more than happy to help you regarding your network setup with additional configuration and network diagrams.

  11. You should decrease the audio level of your background music to match sick Mortens voice. Sick Morten is doing a good job none the less, I hope normal Morten can come back soon.

  12. Hello Morten, if it is port 8080 being blocked/used then I would suspect that your ISP is using it for remote management of your NTD (Network Termination Device) or there gear at your end.
    The USG 3 you have maybe a little on the small side and they run HOT. Mount vertically if possible for convection cooling otherwise, in rack with positive airflow. Make no mistake, the USG's are NOT a replacement for a PFSense box if you are using it as full UTM style use, aka IPS/IDS, Proxy, Load balancing, content filtering etc. etc. The USG's are a firewall/router, thats it.
    Using the XG16 switch as a core is great but keep in mind, any inter-VLAN taffic needs to go back through USG. Traffic is not done on the switch as far as I know, anyone, please correct me if wrong.
    Your wireless AP's connect back to the network via a trunk port (all VLAN's are passed), it is the SSID that you tag for a VLAN thus its segregation.
    Love the Linksys 2048, I had heaps of them and used to replace the failed caps and use them for good 48-port GbE L2/L3 switches.
    I might suggest that if you are new to UniFi, the use of a Cloud Key will be best rather than a VM. You need to be sure that your controller is broadcasting itself and its IP, making a DNS entry for "UniFi" on your DHCP/DNS server to point at the controller helps a lot.
    You can setup the network settings BEFORE adding any devices including the USG to avoid IP conflicts. As soon as it is adopted, it will go to correct IP. Other way is to run it up on seperate or isolated network and log into its GUI ( and set the temporary IP settings for local side and WAN side until it is adopted that then override these settings.

  13. to get 2 public IPs, i'm pretty sure you'd need 2 internet connections, or for your ISP to assign you a range of static IPs

  14. you don't need 2 pf sense router only connect your internet provider onto your vmware pfsense appliance and output as a trunk or 2 separate nic or 1 virtual adapter and one physical port. i would use the trunking option to the 10 gb switch you got and configure 2 vlans!! Exemple vlan id 10 and vlanid 20 with 2 separate subnet. very easy to configure on pfsense after that you can lock down each network as you want!! sorry for my English

  15. The US-16-XG is my choice of switches but costly….many are used in surveillance network setups with many POE cameras…..My 16 year old son setup my Unifi Access Points in my home….

  16. Great video as always Morten, but why don't you look for and get the items from other European Amazon stores?

    You can get that itens in Europe and save some shipping costs 😉

  17. Morten, I'm glad to hear you are warming up to Linux! Now to your questions…
    You will need to continue to connect your WISP(Wireless ISP) to a switch. The problem with connecting the USG directly to the WISP; you will only be able to assign one IP address to the interface. Both racks would be behind the same external IP address.
    You could use the pfsense vm for your tenant rack and use the USG for your own and the rest of the house. That will probably put the Unifi features where you want them most. I would move the pfsense vm to your tenant rack also, just to keep it neat administratively.
    With managing the USG; from the machine running the unifi controller; can you ping both IP addresses of the USG? You may need to set the IP address of the USG to in the unifi controller. Maybe it can't reach the other address?
    Good luck with your technical difficulties! oh, and why do you use a PoE injector for your WISP when your 3560-X switch is PoE?

  18. Do you think that is necessary to have an USG when there is a PFsense box already? At home I already have Unifi Acess points and a Switch, and I also have a PFsense server. There are real benefits when buying a USG?

  19. contact Marzbar on youtube he has a channel and uses all ubiquit equipment to run his own WISP network. He would be your best best to get the help you need.

  20. On my ubuntu server I did not have to open any ports the installer did that for me please use ubuntu server it takes 10 seconds to boot

  21. hello , try install CHR Mikrotik for VMWare you can get more with it for routning and firewall purposes, this is great router !!! pfsence this for children and unifi router only for women )))

  22. I am not familiar with Pfsense but if its similar to Untangle you could have just used your two static internet address through it and then split them between the two racks. I pay $60 a year to use the commercial version of Untangle at home but there is the free version with less features. I think you are going through too many devices which will make more work for yourself. Its been years since I have done networking and forgot many things but you should make it as simple as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

WW3 Update: North Korea deploys their Nuclear ICBMs

The Power of Combination | Polarith AI Unity Tutorial [Basics]