UniFi 7.4 Switchport Profiles

Thank you Willie, I really thought my Switch had died after a clean install.

What happens when you just make the "primary network" a certain VLAN? Would that make it how it used to be? and you don't have to deal with the block and allow?

I think it is just stupid, old way and old interface was way better

Great video, we kept our controller updated since the summer without touching vlan as we use several others brands and were perplex as we had to use it today, we even restored a backup from end of july with change already effective... you saved us a lot of time !

I need to create a VLAN to connect a Starlink router through two switches to WAN2 port.

What if I want just one VLAN active on a port? it seems like I cannot do that?

In the latest release (7.4.162) adding a new network automatically puts it in the allow-list of port traffic-restrictions. Is this a bug or intentional? Is there a way to create a new network and not have it added to the allow list for traffic restrictions? This seems to be the opposite of what ought to happen when creating a new network. Thanks.

I don't really like the new UNIFI interface and approach, but it takes some getting used to.
Have you noticed that when adding a new VLAN, this network is added to the allow section for all swich profiles? Which causes customers to suddenly get a network that was not intended for them. Do you know any way to prevent it from doing this automatically?

Thanks for the video, and you should have added in the video to add the management VLAN ID to the Controller VLAN ID

Sorry but unifi really messed this up. It is worse than it was with the old profiles. I hope they change it... why not just follow how everybody else is doing VLAN... Also now you cant event see in the post list what VLAN the ports is on you have to check each and every port to know that VLAN it is on.

My biggest complaint is that in port manager it shows the port profile. That USED to show what VLAN the port is on. But now it doesn't unless you only go into advanced and use the ethernet port profiles. Now it shows nothing. The only way to get the port profile column to show anything is to completely ignore the new VLAN settings outside of setting up profiles, and only assign profiles to ports. Which is exactly how we did it before, now with more steps.

Will upgrading from 7.3 > 7.4 still keep all the current port profiles working ?
Or do they need to be redone using the reworked way?

Don’t know why they had to change it. It’s so convoluted. Thanks for the vid though.

With 7.4, ThisThursday, I created a VLAN for one user on the network and made it the primary network for his port on this version. Was completely ignored when I renewed his IP. Created an ethernet profile and added that; still didn't work. As of right now, he's on the same LAN as everyone else. Never experienced this problem with VLANs before with Unifi.

so I think this may be helpful, Primary + restrction (block all) = access port, Primary + no restrction = trunk all tags passed, and primary + restriction (whatever you pick) = custom trunk port for that 1 switch port, if you dont wish to do that 20 times use ethernet port option to build it once apply many times using the option for ethernet port profiles on the switch.

this was a awful change imo

I’m waiting for adding port POE power scheduler… which could disable some POE devices in night hours

This absolutely obliterated my FW rules. QOS is dope, thats cool. But the way that they don't do true VLAN trunking, hey we make up words for VLANs they are profiles "jazz hands" BUT WAIT. Now we are letting you see them they are ETHERNET PORT BUDDIES.

This is an improvement. However, I'd rather be able to specify Trunk and Access ports. Trunk ports, by default, should carry all VLANs, so no, you wouldn't have to update them every time you added a network. You would only have to update them if you've restricted them to only certain VLANs. An Access port should allow 1 untagged and 1 tagged (voice) VLAN. Sending all VLANs across every port when they aren't needed is a security risk. Anyone who plugs in and sets their NIC to pass a VLAN ID could put their self on any network, including ones you're wanting to keep secure, by using any port. I know that I'm mentioning Cisco's way of doing things, but they aren't the only ones that do it the way I'm suggesting here. Ubiquiti makes things easier, but in many cases, they hide too much, which later causes problems in more complicated setups. Of course, you're not paying as much either, so there's always a trade-off.