QoS details on Ubiquity switches

Hi there,

since Cisco is not going to fix the recent severe security issue for the SG300 series I’m thinking of jumping ship to Ubiquity (mainly for ease of use when handing multiple switches in my network). Unfortunately the unifi swiches don’t seem to support a lot of detailed options to configure QoS and IGMP snooping that I need for running a Dante protocol audio over IP network in a pro media creation content setup. So far I have only found something that Ubiquity calls “smart cues” but it’s just an on/off switch more or less.
So my question is: How do you setup specific DSCP settings for unifi switches? These are the settings that you needed to setup on the Ciscos.

I have found no sttings in Unifi controller to set this up accordingly so I wonder if I need to stay away from Ubiquity as well and look elsewhere when replacing the SG300 as Dante requires these QoS settings:


If you are using Dante you should probably buy the Netgear AV Line switches, we have one for our Tricaster system (NDI and Dante). You can set all the QOS stuff by hand the hard way, or click a checkbox to apply a preset profile.

You can also do all this with Mikrotik Router OS or Switch OS, or at least on anything CRS3xx or higher spec. You’ll need to hand configure all the QOS, but it will work. Yes IGMP snooping and querier are present on both.

This is the switch we bought, I lost a battle to get the higher power POE++, which is stupid because we have 60 watt PTZ cameras. Those POE++ power injectors are a pain in the backside!

I haven’t seen another line of switches that really “gets” the audio and video over IP, simple click on a profile to load what you need. Or go into the terminal and configure the hard way.

The only downside of the Netgear stuff is lack of proper stacking to form a large system, and lack of 10gbps (or higher), max you can get is 4 SFP+ at a max of 10gbps.

Thank you, I didn’t know about that series! I assume that means “forget Ubiquity” for that use case" :wink:
I guess Netgear are adding a premium price tag to the “AV” label too. 700$ for an 8-port switch is pretty steep :smiley:
Seems like the “dante switches” that Yamaha and some others sell which are more or less re-branded Ciscos SG300 for 2-3x the price.
Unfortunately I haven’t got that kind of budget at the moment, but I’m sure those Netgears are cool.
I think I’ll try and get an SG350 (and look at the others you mentioned) since I’m very familiar with the Cisco GUI and they do offer a fix for that series. It’s a shame the SG300 is turned into trash just because they won’t fix the issue (I’ve even received a warning from our government’s IT ministry about using them from now on). It has been running fine for years and still is…

Many thanks again!

Yes those Netgear are expensive for the small switches, doesn’t make sense to buy less than the one I have at work. The other important thing for the Cisco is that if you need help from Audinate, they are familiar with the SG300/350 switches.

I’d give some of the Mikrotik switches a look, I’m having good luck with my CRS3091g-8s+in (using both as a Top of Rack right now) It’s a 10gbps sfp+ switch, but you can use 1gbps modules and change the settings so that most modules work. But no POE, which means the little AVio devices are going to be a problem. I’ve been thinking about this switch for home MikroTik Routers and Wireless - Products: CRS328-24P-4S+RM

Here is the Serve the Home article and video MikroTik CRS328-24P-4S+RM Review 24-port PoE and 4x 10GbE Switch

If you only need a few ports for moving audio, it should be fine. If you are moving 64 channels each port and a bunch of multicast, it might still be OK and possibly worth a try. Support has been helpful when I contacted them about one of my 309’s and the feature set seems to be very much everything you might want. Processor and buffer RAM might be the only things I’d like to have more from. I wouldn’t run too many other features, like not running Suricata or other scanners on your audio network, just use it as a plain old switch (probably in Switch OS). There is a good GUI in both the Sw OS and Router OS, and you can freely boot between the two.

And all of that said, while I am a Dante Level 3, we are still just getting started on our big Dante roll out. Been waiting for over a year for parts on our other switches, several buildings on campus will be on my network so we can move Dante and NDI from place to place for recordings or live events (we teach audio and video production). The day to day troubleshooting of Dante problems is still just theory to me, same for NDI (though I haven’t taken are certifications for the NDI stuff yet, been going through the Newtek courses).

What is your workflow for this switch? Might be worth sitting down to calculate what you really need per port. And add in things like, are you working directly to a storage server and does that server have a 10gbps port. How many devices do you use or is it mostly a big stage box like a Millenia Preamp box. Any other network connected things like the mixer, etc.

We are using Midas M32 mixers, a couple of Millenia preamp stage boxes, we have a bunch of AVio but none have been used yet, and a few other things that mostly haven’t been used yet, and a couple of DVS licenses for computers.

Thanks again for the detailed info! I’ll have a look at all those.
Dante has been running flawlessly with my 28port SG300. The only reason I want to retire them is the security issue that won’t be fixed for the 300 series.

I’ll have a look at the Mikrotiks. Oh, and I don’t really need PoE.

Thanks a lot!

Would it make sense to just shut off the web interface? How often do you need to go in and reconfigure things?

I don’t have an SG to to confirm this, not sure if it is in Packet Tracer either, but this post suggests an easy fix by changing the command:

If you go into terminal and type “en” (enable) and password, then type “conf T” (configure terminal) to get into config mode, and type “no ip http server” that should turn the web gui off. That should “fix” the the vulnerabilities stated above. Stick a label on the top of the switch with the commands to run to turn it on and turn it off so you don’t forget. Then just turn it on if you need to make changes, and turn it back off when done. You may also be able to restrict the web gui to the service connection, which can probably be set to a different IP address and if you do not route to/from that address then no one will be able to compromise the gui without physical access.

Don’t forget to type “copy run start” before you exit to save the changes, else they will not be written to storage. (copy running config to start config).

And if anyone else wants to read the official Cisco bulletin, here it is:

I’m very surprised that they couldn’t even be bothered to tell you to turn the http gui off to prevent this attack. On my 2960S switches when you enter the ip address in a web browser, you get nothing unless http has been turned on, assuming the sg300 is the same, turning it off should keep you safe for as long as you want to keep using that switch.

Yeah good idea. I’ll look into it. Thanks!