Ubiquiti Equipment List
- UCG Ultra (https://store.ui.com/us/en/category/all-cloud-gateways/products/ucg-ultra)
- USW Flex-Mini (https://store.ui.com/us/en/category/all-switching/products/usw-flex-mini)
- U7-Pro (https://store.ui.com/us/en/category/all-wifi/products/u7-pro)
- PoE+ Adapter 30W (https://store.ui.com/us/en/category/accessories-poe-power/collections/pro-store-poe-and-power-adapters/products/u-poe-plus)
- UniFi Patch Cable (https://store.ui.com/us/en/category/accessories-cables-dacs/collections/accessories-pro-patch-cables/products/unifi-ethernet-patch-cable-with-bendable-booted-rj45?variant=u-cable-patch-rj45)
Installing & Configuring Unifi Network
The initial setup was very straightforward:
- Create a Ubiquiti account
- Power on equipment
- Add equipment to Ubiquiti account( or in Unifi’s words “Adopt” )
After working through this setup you should be able to login at unifi.ui.com to view the Site Manager( all firewalls that you adopt to your account will show up here)
Physical Setup
The below was setup:
- UCG Ultra port -> Xfinity modem LAN port
- USW Flex Mini port-> UCG Ultra port
- Proxmox Server-> USW Flex Mini port
- U7 Pro-> USW Flex Mini port
UCG Ultra Configuration
Configurations can be made pretty easily through the unifi portal. Out of the box these gateways are pretty much configured to be plug and play, but if you want to play around with settings like me there’s still quite a few options to mess with.
VLAN Config
I chose to set up a few VLANs to segment my IoT devices from the main network for now. The below was configured in Settings-> Networks:
- NAME | VLAN ID
- Default | 1 ( this is given by the gateway automatically )
- Main | 10
- IOT | 100
- Guest | 90
Best Practice for setting up VLANs is to set your VLAN ID to your subnet for SOHO networks, which is the approach I took here.
UnFi help article
Creating VLANs: https://help.ui.com/hc/en-us/articles/9761080275607-Creating-Virtual-Networks-VLANs
WiFi Config
When setting up WiFi I wanted to keep it as simple as possible. I segmented my main devices from any IoT device I had such as security camera, robot vacuum, and Tv’s.
At first I tried to configure my TV’s on the IOT VLAN, but couldn’t get casting to work while my phone was on the Main VLAN, so I scraped that idea. I was also going to setup a Guest WiFi for anyone who visited, but decided to scrap this as well since it seemed like an overkill.
The below was configured in Settings-> WiFi
- NAME | NETWORK | WIFI BAND
- LakeHouseMain | Main | 5GHz, 2.4GHz
- LakeHouseHP | Main | 5GHz, 6GHz
- LakeHouseIOT | IOT | 2.4GHz
A couple best practice tips I came across:
- You want your main WiFi to be able to get good range and performance so setting up the 2.5GHz and 5GHz helps devices find a good balance when broadcasting both frequencies
- For IoT devices there can be issues with trying to connect to 5GHz especially with older models…to help avoid potential issues you should set to 2.4GHz
- Make sure to run the Channelization optimzer to have the AP automatically choose ranges that will load balance a little better especially if you have a lot of neighbors nearby like me
UniFi help articles
Creating WiFi: https://help.ui.com/hc/en-us/articles/26136823938583-Creating-WiFi-and-Broadcasting-VLANs
6GHz WiFi Setup: https://help.ui.com/hc/en-us/articles/20407971377815-Getting-Started-with-6-GHz
WiFi Optimization: https://help.ui.com/hc/en-us/articles/221029967-Optimizing-WiFi-Connectivity-and-Reducing-Latency
Firewall Rules
There’s really not a whole lot to configure with firewall rules as a lot of the defaults will be fine for most scenarios. If something specific is needed, then creating a rule is pretty simple. ( Settings-> Security-> Traffic & Firewall Rules )
Before you can setup a Rule you will need to create a new Network Object Profile( Settings-> Profiles-> Network Objects) otherwise you will not be able to set a rule against anything.
The below Group was created:
- Name: IOT_Only
- Type: IPv4 Address/Subnet
- Address: [Type in subnets that you want to be included]
Once my group was created I ended up configuring 1 rule for my IOT traffic:
- Name: Block IOT to All
- Type: LAN In
- Action: Drop
- Source Type: Network
- Network: IOT
- Destination Type: Port/IP Group
- Address Group: IOT_Only
Other Tips
Just a few other tips I found along the way that may need configured depending on network needs:
- Set IoT Auto-Discovery to:
- Main, IOT
- This allows your IOT devices to communicate “Multicast” traffic only
- Set Multicast Filtering to:
- Main, IOT
- This forces multicast traffic to only forward to ports that receivers are connected to
- Make sure to select “IGMP Snooping” & “Multicast DNS” under your Networks
- This will allow IOT devices to communicate between networks and help with connecting to these devices
- Ad-Blocking was enabled for about 1 day before I turned this feature off
- I ran into issues with streaming services not loading correctly and basically forcing me to re-enable this
- There is probably a work-around that could be implemented, but didn’t feel like messing with this
Final Thoughts
I am overall very impressed with Ubiquiti’s equipment, setup process, and features that are available. I don’t think a lot of the features would be needed for most households, but having the ability there could always be useful.
When it comes to cost vs. ease of use there are probably good arguments with getting grandma or non-technical people something cheaper that would work just as good. For tech users or someone interested in messing with some networking concepts this is a great product to work with and can even translate to small to medium business operations as well.
I’ve had this equipment installed for a little over 3 months at this point and haven’t ran into any issues with updates or failures.
Somewhat unrelated was my attempt at using WiFi 7 on the 6GHz band. Although I was able to connect to this from my upstairs office( < 40ft away), it seemed to drop pretty quick and was a little hit or miss…this might be as simple as doing a little more research into setting up a better frequency or something, but that will be for a different day.
This is very interesting, You’re a very skilled blogger.
I’ve joined your feed and look forward to seeking more of your wonderful post.
Also, I have shared your website in my social networks!