*** Official Ubiquiti Discussion Thread ***

Soldato
Joined
8 Jan 2003
Posts
3,692
Location
Scotland
Personally I have split my IoT devices onto a separate VLAN from anything important and it is not a lot of work to do so.

Given I had quite a few things like wifi enabled bulbs I created a new SSID for non-IoT devices and then assigned the old one to a separate VLAN via the Ubiquiti controller (seemed the easiest way to do that as it meant that the IoT devices did not need to be reconfigured as they were just using the same SSID as before as far as they were concerned and its a lot easier to reconfigure normal devices). Add any wired IoT devices to the new VLAN at the switch port level (e.g. Hive Hub).

Create firewall groups for the address ranges of each VLAN and then create a firewall rule on the Controller which blocks devices on the IoT VLAN from instigating connections to the "main" network. This means that devices on the "main" network can access the IoT network for management and then devices can then respond but IoT devices cannot communicate on their own to the "main" network.

Took maybe 30 minutes including Googling to find out how to do it.

Pretty much the same as what I've done. Only thing that was a faff was Sonos but once I had mDNS and IGMP Proxy setup and the required firewall ports open, it worked fine. Can control my Sonos from a different wireless network/VLAN.
 
Soldato
Joined
17 Nov 2007
Posts
3,161
Pretty much the same as what I've done. Only thing that was a faff was Sonos but once I had mDNS and IGMP Proxy setup and the required firewall ports open, it worked fine. Can control my Sonos from a different wireless network/VLAN.

Can you share a bit more info on this, pushing SONOS onto its own SSID / network sounds like a good idea.
 
Associate
Joined
16 Mar 2004
Posts
1,889
Location
Oxford
I'm not thinking to change my setup just yet, but should I upgrade or replace due to hardware failure is there an easy way to swap? currently with 80/20 FTTC, should FTTP become available I wouldn't be able to utilize the connection without disabling various features. So for example where I currently have the USG and changed to a USG-PRO-4 is there a relatively seamless way to do this? It's only a home network but it's nice to avoid being moaned at if the internet isn't working!

  • 2x US-24-250
  • 3x US-8-150W
  • 3x AC Pro
 
Last edited:
Soldato
Joined
13 Jul 2005
Posts
19,205
Location
Norfolk, South Scotland
Yes, you just adopt the USG-4P onto the controller and enter the PPPoE and BT credentials details.

Then if the USG-3P fails you unplug everything from that and put it into the USG-4P and it will just work.

The key is that the USG gets all its settings from the controller so as long as it has enough data to bring up the BT connection it just works.
 
Man of Honour
Joined
20 Sep 2006
Posts
33,886
No, there is nothing in the Beta or Early Access programmes so anything new is at least 3-6 months away. Although they did launch the US-XG-6 PoE very, very, quickly it's still not actually available to buy and the new AP-IW-HD and UCK Gen2's were launched and brought to the market quite quickly as well.

Realistically - you're still looking at 3-6 months.

Cheers, I've ordered the 4.
 
Soldato
Joined
16 Aug 2004
Posts
6,324
Location
New Jersey, USA
Possibly a daft question but have you upgraded the RAM on the USG and tried IPS/IDS recently? They have made pretty big optimisations on that in the last couple of firmware releases and just the RAM upgrade helps in many cases as it’s not paging the lists at all with 8Gb RAM whereas with 2Gb RAM it has to load and unload the lists sometimes.

No, last time I looked into it adding RAM didn't seem to actually make any difference so I haven't bothered. Maybe I'll take another look though.
 
Soldato
Joined
13 Jul 2005
Posts
19,205
Location
Norfolk, South Scotland
No, last time I looked into it adding RAM didn't seem to actually make any difference so I haven't bothered. Maybe I'll take another look though.

UBNT officially state that more RAM doesn’t make the USG-4P any faster in this regard. And yet, my 8Gb USG-4P runs at 550-700Mbps with IDS switched on and a steady 600Mbps max throughput with IPS. So roughly a third faster than UBNT say it should run.
 
Soldato
Joined
13 Jan 2004
Posts
20,929
Careful with the UniFi App. There's some quirky things at times. If I configure my APs then they revert to the default channels. For some reason the app doesn't like DFS channels which I have set via the Web interface.
 
Soldato
Joined
13 Jan 2004
Posts
20,929
Are you running Beta firmware or controller software?

Nope. Latest stable releases.

If I use the app and go into AP Channel Configuration there are no DFS channels. It means if you commit any other changes it sets a channel that it is able to list. The web configuration displays all the channels, including DFS, as expected.
 
Soldato
Joined
8 Jan 2003
Posts
3,692
Location
Scotland
Just read through that thread and couldnt see an answer to my q. Whats the actual point and gain of putting all Sonos stuff on its own VLAN?
Ah okay, I thought you wanted advice on setting it up. The theory being that segregating off IoT type devices which you can't harden yourself limits the attack surface on your network. So your PC/laptop that you do online banking on, etc isn't on the same VLAN as your smart home devices. Crude example but first that came to mind.
 

Kol

Kol

Man of Honour
Joined
8 Jan 2003
Posts
14,201
Location
London
Just jumping in on this, I understand IoT devices but not Sonos. You'd lose the ability to control it from your phone, cast spotify to it etc. surely or does it communicate with the app via the Sonos server instead?
 
Soldato
Joined
8 Jan 2003
Posts
3,692
Location
Scotland
Just jumping in on this, I understand IoT devices but not Sonos. You'd lose the ability to control it from your phone, cast spotify to it etc. surely or does it communicate with the app via the Sonos server instead?
Not if you configure the firewall correctly and setup some broadcast services (see link to Ubiquiti forum above). I have my Sonos devices on an IoT VLAN and my phone on the main house LAN and can control Sonos from it and cast Spotify to it.
 

Kol

Kol

Man of Honour
Joined
8 Jan 2003
Posts
14,201
Location
London
Not if you configure the firewall correctly and setup some broadcast services (see link to Ubiquiti forum above). I have my Sonos devices on an IoT VLAN and my phone on the main house LAN and can control Sonos from it and cast Spotify to it.

Ah, ok - that sounds interesting. Cheers.
 
Soldato
Joined
14 Oct 2009
Posts
9,538
Location
UK
I am probably asking in the wrong thread but...
MikroTik wsAP ac lite RBwsAP-5Hac2nD - £38.59
UniFi AC Lite UAP-AC-LITE - £68.78
AirCube AC ACB-AC - £64

Is the UniFi AC Lite or AirCube worth the extra £30? I am not looking to do much other than just have my wireless devices connected to the internet.

I already own an EdgeRouter 3 Lite, but from what I have read it is not in the UniFi range I won't get all the benefits that the Unifi system offers but I am not too fussed about that. I just want to get away from the SuperHub from Virgin Media.

If anyone else has any suggestions for a pretty low cost AP I am all ears.
 
Soldato
Joined
8 Jan 2003
Posts
3,692
Location
Scotland
I'm not up to speed on the MikroTik range but it looks like the 5GHz is only single chain and the ethernet ports aren't gigabit which will limit your bandwidth between the AP and the router. Someone that has experience of both will be able to advise better. That's just a quick impression looking at the specs of both. (I have 2 x UAP-AC-Lite)
 
Back
Top Bottom