I am going to setup a new home network later today and was wondering if there are any guides/tips that would work for the planning stages, I have purchased Ubiquiti hardware to replace my TP-Link router. I have a server, multiple PC’s, home automation gear and a security camera.
Ubiquiti equipment:
USG Security Gateway
US-8-60W Switch
UAP-AC-LITE wireless AP
I have also installed the Unifi Controller software via Docker onto my server.
How fast is your internet connection?
300/300
Leave QOS and IDS/IPS off. It will severely cap your WAN speeds.
Otherwise, assuming you have intermediate-ish understanding of tcp/ip, you should be fine. I set up a nearly identical network just last weekend, so if you run into any hiccups, @me here.
One note, the USG runs hot, especially if you have it stacked on the switch. Low-key burned by hand on it (no temp alerts from the unit, just hot chassis).
Glad to hear that you also recently setup something similar, did you configure VLANs?
I plan on installing the USG and Switch in an old Ikea media cabinet which has a 120mm fan installed modded to run off a usb cable, should help.
I configured s2s and transport VPNs, but no vlans at that site. I do have vlans configured at my aparment on similar hardware though.
If you just want basic port-based vlans, it’s pretty self explanatory. Is that what you need or are you looking for 802.1x RADIUS authentication (it can do this, but is more involved)?
I would like to setup VLAN’s for the following categories.
Normal, servers, ipcams, guest, iot
What, they trying to design like apple? Only ever had their APs or the 4(5) port edge router so
Do you want to statically assign vlans to ports or have the vlans follow the devices through the network?
As you said setting up the vlans to ports would be easier, is there a disadvantage to doing it this way vs alternatives? This is my first time setting up a Ubiquiti network.
Yeah, I recommend this as a starting point unless you already have a RADIUS server running and are familiar with 802.1x.
If you look at your switch under devices, you can click on a port and set it to whatever vlan/network you want it to use. If you don’t see what you need, you can do more advanced things under Profiles > Switch Ports in Settings.
Thanks for the advice.
I am just thinking through the setup now and based on the server running the Docker for Unifi Controller how would I be physically connecting the new Ubiquiti equipment as I have to disconnect my existing router from the equation. Would it be easier to create a VM on one machine running Unifi controller for the initial setup and then use the Controller on the physical server via docker?
I just cave and use cloud keys for this reason, but I would try just running the standalone app on your desktop, configure everything, export the config, exit the app and then load it onto your container instance.
I also export the config and save it to my password manager each time I make any big changes. If it ever gets borked, reloading the config is trivial.
The USG3 does run a bit hot, but it’s supposed to. Just don’t stack it and you’ll be fine.
Stay away from gen1 cloudkeys as the onboard mongodb corrupts at the drop of a hat. The gen2 cloudkeys have an onboard battery to gracefully shutdown when you remove power. I personally run the controller in a linux container, works fine.
Unifi stuff is really easy to setup, that’s the whole point. My only issue came when I had multiple VLANs and wanted autodiscover stuff like Sonos to go across the LANs, but a quick google fixed that no problem.
Don’t use IDS or packet-shaping, the USG3 is too slow. DPI is fine, it doesn’t slow it down.
Standalone unifi controller on my main PC for setup and then save and move over to the Docker sounds like a good plan, thanks as I was trying to figure out my best options for this, I also appreciate the password manager tips.
@Ruffalo I will make sure the cabinet has active cooling, should be fine.
Be sure to set the ssh password on your devices in the controller software.
When you move over, you might need to go into the devices and manually reconnect them to the controllers new IP.
To do that, run this command on the device:
set-inform http://ip-of-controller:8080/inform
Yeah, get used to that command. I need to manually do that every couple of months.
If you set a static IP, it should be fine…
Not for me, sometimes they don’t show up in the controller until I re-inform. Dunno why. It happens pretty rarely.
Interesting. I wonder if the config isn’t persisting on reboot or something.