I am going to setup a new home network later today and was wondering if there are any guides/tips that would work for the planning stages, I have purchased Ubiquiti hardware to replace my TP-Link router. I have a server, multiple PC’s, home automation gear and a security camera.
Ubiquiti equipment:
USG Security Gateway
US-8-60W Switch
UAP-AC-LITE wireless AP
I have also installed the Unifi Controller software via Docker onto my server.
Leave QOS and IDS/IPS off. It will severely cap your WAN speeds.
Otherwise, assuming you have intermediate-ish understanding of tcp/ip, you should be fine. I set up a nearly identical network just last weekend, so if you run into any hiccups, @me here.
One note, the USG runs hot, especially if you have it stacked on the switch. Low-key burned by hand on it (no temp alerts from the unit, just hot chassis).
I configured s2s and transport VPNs, but no vlans at that site. I do have vlans configured at my aparment on similar hardware though.
If you just want basic port-based vlans, it’s pretty self explanatory. Is that what you need or are you looking for 802.1x RADIUS authentication (it can do this, but is more involved)?
As you said setting up the vlans to ports would be easier, is there a disadvantage to doing it this way vs alternatives? This is my first time setting up a Ubiquiti network.
Yeah, I recommend this as a starting point unless you already have a RADIUS server running and are familiar with 802.1x.
If you look at your switch under devices, you can click on a port and set it to whatever vlan/network you want it to use. If you don’t see what you need, you can do more advanced things under Profiles > Switch Ports in Settings.
I am just thinking through the setup now and based on the server running the Docker for Unifi Controller how would I be physically connecting the new Ubiquiti equipment as I have to disconnect my existing router from the equation. Would it be easier to create a VM on one machine running Unifi controller for the initial setup and then use the Controller on the physical server via docker?
I just cave and use cloud keys for this reason, but I would try just running the standalone app on your desktop, configure everything, export the config, exit the app and then load it onto your container instance.
I also export the config and save it to my password manager each time I make any big changes. If it ever gets borked, reloading the config is trivial.
The USG3 does run a bit hot, but it’s supposed to. Just don’t stack it and you’ll be fine.
Stay away from gen1 cloudkeys as the onboard mongodb corrupts at the drop of a hat. The gen2 cloudkeys have an onboard battery to gracefully shutdown when you remove power. I personally run the controller in a linux container, works fine.
Unifi stuff is really easy to setup, that’s the whole point. My only issue came when I had multiple VLANs and wanted autodiscover stuff like Sonos to go across the LANs, but a quick google fixed that no problem.
Don’t use IDS or packet-shaping, the USG3 is too slow. DPI is fine, it doesn’t slow it down.
Standalone unifi controller on my main PC for setup and then save and move over to the Docker sounds like a good plan, thanks as I was trying to figure out my best options for this, I also appreciate the password manager tips.
@Ruffalo I will make sure the cabinet has active cooling, should be fine.