I’m really getting into the whole ubiquiti/unifi architecture and am loving the information the dashboard provides. My next plan is start separating my network into VLANs to divide trusted and untrusted devices. To do this I need some more ubiquiti switches to replace the various brands in service around the house. I’ve already got an 8 port device (with PoE) in my comms cab but this is a bit overkill for what I need elsewhere. Browsing LinITX’s website I came across these mini ubiquiti switches:
These are about the size of a fag packet, have five ports, one of which can be used to power the switch over PoE. Stock was sporadic but a pre-order with LinITX netted me three of them.
With ubiquiti kit throughout the network I can now set up VLANs. I’ve gone for three:
- Trusted devices – i.e. kit I own and trust
- IoT – Tado heating, smart TV, Google Chromecast, Arlo cameras, VOIP device etc
- Guest – mainly for family staying but also for the work laptop and phone
A couple of new WLANs tied to the relevant VLAN and some creation of some firewall rules and job was a good ‘un. By default the USG allows unrestricted access between the VLANs so a quick edit of the rules to prevent IoT accessing trusted networks was needed. The guest network cannot access others by design so the only change there was allowing the guest network to access the pihole devices on a particular port and protocol – that means the guests also benefit from the ad protection and DNS over HTTPS offered by pihole.
This blog is really useful for some pointers in setting all this up, the ubiquiti documentation is a little lacking.