11 April 2022

Ubiquiti network setup

I wanted to follow the common security guidance of having 3 wireless networks/VLANs: Normal, IOT, and Guest

  • Normal would contain the TV, printer, computers, and google devices for casting to TV
  • IOT would contain the smart outlets, garage door sensor, and other smart devices
  • Guest would be just for visitors

Ubiquiti has a nice easy default for isolating a guest network, so I just used that.

However, I needed to add a rule to prevent the IOT and Normal networks from comunicating, because applying a similar isolation policy to the IOT network prevented the Belkin smart switches from communicating.


Add the networks

Settings -> Networks -> Add New Network

  • IOT
    • Network Name: IOT
    • Advanced
      • VLAN ID: 2
  • Guest
    • Network Name: Guest
    • Advanced
      • VLAN ID: 3
      • Device Isolation: True

Add the wireless network

Settings -> WiFi-> Add New WiFi Network
  • Add a 2.4 GHz and a 5 GHz wireless network for each of the new networks

Add the firewall rule

I followed this guide, but the screens have changed in newer version: https://help.ui.com/hc/en-us/articles/115010254227-UniFi-USG-Firewall-How-to-Disable-InterVLAN-Routing

Settings -> Traffic & Security -> Global Threat Management -> Firewall -> Create New Rule

  • Type: LAN In
  • Description: Isolate IOT from LAN
  • Enabled: True
  • Rule Applied: Before Predefined Rules
  • Action: Drop
  • IPv4 Protocol: All
  • Source
    • Source Type: Network
    • Network: IOT
    • Network Type: IPv4 Subnet
  • Destination
    • Destination Type: Network
    • Network: LAN
    • Network Type: IPv4 Subnet