I wanted to follow the common security guidance of having 3 wireless networks/VLANs: Normal, IOT, and Guest
- Normal would contain the TV, printer, computers, and google devices for casting to TV
- IOT would contain the smart outlets, garage door sensor, and other smart devices
- Guest would be just for visitors
Ubiquiti has a nice easy default for isolating a guest network, so I just used that.
However, I needed to add a rule to prevent the IOT and Normal networks from comunicating, because applying a similar isolation policy to the IOT network prevented the Belkin smart switches from communicating.
Add the networks
Settings -> Networks -> Add New Network
- IOT
- Network Name: IOT
- Advanced
- VLAN ID: 2
- Guest
- Network Name: Guest
- Advanced
- VLAN ID: 3
- Device Isolation: True
Add the wireless network
Settings -> WiFi-> Add New WiFi Network
- Add a 2.4 GHz and a 5 GHz wireless network for each of the new networks
Add the firewall rule
I followed this guide, but the screens have changed in newer version: https://help.ui.com/hc/en-us/articles/115010254227-UniFi-USG-Firewall-How-to-Disable-InterVLAN-Routing
Settings -> Traffic & Security -> Global Threat Management -> Firewall -> Create New Rule
- Type: LAN In
- Description: Isolate IOT from LAN
- Enabled: True
- Rule Applied: Before Predefined Rules
- Action: Drop
- IPv4 Protocol: All
- Source
- Source Type: Network
- Network: IOT
- Network Type: IPv4 Subnet
- Destination
- Destination Type: Network
- Network: LAN
- Network Type: IPv4 Subnet
No comments:
Post a Comment