Jump to content
C4 Forums | Control4

Unifi USG Pro LAN / VLAN setup

Mitschris

By Mitschris
in Best Practices

 Share

Recommended Posts

Mitschris Newbie

Mitschris

Posted
Posted

Hi All,

im about to transition from a basic Asus AiMesh router and 2 Node network to USG Pro 4 with 3x U6 access points ( 48 Port Unifi Switch)

I’d like some advice on the USG set up with regard to LANs and VLANs

I have 10 sonos devices currently setup in a wired config Sonosnet with NAS supplying Music 

15 Sonoff Mini / BasicR3s running various lights 

a bunch of other IoT devices, Smart TVs , Apple TV’s and IP controlled AVRs all driven by 2 x EA1 C4 controllers.

I don’t want to over complicate the network but wanting advice on best practise for network structure.

my main fear is setting up correctly so sonos is solid and Sonoff devices work 

Thanks in Advance 

Link to comment
Share on other sites

ekohn00 Mentor

ekohn00

Posted
Posted
3 minutes ago, Mitschris said:

Hi All,

im about to transition from a basic Asus AiMesh router and 2 Node network to USG Pro 4 with 3x U6 access points ( 48 Port Unifi Switch)

I’d like some advice on the USG set up with regard to LANs and VLANs

I have 10 sonos devices currently setup in a wired config Sonosnet with NAS supplying Music 

15 Sonoff Mini / BasicR3s running various lights 

a bunch of other IoT devices, Smart TVs , Apple TV’s and IP controlled AVRs all driven by 2 x EA1 C4 controllers.

I don’t want to over complicate the network but wanting advice on best practise for network structure.

my main fear is setting up correctly so sonos is solid and Sonoff devices work 

Thanks in Advance 

The absolute easiest thing to do is not use the VLANs. Put everything on one network and be done with it. Especially if you have GE running....

Next easiest thing might be to create a separate network for guests or IoT Devices.

And of course VLANs for IoT is probably ideal, but may not be worth the trouble on a home network.

 

Link to comment
Share on other sites
Andrew luecke Mentor

Andrew luecke

Posted
Posted

Any reason you're going USG? The udm's mostly replace it and have a controller built in

Keep in mind that ubiquiti doesn't support pim, so Sonos probably wouldn't work on vlans as others have said. Anything communicating over vlan will probably have to be via static IP (no ssdp over vlan)

The only thing I'd throw into vlan is cctv if you have it, and a guest network tbh

Ive seen cases where people overuse vlans and it doesn't add any real benefits, just complicates things in those cases

Link to comment
Share on other sites
ekohn00 Mentor

ekohn00

Posted
Posted
2 hours ago, Andrew luecke said:

Any reason you're going USG? The udm's mostly replace it and have a controller built in

Keep in mind that ubiquiti doesn't support pim, so Sonos probably wouldn't work on vlans as others have said. Anything communicating over vlan will probably have to be via static IP (no ssdp over vlan)

The only thing I'd throw into vlan is cctv if you have it, and a guest network tbh

Ive seen cases where people overuse vlans and it doesn't add any real benefits, just complicates things in those cases

Didn't even think...but as Andrew mentioned....go with the UDM-PRO....   and if your circuit is more than 300MB it's pretty much required.

Link to comment
Share on other sites
DLite Proficient

DLite

Posted
Posted
3 hours ago, ekohn00 said:

Didn't even think...but as Andrew mentioned....go with the UDM-PRO....   and if your circuit is more than 300MB it's pretty much required.

This was very informative for me, as I also have been eyeing a USG-Pro (if I can even find one).  I am upgrading from a USG.  My understanding of the material I read on the Ubiquiti forums is that replacing a USG with a USG-Pro is a very simple and quick process, whereas migrating from USG to UDM-Pro will require starting from scratch with the new UDM-Pro's internal controller and reconfiguring all the network settings.  I kinda wanted to avoid that hassle.

Am I wrong about this?  In other words, can I import my controller settings to the UDM-Pro?  To be specific, I have a second-generation Cloud Key and a Unifi USG currently.  

Edit:  The other option I was considering was migrating to the new UXG-Pro.  That seemed like it would be a pretty straightforward upgrade from USG. Does it have downsides compared to UDM-Pro?

Thanks

 

Link to comment
Share on other sites
ekohn00 Mentor

ekohn00

Posted
Posted
10 hours ago, DLite said:

This was very informative for me, as I also have been eyeing a USG-Pro (if I can even find one).  I am upgrading from a USG.  My understanding of the material I read on the Ubiquiti forums is that replacing a USG with a USG-Pro is a very simple and quick process, whereas migrating from USG to UDM-Pro will require starting from scratch with the new UDM-Pro's internal controller and reconfiguring all the network settings.  I kinda wanted to avoid that hassle.

Am I wrong about this?  In other words, can I import my controller settings to the UDM-Pro?  To be specific, I have a second-generation Cloud Key and a Unifi USG currently.  

Edit:  The other option I was considering was migrating to the new UXG-Pro.  That seemed like it would be a pretty straightforward upgrade from USG. Does it have downsides compared to UDM-Pro?

Thanks

 

Going from USG to either can be tricky. In theory you back up and restore.

In reality software versions end up screwing that up and you'll probably find yourself in the new interface redoing the network setup. Be prepared to do it manually if a restore doesn't work.

 

UXG-Pro is more of a specialized box...it's just FW.  it doesn't have the features the UDM-PRO has (ie NVR), but does allow for higher speeds and redundant WAN. My guess, you probably don't need this box for your home if you currently have a USG model. Not 100%, but unlike the UDM-PRO, I don't think it has the cloud key built in, or a 8-port switch, or NVR, etc....

Link to comment
Share on other sites
Dueport Experienced

Dueport

Posted
Posted

Rather than use VLANs I’m experimenting with firewall rules.  Specifically, for devices that are locally controlled but are safer not connecting to the internet I assign a fixed ip and create two rules to drop all incoming and outgoing wan traffic to and from that device’s address.  For example, my Vera hub (for zwave integration with c4) talks to the EA5 via telnet locally and doesn’t need the cloud or remote connection so I’ve created two rules to drop incoming and outgoing wan traffic to that device.  For devices that need the cloud for integration I could do the opposite - drop local traffic to and from a device. That seems fairly secure doesn’t it?  Wondering if anyone sees this as a good or bad idea? 

Link to comment
Share on other sites
ekohn00 Mentor

ekohn00

Posted
Posted
19 minutes ago, Dueport said:

Rather than use VLANs I’m experimenting with firewall rules.  Specifically, for devices that are locally controlled but are safer not connecting to the internet I assign a fixed ip and create two rules to drop all incoming and outgoing wan traffic to and from that device’s address.  For example, my Vera hub (for zwave integration with c4) talks to the EA5 via telnet locally and doesn’t need the cloud or remote connection so I’ve created two rules to drop incoming and outgoing wan traffic to that device.  For devices that need the cloud for integration I could do the opposite - drop local traffic to and from a device. That seems fairly secure doesn’t it?  Wondering if anyone sees this as a good or bad idea? 

You'd be better off creating a separate network for devices that can't go to the internet and just don't announce that block.

Link to comment
Share on other sites
  • 1 month later...
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept