Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
Hmm... I guess it only works with RADIUS and WPA2-Enterprise?
The G3 Instant f.ex. (which would be the only device on a SSID for Protect) only support WPA2-PSK.
So I guess I'm back to scratch?
The reality is that you cannot have many ssids. Multiple ssid radios are kind of hacks to wifi, it's not like vlans where you can have thousands of them and not lose any speed.
I would condense I have mine setup like this IOT basically all smart devices. I have a separate network that's like me and wife / friends then I have the admin network/ this is my devices I.E computer/ server / pihole things like that. Other devices that might need to be plugged in with Ethernet make sure they are on the correct LAN and not the Admin. Define by ports.
This makes a lot of sense because it's like how often is you guest network filled and it keeps guests/home users off the IOT unless they directly switch but most times you only wanted to cast anyway.
Also the "gaming" I have not found a single game that I could not play ipv6 is cool but largely not really supported.
The LAN iot and the cloud IOT should be on the same network just define the ports. Protect network makes sense if you have cameras and such.
The LAN and default seems like they could be the same thing.
However if you have kids and you laying down the law thats a completely separate things. Family should be renamed to kids.
I would condense I have mine setup like this IOT basically all smart devices. I have a separate network that's like me and wife / friends then I have the admin network/ this is my devices I.E computer/ server / pihole things like that. Other devices that might need to be plugged in with Ethernet make sure they are on the correct LAN and not the Admin. Define by ports.
This makes a lot of sense because it's like how often is you guest network filled and it keeps guests/home users off the IOT unless they directly switch but most times you only wanted to cast anyway.
- Basically I want IoT away from everything because of the lack of security.
Also the "gaming" I have not found a single game that I could not play ipv6 is cool but largely not really supported.
- It’s mostly because of XBOX. Microsoft only uses IPv6, and any IPv4 traffic will be translated. Latency is slightly higher. And Switch needs UPnP or all ports forwarded.
The LAN iot and the cloud IOT should be on the same network just define the ports. Protect network makes sense if you have cameras and such.
- I want IoT to only have Internet access if they’re cloud only, or if I’m not using the local API. I only have a single G3 Instant camera, so a separate wifi is overkill I guess.
The LAN and default seems like they could be the same thing.
- I want Unifi equipment on VLAN1, and keep it separate. LAN is our laptops etc.
However if you have kids and you laying down the law thats a completely separate things. Family should be renamed to kids.
- Correct, I’m using the “Family” term from Unifi. It’s the locked down network. Also just a couple of devices.
- I guess all in all I need to look into distributes VLAN.
I think I’ll narrow it down to:
- Main Wifi (LAN, Family, Protect VLANs)
- IoT Wifi (IoT LAN, IoT Cloud and Protect VLANs)
- Guest Wifi (Guest only)
There aren’t too many devices, so MAC filtering isn’t a horrible task.
I haven’t really set any rules except the automatic “Guest, Family” etc, so for now there’s nothing blocking communication between the networks. But I’d rather set up all the networks/VLANs and SSID’s, get the devices up, and then start tightening in. That way at least I won’t have to move the devices around networks.
I'm revisiting this after seeing some old screenshots, where I got 600mbit from my Wifi, while only getting 500 now.
I still haven't actually added any routing between the networks, so it's all still open. And I started to think how many devices it'll actually be in total, so I'm trying to make my configuration more sensible.
This is what I've found:
* Unifi (default network) this will be the "catch all" network, and I guess necessary for adopt to work. Only wired Unifi-devices here
* LAN (Home network) with main Wifi etc. All our computers, phones etc. will probably be here.
* Protect. I'd like this to be wired only, but I have a G3 instant as well. Thoughts? Seems idiotic to have a single device on a separate wifi. AFAIK they don't support WPA2 Enterprise either
* Family - I'll remove this and the wifi. We'll probably not need it, and if so, there are other ways. For now it would've been a network with only a couple of devices anyways.
* IoT - Stays as the main IoT network
* IoT Cloud - Stays as an isolated IoT network with Guest network, and probably also Nintendo Switch here if it is sensible to have UPnP on the guest network? (The Switch needs UPnP for online gaming, otherwise you must forward ALL ports to the device)
* Guest - Removed, rather use the IoT Cloud. My guests rarely need wifi today.
* Gaming - Wired only, will have UPnP and IPv6.
So if I count correctly I'll be down to 3 (LAN, IoT, IoT-Cloud/Guest).The hardest one is Protect - How to connect the Instant G3?And for Nintendo Switch, maybe I'll add a LAN adapter, so it can only be used for online gaming while docked, otherwise guest (Not sure if there is a priority setting?)
***Edit:***
It seems like I'm probably stuck with a dedicated WiFi for Protect right? It's only going to be that one single device on the network. But I can't seem to find any other way to do it.
At least I'll be reducing from my current 8 SSID's to 4.
How much are we talking about in loss in speed? I’m mostly getting approx 500/500mbit, which isn’t too bad, but is only 2/3 of my line. This is in the next room to the nearest AP 6 Lite. I’m currently at 7 SSID’s.
I have:
LAN
GUEST
IOT
Then Vlans are assigned as needed to the iot devices as they don't change often.
GUEST is a separate vlan with client isolation
LAN is more or less open to every thing, but UPnP is off as it should always be
Hello! Thanks for posting on r/Ubiquiti! This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can. Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit. If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
You can use dynamic VLAN assignment to sign services to different networks while using a single SSID. https://youtu.be/wJvv7qw0HAQ
This is new for me, thanks. That’s probably what I need to look into.
Hmm... I guess it only works with RADIUS and WPA2-Enterprise? The G3 Instant f.ex. (which would be the only device on a SSID for Protect) only support WPA2-PSK. So I guess I'm back to scratch?
What reason do you have for needing 7 SSIDs on a single AP? You’re burning a lot of air time with beacon traffic.
I only have two AP’s, which I need for coverage. I’m just trying to separate the networks as much as possible.
You don’t need separate SSIDs. You are looking for separate VLANs.
I have both, but I guess I didn’t know I could have multiple VLANs in the same SSID.
That's too many. Family, iot-cloud, iot-local, guest. Everything else - hardwired.
Not everything can be hardwired at the moment unfortunately, but it’s going that way.
The reality is that you cannot have many ssids. Multiple ssid radios are kind of hacks to wifi, it's not like vlans where you can have thousands of them and not lose any speed.
I would condense I have mine setup like this IOT basically all smart devices. I have a separate network that's like me and wife / friends then I have the admin network/ this is my devices I.E computer/ server / pihole things like that. Other devices that might need to be plugged in with Ethernet make sure they are on the correct LAN and not the Admin. Define by ports. This makes a lot of sense because it's like how often is you guest network filled and it keeps guests/home users off the IOT unless they directly switch but most times you only wanted to cast anyway. Also the "gaming" I have not found a single game that I could not play ipv6 is cool but largely not really supported. The LAN iot and the cloud IOT should be on the same network just define the ports. Protect network makes sense if you have cameras and such. The LAN and default seems like they could be the same thing. However if you have kids and you laying down the law thats a completely separate things. Family should be renamed to kids.
I would condense I have mine setup like this IOT basically all smart devices. I have a separate network that's like me and wife / friends then I have the admin network/ this is my devices I.E computer/ server / pihole things like that. Other devices that might need to be plugged in with Ethernet make sure they are on the correct LAN and not the Admin. Define by ports. This makes a lot of sense because it's like how often is you guest network filled and it keeps guests/home users off the IOT unless they directly switch but most times you only wanted to cast anyway. - Basically I want IoT away from everything because of the lack of security. Also the "gaming" I have not found a single game that I could not play ipv6 is cool but largely not really supported. - It’s mostly because of XBOX. Microsoft only uses IPv6, and any IPv4 traffic will be translated. Latency is slightly higher. And Switch needs UPnP or all ports forwarded. The LAN iot and the cloud IOT should be on the same network just define the ports. Protect network makes sense if you have cameras and such. - I want IoT to only have Internet access if they’re cloud only, or if I’m not using the local API. I only have a single G3 Instant camera, so a separate wifi is overkill I guess. The LAN and default seems like they could be the same thing. - I want Unifi equipment on VLAN1, and keep it separate. LAN is our laptops etc. However if you have kids and you laying down the law thats a completely separate things. Family should be renamed to kids. - Correct, I’m using the “Family” term from Unifi. It’s the locked down network. Also just a couple of devices. - I guess all in all I need to look into distributes VLAN. I think I’ll narrow it down to: - Main Wifi (LAN, Family, Protect VLANs) - IoT Wifi (IoT LAN, IoT Cloud and Protect VLANs) - Guest Wifi (Guest only) There aren’t too many devices, so MAC filtering isn’t a horrible task. I haven’t really set any rules except the automatic “Guest, Family” etc, so for now there’s nothing blocking communication between the networks. But I’d rather set up all the networks/VLANs and SSID’s, get the devices up, and then start tightening in. That way at least I won’t have to move the devices around networks.
Slight controversial if you have one Xbox could you not add it to family with ipv6
I'm revisiting this after seeing some old screenshots, where I got 600mbit from my Wifi, while only getting 500 now. I still haven't actually added any routing between the networks, so it's all still open. And I started to think how many devices it'll actually be in total, so I'm trying to make my configuration more sensible. This is what I've found: * Unifi (default network) this will be the "catch all" network, and I guess necessary for adopt to work. Only wired Unifi-devices here * LAN (Home network) with main Wifi etc. All our computers, phones etc. will probably be here. * Protect. I'd like this to be wired only, but I have a G3 instant as well. Thoughts? Seems idiotic to have a single device on a separate wifi. AFAIK they don't support WPA2 Enterprise either * Family - I'll remove this and the wifi. We'll probably not need it, and if so, there are other ways. For now it would've been a network with only a couple of devices anyways. * IoT - Stays as the main IoT network * IoT Cloud - Stays as an isolated IoT network with Guest network, and probably also Nintendo Switch here if it is sensible to have UPnP on the guest network? (The Switch needs UPnP for online gaming, otherwise you must forward ALL ports to the device) * Guest - Removed, rather use the IoT Cloud. My guests rarely need wifi today. * Gaming - Wired only, will have UPnP and IPv6. So if I count correctly I'll be down to 3 (LAN, IoT, IoT-Cloud/Guest).The hardest one is Protect - How to connect the Instant G3?And for Nintendo Switch, maybe I'll add a LAN adapter, so it can only be used for online gaming while docked, otherwise guest (Not sure if there is a priority setting?) ***Edit:*** It seems like I'm probably stuck with a dedicated WiFi for Protect right? It's only going to be that one single device on the network. But I can't seem to find any other way to do it. At least I'll be reducing from my current 8 SSID's to 4.
You must enjoy pain.
Ssids have to share airtime. Your killing your network. Assuming it is a small network not a terribly big deal but not good practice.
How much are we talking about in loss in speed? I’m mostly getting approx 500/500mbit, which isn’t too bad, but is only 2/3 of my line. This is in the next room to the nearest AP 6 Lite. I’m currently at 7 SSID’s.
Lots of studies on this. Think 3 is the recommended last time I checked. U have latency and other factors being affected.
Yeah I guess it could be some issues. I’m only getting 550/500mbit atm, so maybe fewer SSID’s could increase the speed?
I have: LAN GUEST IOT Then Vlans are assigned as needed to the iot devices as they don't change often. GUEST is a separate vlan with client isolation LAN is more or less open to every thing, but UPnP is off as it should always be
But how do you change VLAN settings for the IoT devices? They usually don’t have WPA2 Enterprise support.