I can’t say I’ve ever had a formal networking setup in the lab. I went through consumer routers pretty quickly, and invariably overwhelmed them with … something. I’m not sure what kept killing their ability to pass traffic, but the fact remains that after a few days, traffic would stop. The first consumer router that didn’t do that was the AmpliFi HD, which is Ubiquiti’s first consumer device, but there were practically no configuration options in the firewall, so that wasn’t going to help me all that much.
During this time I started using some additional Ubiquiti equipment: three bullet cams mounted on the house, the UniFi Cloud Key Gen2+ as a network video recorder, and an 8-port PoE switch to run all four of these devices. The UniFi Network Controller seemed really nice but I couldn’t use any of the functionality, as I effectively only had a switch.
Around that time I found the UniFi Dream Machine. Looks pretty fancy, like a big, white Dr. Mario pill, but combines the functionalities of several Ubiquiti devices into one. The Cloud Key Gen2+ was already acting as a controller so I had to transition that over, leaving the Cloud Key as a simple NVR and the UDM as the controller. This gave me the ability to implement some more sophisticated network configurations: all of a sudden I had IDS, some basic layer 7 inspection, VLANs, and the ability to restrict communications between VLANs. I also had to replace the AmpliFi HD’s mesh points as you can’t use Ubiquiti’s consumer devices with their business gear; the UDM has a built-in access point, but I wanted to make sure my whole house was covered.
Unfortunately the UDM was not enough either. The device runs a lightweight Kubernetes distribution of some sort that ran into a memory leak which required me to run an Ansible playbook to restart its container every night, else the network controller would simply stop responding. Once that was fixed in a UniFi OS patch, something caused the CPU utilization and temperature to rise and stay high, resulting in high fan RPMs and lots of noise. Concurrent with that, the connection would drop for a few minutes at a time.
Clearly the UDM wasn’t beefy enough, even though my network wasn’t particularly busy. Not sure what happened, but in the end, it was replaced by a UDM SE. This folded NVR functionality and 8-port PoE switch into one device, but eliminated one AP, which I replaced with one of the dinner plate-looking things from Ubiquiti’s lineup. The final head count looks like this:
- UniFi Dream Machine SE
- 1x USW-24-PoE
- 1x US-8-150W
- 2x US-8
- 1x UAP-AC-Pro
- 1x U6-Lite
- 2x UAP-AC-M
- 3x G3 Bullet
The layout is pretty simple:
- UDM SE is connected to:
- USW-24-PoE w/1Gb SFP (same shelf as UDM SE)
- US-8-150W w/1Gb SFP (living room)
- 3x G3 Bullet (outdoor-rated CAT5)
- UAP-AC-Pro (family room)
- UAP-AC-M (kitchen)
- US-8 (office)
- US-8 (living room)
- US-8-150W is connected to:
- 2x multimedia devices
- U6-Lite
- US-8 (office) is connected to:
- UAP-AC-M (office – PoE passthrough from UDM SE)
- Computers
- US-8 (living room) is connected to:
- 2x multimedia devices (standby, used for travel)
- USW-24-PoE is connected to:
- Server
There are four wireless networks, with two on one VLAN and the others on their own VLANs. One VLAN is for the kids, and the other is for IoT. The kids’ VLAN has heavier content restrictions on it, and the IoT network is not allowed to talk back to the default VLAN.
More to come next, because without the VMs, nothing works.