I’ve never used any Ubiquity products before but I just installed a Dream Machine Pro and 5 U6-Lite Access points in a rental building with 6 rooms (three story building). The installation has one access point in each of four rooms and the fifth access point between two units on the first floor.
The install went insanely easy and everything seems to work just fine. I basically used the default setup on everything… except SSID names and passwords. I did set two different WiFi SSID with different passwords. One for guest use and the other for the TVs and door locks that the guests should/will not have access to.
My question is, does anyone have any general suggestions on setting I might use for this configuration? One in item that caught my eye was Device Isolation, under Settings → Network → LAN.
I don’t use Unifi kit, but on wifi I use WPA-Enterprise, meaning a username and password is required. If you have a RADIUS server, you most likely have that option, which can be used for your non-guest network for a bit more security.
@TAC57 , I would recommend, as I do not know what type of network was set up; using the guest network (not corporate). This will lock down the network and not allow traffic between users or to other networks. If you other wifi network is for IOT devices only I would suggest having that network set up as a guest also, unless the devices need to see and transfers data between each other. I do not use content filtering on the unifi controller as I use a NAT’d dns service provider, and set up rules that prevent vpn bypass of filtering. Finally I would add rules that prevent ssh, http and https access to the gateway for each of the networks. While radius is great wpa3 ent. Most iot devices won’t connect to it. If your guests are transient I would not bother with radius, but you setup a guest portal as an alternative to giving out a pw to each guest.
I myself use Ubiquiti at home as well. As a suggestion for you is to setup wifi isolation. Once you login to the UDM Pro, you would want to click on the network app and then go to Networks. There you would want to create a new network setup with its own gateway and such. You will also want to set a profile that would limit bandwidth. Once you have created the new network, you can click on the Profiles option and fill in the appropriate information to set it up to your liking. Once you set the limitations on the profile, you can go back to the networks and change the default profile to whatever profile you created to limit the resources. After all of that is configured, you will then need to click on wireless networks. Fill in the appropriate information. When you see the network option, you click on the name of the network you just created. After you click save, it should be good to go. However, just in case I missed something, there are multitudes of videos out there on you tube that addresses this specific issue.
I did set two different WiFi SSID with different passwords. One for guest use and the other for the TVs and door locks that the guests should/will not have access to.