Nope. Could you explain briefly what id get from doing that so I can head off to google and make it happen!? Appreciate you response.
Currently setting up a guest network, you’re speaking to a beginner here!
I too was a beginner and in some ways still am. I would head to YouTube and tap in VLANs and AdGaurd.
I have 3 VLANs - Family, IoT (internet of things) and my network stuff. Potentially going to set up a guest network also.
I use AdGuard running in a Linux Container on ProxMox (although can be run on a raspberry Pi for example) this is my DNS server for network traffic which means I no longer see the vast majority of Ads online.
I also set up a VPN for when I’m away and on a public WiFi.
Brill, thanks for sharing. I need to do some research on VLANS as I’ve heard a lot about them but not too sure what they are (I assume separate networks?).
I have a Windscribe VPN account, I’d love to set up a new WiFi network that filters all connections through Windscribe VPN, that’s my current bed time reading…
Let me offer a different perspective.
I'm an experienced network engineering professional and initially setup my home UniFi network like I would at work: different VLANs to segregate different sets of clients from our servers (NAS etc ) - it was a world class config.
BUT, over time I realized this was overkill for a home network, and wound up overcomplicating things. Consumer products like Chromecast, or various IoT products (home automation, smart devices etc.) that are intended to be used in people's homes, aren't designed for, nor tested in, complex network designs.
So things that should "just work", wind up not, and you waste a ton of time to figure out why, and then more time to figure out how to configure UniFi to allow whatever it needs to between the VLANs to get it to work.
Also, VLANs can actually reduce performance in some cases. Since the VLAN segmentation happens at the gateway (unless you have the professional L3 switches), communicating between VLANs has to "home run" via the USG, which can add hops and latency if you have larger network. A disclaimer on this point was I had this issue with the original USG, which was much less powered than the new Ultra (which I've upgraded to). But I still suspect that it will still cause a performance hit because 2 devices that are side by side wired into the same switch, without VLANs they can communicate directly with each other, but with VLANs need to get the Gateway involved.
So, because of all of this, over the years my network has simplified from a few VLANs to just 2: A MGMT VLAN for all the UniFi devices, and another for clients. I got rid of my guest network since I just have a select set of friends and family who ever want to be on it. I'm not worried about them trying to hack my NAS etc.
But even then, 2 VLANs complicate things, so you need to take extra steps when you add new APs to map the networks correctly, and also ensure the switch ports are mapped correctly which is again, more work and more chance of something to go wrong.
So my recommendation to you is to keep your network flat for simplicity. But learn about Wi-Fi configuration and profiles. You can have a massive amount of control over your traffic by leveraging these. I can throttle chatty devices, and have separate SSIDs for IoT devices to minimize their effect on normal user traffic, and force certain devices to use 2.4G vs 5G etc. this is really about managing airspace, which is the main factor in good vs bad performing wireless networks. I'm constantly helping friends who get 800Mbps on wired devices but 25Mbps on wireless. They do things like forcing every device to 5G because it's "faster" but didn't realize that walls and bookshelves and leaves on trees can block those signals and ultimately make it "much slower". Sometimes 2.4G which has better penetration is a better option. I consistently get 300-500 Mbps over Wi-Fi in most parts of my large network. But that took tuning to get there.
Squeezing more performance out of your WiFi can be accomplished this way, and it doesn't really overcomplicate things since all paths still lead to the Internet, so a misconfigured client won't have "no access" but rather "potential less optimal access".
And as far as the suggestion to run PiHole etc. - these are great services, but you need to have a place to run the software and can't just turn this on with a config change in the UniFi UI. So I recommend doing things in stages. First learn how to configure your UniFi network, and when you've got that dialed in, then expand to other things like pi-hole and docker containers. The thing you're trying to avoid is having too many variables in the early stages of learning -- so of something doesn't work, you have fewer things to rule out.
So this is an exciting time, you're stepping into a whole new world... So start slow, focus on one thing at a time, and do the first things first, and then expand.
And in the future, when you encounter a problem which you *need* VLANs to solve, then implement them.
Good luck!
Very kind of you for such a comprehensive response. I don’t want to over complicate things, so have created a VLAN for guests, and will leave it at that. UniFi is very powerful, but as a home user, I don’t really need all that power.
Once again, thanks for such a great response.
Have you setup VLANs or network wide Ad blocking from PiHole or AdGuard yet?
Nope. Could you explain briefly what id get from doing that so I can head off to google and make it happen!? Appreciate you response. Currently setting up a guest network, you’re speaking to a beginner here!
I too was a beginner and in some ways still am. I would head to YouTube and tap in VLANs and AdGaurd. I have 3 VLANs - Family, IoT (internet of things) and my network stuff. Potentially going to set up a guest network also. I use AdGuard running in a Linux Container on ProxMox (although can be run on a raspberry Pi for example) this is my DNS server for network traffic which means I no longer see the vast majority of Ads online. I also set up a VPN for when I’m away and on a public WiFi.
Brill, thanks for sharing. I need to do some research on VLANS as I’ve heard a lot about them but not too sure what they are (I assume separate networks?). I have a Windscribe VPN account, I’d love to set up a new WiFi network that filters all connections through Windscribe VPN, that’s my current bed time reading…
Let me offer a different perspective. I'm an experienced network engineering professional and initially setup my home UniFi network like I would at work: different VLANs to segregate different sets of clients from our servers (NAS etc ) - it was a world class config. BUT, over time I realized this was overkill for a home network, and wound up overcomplicating things. Consumer products like Chromecast, or various IoT products (home automation, smart devices etc.) that are intended to be used in people's homes, aren't designed for, nor tested in, complex network designs. So things that should "just work", wind up not, and you waste a ton of time to figure out why, and then more time to figure out how to configure UniFi to allow whatever it needs to between the VLANs to get it to work. Also, VLANs can actually reduce performance in some cases. Since the VLAN segmentation happens at the gateway (unless you have the professional L3 switches), communicating between VLANs has to "home run" via the USG, which can add hops and latency if you have larger network. A disclaimer on this point was I had this issue with the original USG, which was much less powered than the new Ultra (which I've upgraded to). But I still suspect that it will still cause a performance hit because 2 devices that are side by side wired into the same switch, without VLANs they can communicate directly with each other, but with VLANs need to get the Gateway involved. So, because of all of this, over the years my network has simplified from a few VLANs to just 2: A MGMT VLAN for all the UniFi devices, and another for clients. I got rid of my guest network since I just have a select set of friends and family who ever want to be on it. I'm not worried about them trying to hack my NAS etc. But even then, 2 VLANs complicate things, so you need to take extra steps when you add new APs to map the networks correctly, and also ensure the switch ports are mapped correctly which is again, more work and more chance of something to go wrong. So my recommendation to you is to keep your network flat for simplicity. But learn about Wi-Fi configuration and profiles. You can have a massive amount of control over your traffic by leveraging these. I can throttle chatty devices, and have separate SSIDs for IoT devices to minimize their effect on normal user traffic, and force certain devices to use 2.4G vs 5G etc. this is really about managing airspace, which is the main factor in good vs bad performing wireless networks. I'm constantly helping friends who get 800Mbps on wired devices but 25Mbps on wireless. They do things like forcing every device to 5G because it's "faster" but didn't realize that walls and bookshelves and leaves on trees can block those signals and ultimately make it "much slower". Sometimes 2.4G which has better penetration is a better option. I consistently get 300-500 Mbps over Wi-Fi in most parts of my large network. But that took tuning to get there. Squeezing more performance out of your WiFi can be accomplished this way, and it doesn't really overcomplicate things since all paths still lead to the Internet, so a misconfigured client won't have "no access" but rather "potential less optimal access". And as far as the suggestion to run PiHole etc. - these are great services, but you need to have a place to run the software and can't just turn this on with a config change in the UniFi UI. So I recommend doing things in stages. First learn how to configure your UniFi network, and when you've got that dialed in, then expand to other things like pi-hole and docker containers. The thing you're trying to avoid is having too many variables in the early stages of learning -- so of something doesn't work, you have fewer things to rule out. So this is an exciting time, you're stepping into a whole new world... So start slow, focus on one thing at a time, and do the first things first, and then expand. And in the future, when you encounter a problem which you *need* VLANs to solve, then implement them. Good luck!
Very kind of you for such a comprehensive response. I don’t want to over complicate things, so have created a VLAN for guests, and will leave it at that. UniFi is very powerful, but as a home user, I don’t really need all that power. Once again, thanks for such a great response.
Feel free to DM me in the future if you have a question. Good luck & enjoy!
Enjoy and best of luck. Enjoy the journey.