Jump to content

UniFi Wi-Fi Settings and Shelly Devices


Recommended Posts

Setting up a UniFi network can be overwhelming, but you can ensure a secure, efficient, and organized network with the right configurations. Below I'll walk you through essential settings for VLANs, switch ports, Wi-Fi SSIDs, and AP configurations. Whether managing a small office or a smart home, these tips will help you optimize your network for better performance and security.


VLAN Configuration

To create VLANs on your UniFi platform, click on the Settings cog in the bottom left corner. Navigate to the Network section to access the VLAN settings.
image.png.45847991862063ec9336ba2f064ab565.png

To create a VLAN, follow these steps:

  1. Click on the "New Virtual Network" button.
  2. Give the VLAN a name.
  3. Select your router.
  4. Uncheck the "Auto-Scale Network" option. This is important for selecting the IP address range.

Note: You can use the standard 192.168.X.0 format, where X matches the VLAN ID. This helps easily identify the VLAN.

  1. In the "Gateway IP/Subnet" field, select your IP range and netmask. The netmask can typically be /24 (255.255.255.0), which supports 254 devices. Change this only if you need more or fewer devices on the VLAN.

    • Gateway IP, Broadcast IP, Usable IP, IP range, and subnet mask will be displayed.
  2. Under "Advanced Options," change "Auto" to "Manual."

  3. Set the VLAN ID to match the third octet of your IP range. For example, if your IP is 192.168.5.0/24, set the VLAN ID to 5.

  4. Ensure "Allow internet access" is set to true. All other settings can remain at their default values.

Following these steps will help you properly configure a VLAN on your UniFi network.

image.thumb.jpeg.e65750276427f9da3d88a4f718cf1415.jpeg

  1. Create VLANs:

    • Default VLAN: For Switch and AP ports only. Avoid using this for normal network IPs if you need separation.
    • Private VLAN: For the private network, excluding IoT devices. This can include all other devices.
    • IoT VLAN: Specifically for IoT devices.

image.thumb.png.327289e7332f80c4a8a054316afa00ca.png

  1. Note:

    • Match VLAN ID with Subnet ID for easier configuration.
    • Example: VLAN ID 20 corresponds to Subnet 10.10.20.0/24 (default subnet mask 255.255.255.0, supports 254 devices).
  2. Example VLAN Setup:

    • System/Default: VLAN ID 1, Subnet 192-168.1.0/24 (only for connecting APs and Switches, not for normal network IPs). 
    • Private: VLAN ID 20, Subnet 10.10.20.0/24.
    • IoT: VLAN ID 50, Subnet 10.10.50.0/24.
       

Note: It's perfectly fine not to use VLANs on your network. VLANs are an additional feature to help you separate your private network and IoT devices into two distinct subnets, enhancing security and organization. If you choose not to implement VLANs, ensure that the System/Default VLAN is always assigned to switch ports and devices to maintain proper network functionality. This approach keeps your network straightforward while still providing effective management of your devices. Remember, using VLANs can add an extra layer of control, but it's not a necessity for every setup.

Switch Port Configuration

  • Switch to Switch Port: Allocate to System VLAN.
  • Switch to AP Port: Allocate to System VLAN.

To configure device ports, navigate to the UniFi devices page, located third from the top on the left-hand side menu. Click on "Switch" and then select "Port Manager."

Next, locate the port connected to your Access Point or another switch. Ensure that the Native VLAN/Network is configured to use the Default/System VLAN.

image.thumb.png.6e95b562e359df6f436aefe7ac9e428e.png

Note: Ensure that your Native VLAN/Network is correctly set for switches and access points. This configuration is crucial to enable access points to communicate with IoT and Private VLANs within the Default network.

Wi-Fi SSID Configuration
 

To find this setting go back to the settings cog and locate the Wifi settings. Here you will be able to create your SSID 

  1. Setup Wi-Fi SSIDs:

    • Private: Assign network settings to the Private VLAN.
    • IoT: Assign network settings to the IoT VLAN.

image.thumb.png.73bf11372f6dfe695a390fcb5cf3e66a.png

  1. Manual Settings to Confirm:

    • Private SSID:

      • Password: Use a strong custom password.
      • Network: Private VLAN.
      • Wi-Fi Band: 2.4 and 5 GHz.
      • Band Steering: Enabled.
      • BSS Transmission: Enabled.
      • UAPSD: Enabled.
      • Multicast Enhancement: Enabled.
      • 802.11 DTIM Period: Auto.
      • Minimum Data Rate Control: Auto.
      • Security Protocol: Custom to client requirements.
      • Note: These settings are specific to the client and do not affect the IoT network.
    • IoT SSID:

      • Password: Use a strong custom password.
      • Network: IoT VLAN.
      • Wi-Fi Band: 2.4 GHz.
      • Band Steering: Disabled.
      • BSS Transmission: Disabled.
      • UAPSD: Disabled.
      • Multicast Enhancement: Disabled.
      • 802.11 DTIM Period: Auto.
      • Minimum Data Rate Control: Auto.
      • Security Protocol: WPA2.
  2. Additional Wi-Fi Settings:

    • 802.11 DTIM Period for 2.4 GHz: Set to 2.
    • Minimum Data Rate Control: 12-24 Mbps.

AP Settings

  1. 2.4 GHz:

    • Channel Width: 20 MHz.
    • Channel: Auto.
    • Transmit Power: Medium to Low.
    • Minimum RSSI: Disabled.
    • Band Steering: Disabled.
  2. 5 GHz:

    • Channel Width: 80 MHz.
    • Channel: Auto.
    • Transmit Power: Auto.
    • Minimum RSSI: Disabled.
  3. Additional Settings:

    • IP Configuration: Use DHCP unless setting each AP to a static IP address is necessary.

 

Below is the settings you can find when you select the Access point you will be able to configure the 2.4 and 5GHz settings from for AP from the AP settings its self. If you have more and two Access points look into creating groups to make changes to multiple devices at once 

image.thumb.png.16a36e3e9c50753b76c6cb8a6a33ef4e.png

 

Firewall Rules

  • Confirm traffic rules if isolation of the IoT network from Private and System networks is required.
  • Rule: System and Private networks can communicate with IoT, but IoT should not access Private or System networks.
  • Note: Ensure correct implementation to avoid blocking necessary communication between VLANs.

 

I hope these instructions help you effectively set up and manage your UniFi network. Remember, configuring VLANs, optimizing Wi-Fi settings, and adjusting firewall rules are essential for ensuring performance, security, and seamless connectivity across your devices. If you encounter any issues or have more questions, don't hesitate to seek further guidance from the community. 

Link to comment
Share on other sites

  • 3 weeks later...

Extra information:

When you are on a network with Subnets and you are running multiple switches and Access points. It is good practice to keep the network separated. 

All Switches and Access points should be on the Managed network layer ( In the above example it's the Default network) to do this allocate the port or Ports to the Default network. Turn off any ports that are not used or make sure they are not on the management-level network. 

Make sure you do not have any loops in your network or have multiple switches talking to each other without having the Spanning tree protocol enabled. Having a loop in the network can cause multiple issues and disrupt your network. 

The above information is a best practice for a Unifi network but can also be used within other network devices. 
 

Link to comment
Share on other sites

  • 2 months later...
On 10/9/2024 at 5:18 PM, wooly said:

Why are you talking about VLAn when these are not virtual lans , but just subnets ?
a vlan is 802.1q, that I do not see implemented on "normal" shelly devices (as the full IPv6 implementation that should be prioritary)

Hi @wooly

Yes, technically speaking, this is a subnetted network because of the different IP ranges used (192.168.x.x), and it operates at Layer 3 of the OSI model. However, to keep things simple for those unfamiliar with networking concepts, people might loosely refer to this as a "VLAN."

For more complex networks that involve Layer 2 devices (like managed switches), VLANs would be used to isolate network traffic by assigning VLAN IDs. In that case, the 802.1Q protocol would be applied to tag traffic and manage the separation. The guide was written the way it is to avoid confusion, as many users may not be familiar with the details of the OSI model.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...