UniFi Setup From Scratch – Ultimate (Smart) Home Network Part 2
Today on the hookup I’m going to show you how to set up a ubiquiti unifi network from scratch, create different wifi networks for different device types, and migrate your current devices onto those networks. This is part 2 of my 3 part ultimate smart home network series, here we go.
In my last video I showed you how to select the correct unifi products for your price point and application, and today I’m going to show you how to painlessly migrate from your old network to your new one and set up some features to facilitate the separation of your IoT devices. In my third video I’ll cover VLANs, firewall rules, and mDNS, so make sure you are subscribed if you’re interested in that.
If your network is anything like mine, when the local network goes down lots of smart home devices get a little bit annoyed, so In order to cause as little disruption as possible, I’m going to recommend that you setup your new network separately without taking down your old one. Once you’ve got your new system fully provisioned you can pull an Indiana jones type swap to seamlessly switch from old to new.
Step one of the setup process is deciding where you’re going to run your unifi controller software. The unifi controller is used to configure your unifi devices, adopt them into your network setup, update their firmware, and gather statistics about your network. In my case I’ll be using a standalone cloud key gen 2 plus as my controller, but you could download the windows or mac controller software, run it off a raspberry pi, or even install it as an addon to home assistant.
Because each of the devices you’re going to connect to your new network will need to update firmware before being adopted, you’ll need to provide internet access to your USG, or whatever router you decided on. I’d recommend pulling the internet connection straight from your cable modem and leaving your old network temporarily without internet instead of connecting your USG to your existing router, but you could technically connect it to a LAN port on your old router and have a similar experience.
The physical wiring of your USG is pretty simple, a single ethernet cable will connect from your cable modem to the WAN interface of your USG, and another ethernet cable will connect from your LAN port on the USG to any port on your switch. Once you’ve plugged in your ethernet cables go ahead and power up your USG and switch.
Next your going to connect the rest of your UniFi gear to the switch. If you’re using a PoE switch each port will automatically configure itself to provide the right amount of voltage. Additionally, you’ll want to hook up the device that is running the unifi controller which in my case is the cloud key, and also a computer that you can use to log into the controller. At this point the LED indicators on each of your unifi products should be solid white indicating that they are powered on, but not adopted.
If you’re using a cloud key gen2 or gen2 plus you’ll notice that the IP address of the controller is given on the small OLED screen on the front. If you’re using an older cloud key you can use the UBNT Discovery chrome addon to find the IP address of your cloud key. If you’re using the windows or mac program, just run it and then press launch controller, and last if you’re using the hass.io addon you’ll login to hassio, go to the unifi controller addon and click Open Web UI. You will be prompted that your connection is not secure, and that’s not a big deal, just click on advanced, and then proceed to the ip of your controller. If you’re using a cloud key you’ll click on “Unifi SDN” at this point, if you’re using anything else it should take you straight to the controller.
Next in the unifi controller you’ll be presented with a wizard to set up your username and password, timezone and network name. At the bottom of the username and password screen there will be another set of credentials generated that are used to login to your unifi devices via an SSH connection if you should ever need to do that, the password is randomly generated, so no need to change it if you don’t want to. When setting up your SSID you should pick a different SSID than your old one, because you don’t want devices switching from your old network to your new one before it’s ready. Don’t worry though, we will change it back to the old SSID later on.
Next if you go to the devices tab, you should see all your unifi products and next to each device on the right side you should be a button that says “Adopt and Upgrade”. This will take a bit of time as each device downloads the latest firmware and get adopted into the controller.
While that is working you can complete the optional step of your site map. If you have a blueprint of your house you can import it by clicking add new map, then select image and upload your file. To give the map a scale, find a wall that you know the exact dimensions of and click the set scale button and draw a line across that wall. Next add in your walls using the correct materials and then place your devices. The most important thing is obviously to place your wifi devices to determine what kind of wifi coverage you can expect, and where you may find dead zones in your setup. The dead zones and coverage are of course approximate but they work for getting a general idea. Again, this step is optional, so if you don’t care about your site survey you can just go grab a drink while your devices adopt and upgrade.
Once your new hardware is all updated and adopted you’ll want to make your new network match your old one as much as possible to ease the transition. If you don’t have any static ip devices you don’t really need to do this step, but in my case I have about 50 smart home devices that are configured to find my MQTT broker at 192.168.86.168, which will obviously cause an issue since the default network created by the unifi software is a 1 dot subnet, so that IP address wouldn’t even exist. To change this we’re going to settings, networks, then click the pencil icon on the network labeled LAN
Then under gateway/subnet you can edit in your desired subnet, which for me is 192.168.86.1/24 and click update dhcp range. After making these changes you’ll want to power cycle all of your unifi equipment so they can get their new IP addresses. You’ll also need to locate the new IP address of your cloud key in order to log back into the controller. This is where the screen on cloudkey gen2 plus comes in really handy. Once you’ve logged back into your controller and all of your devices are showing as connected it’s time to make the swap.
Power off your old router and any wifi access points, then under settings -> wireless networks click on edit and change the SSID and password to match your old wifi. Plug your other wired devices into your new switch and you should be up and running.
I’m not going to spend a whole lot of time talking to you about speedtest.net since it’s mostly a measurement of signal strength and of throughput, but I think that people are generally interested, so here were my results around my house on my old google wifi system vs my new unifi system. Again, my google wifi system was really reliable in terms of speed and connectivity, so I didn’t expect to see a huge increase here, but there was a marginal improvement in both speed and area of coverage. What I really cared about was advanced functionality, and even though I’m going to cover vLANs and firewall rules in part 3 of this video we’re going to setup the basic groundwork by making different SSIDs for the different device types on your network. My network will have 4 different wireless SSIDs to correspond to four device types.
First are the unrestricted devices, these are desktops, laptops, tablets, and phones that belong to my family. These devices, for better or worse, are going to have unrestricted access to all the local networks, and to the internet, and they will connect to the main TaitWiFi SSID that got setup by the setup wizard.
The second type of device is my guest network, which is exactly what it sounds like, people coming into my house who want internet access but shouldn’t be able to access any local devices, and for that I’m going to use the standard UniFi guest network setup. You can see under wireless networks I have a guest network that was automatically setup by the UniFi controller, and I’m not going to mess with it. The unifi default guest network doesn’t only allows devices to connect out to the internet and blocks all local computer to computer traffic.
Third, I’ve got a few IoT, or internet of things devices, these devices use the cloud for functionality so they need internet access, but they really don’t need to be snooping around on my local network. I’m going to give them unlimited outbound access to the internet, but I’m going to block most of the traffic bound for my local network. I don’t have many of these devices since I prefer local control, but this will include things like my wife’s tesla, our roku’s, and echo devices. I’m going to keep these devices on a WiFi SSID called TaitIoT so I’ll go to setup, then wireless networks, then create new wireless network.
Make sure to give it a descriptive SSID, as I said I’m going to call mine TaitIoT, then select WPA personal for security, and give it a secure password. Keep in mind that you want all of your wireless networks to have different passwords so if one of your wireless networks is compromised a hacker can’t use that information to pivot onto the rest of your networks. We’re going to setup VLANs later, but for now we just want to get all of our devices connected using the correct SSID.
The fourth device type on my network are my locally controlled devices, these devices use MQTT to communicate with home assistant and node-red to do things like open blinds, control lights, and collect sensor data. These devices have no reason to go to the internet other than to synchronize their time, but we’ll cover that later. Because they are locally controlled, I’m only going to let them talk to my home assistant server where my MQTT broker lives, but I’m going to block all other traffic. I’m going to steal a clever name from the legendary home assistant addon creator Frenck and call this my NoT, or network of things, and I’ll create an SSID called TaitNoT for this device type. Again, don’t forget to make this password unique from the rest of your SSIDs, and don’t worry about VLANs or advanced setup yet.
Before I start migrating devices onto their new SSIDs I’m also going to take one additional step that may not be completely necessary, but it solves my one gripe with these high powered access points. The biggest problem I’ve had with my UniFi system since switching over from google WiFi is that devices that can see more than one access point often don’t connect to the closest one, and as a result in the unifi controller I see that they have poor wifi signal. In my experience this seems to be caused by the wireless access points coming online at slightly different times, and as a result, most devices will just attach to whatever access point becomes ready first. Unfortunately ESP8266 chips are especially “sticky” meaning they want to stay on the same access point, even if there is a better one available. There is a way to set a minimum RSSI value to try to get devices onto the right access point, but I’ve read a bunch of posts about connectivity issues doing it this way, so I’m going to use a slightly different approach.
Head back over to the devices tab in the unifi controller, click on AP’s, then click on the gear for a specific AP, then select WLANS. You can see here that each SSID can be overridden on a specific access point, so what I’m going to do is specify a different SSID for each of my access points, for example, my Upstairs access point is going to get it’s IoT SSID renamed to TaitIoT_Upstairs, and it’s NoT SSID renamed to TaitNoT_Upstairs, all of the properties of this networks are exactly the same as what we set it up in the wireless networks section, but now they have a different SSID. I’m not going to mess with the SSID for the main unrestricted wifi or the guest network because I want those devices to be able to roam the house, but my IoT and NoT devices are permanently installed in specific rooms, so I always know which AP will be closest to them.
Repeat this process for each of your access points, and remember that you need to do it for both the 2.4Ghz and 5Ghz networks. Now if you look at your wireless networks on your phone you should see a ton of different networks which each correspond to a different access point. Don’t worry about the clutter, we’re going to hide these SSIDs once we get everything migrated.
Next is the most painstaking, time intensive part of this whole process… getting all of the devices onto the right network. For my 60 devices it took me around 4 hours, but it could take you more depending on how many devices you need to have physical access to in order to change their SSID, luckily I was able to change most of them from the comfort of my desk. Remember, we want to put all cloud devices in the IoT network, all locally controlled devices in the NoT network, and we want to have very few devices connected to our main wifi, which is TaitWifi in my case. After you’re all done you can hide the NoT and IoT SSIDs by going to settings, wireless networks, and clicking on “prevent this SSID from being broadcast”, A quick note though: at the time of publishing this video amazon echo devices cannot properly connect to hidden SSIDs, so I’ve been forced to leave my IoT SSIDs visible.
In the client list you should now be able to sort your connected clients by their SSID for a super satisfying result. In part 3 of this series we’re going to assign different VLANs and firewall rules to these different SSIDs to keep your network as safe, secure and robust as possible. So stay tuned.
If you’re interested in buying any of the gear that I used in this video please consider using the affiliate links down in the description. Thank you to all of my awesome patrons over at patreon for your continued support of my channel, if you’re interested in supporting my channel please check out the links in the description. If you enjoyed this video, please consider subscribing and as always, thanks for watching the hookup.
🔥Amazon US Links🔥
UniFi PoE Switches:
16 Port 150W PoE: https://amzn.to/2WizmUp
8 Port 150W PoE: https://amzn.to/2WNhs05
8 Port 60W PoE: https://amzn.to/2WbNBKA
UniFi Access Points:
Unifi Cloud Key Gen2+: https://amzn.to/2WlKx3o
Google WiFi: https://amzn.to/2IkSPP5
🔥Amazon UK Links🔥
UniFi PoE Switches:
16 Port 150W PoE: https://amzn.to/2Ksk1hF
8 Port 150W PoE: https://amzn.to/2KqXcuJ
8 Port 60W PoE: https://amzn.to/2EUKxwm
UniFi Access Points:
Unifi Cloud Key Gen2+: https://amzn.to/2KqKsnW
Google WiFi: https://amzn.to/2KtV8lM
Follow me on Twitter: @TheHookUp1
Support my channel:
Tesla Refferal Code: https://www.tesla.com/referral/robert37264
Music by www.BenSound.com