Ubiquiti unifi journey pt1

Following on from here, the Ubiquiti Unifi Security Gateway (USG) was ordered from LinITX. I wanted this to replace my trusty old Mikrotik router for several reasons:

  • new gadget to play with
  • gigabit ports rather than the 10/100 of the Mikrotik (not that it makes much difference for the WAN or the LAN but hey)
  • much more capable than the mikrotik with deep packet inspection (DPI) capability and a powerful firewall
  • VLAN capability (more later)
  • nice graphical management interface with the Unifi Controller software
USG – 135x135x28mm box of tricks

In my environment I’ll only be using the WAN1 and LAN1 interfaces but it does have a console port and a 3rd port for VOIP/WAN2/LAN2. It arrives with a network config of 192.168.1.1/24 whereas my network is based on 192.168.0.1/24 so I had to plug a laptop into the USG and login to the device to set it’s ‘new’ LAN configuration of 192.168.0.1/24 as detailed here.

To manage ubiquiti devices you need a unifi controller on your network either in the form of a ubiquiti cloudkey or the software running on a machine e.g. a Raspberry Pi. I installed the controller software on a Pi3B with 64GB class 10 card which is permanently on and connected.

The USG was then ‘adopted’ by the controller software, I input my credentials for the BT ADSL PPPoE service and boom – internet service was restored. The USG’s firmware was updated, the DHCP server config was setup and everything sprang into life. From opening the box to working was about 15-20 minutes all told and really couldn’t have been easier.

The controller software gives you all sorts of insights into traffic across your network, connected devices and so on. Therein is the problem – initially I was just going to replace my edge router but the more I got into the unifi controller and what it was telling me I needed and wanted greater insight! That meant replacing my unmanaged switch infrastructure with ubiquiti devices as well as replacing my BT Whole Home mesh wifi with ubiquiti access points. Doing this meant I could also setup VLANs to segregate my trusted devices from IoT devices.

To be continued….

Leave a Reply

Your email address will not be published. Required fields are marked *