UniFi Network Lab:

Networking Topology

Why UniFi?

UniFi gives me a single control plane for gateways, switches, and APs with an approachable UI and solid telemetry. In this lab I designed a small, production‑like topology with multiple VLANs, mapped Wi‑Fi to those networks, added firewall policy, and set up monitoring and backups.

Lab Gear & Topology

  • Gateway: UniFi Dream Machine (or UDR/UDM‑SE/UXG).
  • Switch: USW‑Lite‑16‑PoE (any managed UniFi switch works).
  • AP: UniFi 6 Lite / Pro.
  • WAN: ISP modem bridged; public IP on the UniFi gateway.

Networks (VLAN → subnet): Users (10 → 192.168.10.0/24), Servers (20 → 192.168.20.0/24), IoT (30 → 192.168.30.0/24), Guest (40 → 192.168.40.0/24), Mgmt (50 → 192.168.50.0/24).

Adopt Devices & Prepare the Controller

  1. Launch UniFi Network application (on UDM/UDR/Cloud Key/Console).
  2. Create a Site and run the Setup Wizard (WAN, timezone, basic Wi‑Fi).
  3. Adopt Switch and AP: plug into LAN, wait for Pending Adoption, then AdoptUpgrade.
  4. Label devices (Location, Purpose) and set Device names for readability.
  5. Enable Automatic backups and download a backup snapshot.

Create Networks (VLANs)

  1. Settings → Networks → Create new network.
  2. Name: Users, VLAN ID: 10, Gateway/Subnet: 192.168.10.1/24, DHCP enabled.
  3. Repeat for Servers (20), IoT (30), Guest (40), Mgmt (50).
  4. Options: enable IGMP Snooping if you have IPTV/multicast; enable mDNS Repeater only if you need service discovery across VLANs.

Wi‑Fi SSIDs Mapped to VLANs

  1. Settings → WiFi → Add new WiFi → SSID: Home‑Users, Security: WPA2/WPA3, Network: Users.
  2. Create Home‑IoT bound to IoT; disable fast roaming and set a unique, strong passphrase.
  3. Create Home‑Guest bound to Guest; enable Guest Policies (client isolation, optional captive portal), set bandwidth limits.
  4. Apply an AP group if you want certain SSIDs only on certain APs (e.g., IoT only on Basement AP).