Migrating my family's network to UniFi

· 6min · Calvin Yong

Summary

From 3/14-3/22, my brother and I helped our parents migrate their current networking infrastructure with dual disjoint ISPs to a network with a unified remote management interface and dual WAN with automatic failover for around 80 devices. My brother did most of the physical work, like routing cables and installing access points, while I did all of the software work. Below is a summary of changes we made.

BeforeAfter
Two disjoint ISPs with different management interfacesSingle management interface for both ISPs
Manual WAN switching for a subset of devicesAutomatic failover for all devices
Various APs from a variety of brands with their own management interfaceUnifi APs with meshing under a single management interface
All clients on a single VLANVLANS for cameras, guests, and all other devices
Unlabeled or uninformative client namesOrganized and informative client names

The Hardware

We settled with the following UniFi hardware:

  • Dream Router 7
  • 1 Flex Mini 2.5G
  • 3 U7 Pro Wall
  • 1 U7 Pro

I would have liked to spend more on rackmount equipment, but they wanted to keep costs down, while reusing as much as we can.

Previous Networking Setup

The two modems were (and still are) in two different locations. The networks associated with each of them were separated. If there was a device like a printer in one of them, and a computer in another, they would not be able to talk to each other wirelessly. Moreover, there were many APs across different brands, each with their own management interface. They were split across the two modems, each broadcasting their own SSID and having different passwords.

My dad got two ISPs so that if one of them went down, he could switch to the other. But that must be done manually, and with the setup he had, he would only be able to switch a couple of devices at once.

The Changes

Setting up Dual WAN with Automatic Failover

Before reconnecting any cables, I took the time to learn the current network topology, how things were routed, etc.. All of the networking equipment were in two locations, where the modems were. Fortunately there were already two cables between the two modems, so all we have to do is connect one of those cables to the secondary WAN port, and connect the second cable to one of the LAN ports. The UniFi router would go next to the primary modem. I assigned two RJ45 ports to be the primary and secondary WAN, and I made the SFP+ port a LAN port.

After connecting the cables to the WAN ports, I tested the automatic failover with a ping test while disconnecting the primary WAN. After that and a few public IP checks and speed tests, I confirmed that the failover was working.

Installing UniFi APs

We installed the 4 APs, and used a non-UniFi POE+ 2.5G switch to power the 4 APs. We kept the previous APs up so that the IOT devices could continue to function before we can put in time to reconfigure them (they can work without WiFi, but we have some automations configured with Home Assistant).

After adopting the APs and testing the meshing functionality, we reconfigured the IOT devices, connected the devices to the new WiFi, and removed the old access points. Now we have fewer broadcasting WiFi names, and all of our APs are now meshed together, managed under a single interface.

VLANs

I made a guest VLAN, and a dedicated WiFi name for it. The guest VLAN is isolated from all other VLANS.

I made a VLAN for just IP cameras and NVR. Having a VLAN for the cameras and NVR didn't disrupt much since the NVR doesn't care if clients are on a different subnet. My dad was able to view the camera feeds like how he normally does. I gave all of the cameras their own static DHCP reservation, since that's usually the cause of cameras not showing up on the NVR. The camera resets, and then gets a new IP address from the router, but the NVR is still using the old IP address.

Other Changes

All modems/routers were set to bridge mode or IP passthrough. On the UniFi side, all DNS is encrypted with DOH. I also enabled intrusion detection.

Considerations

Not having a separate VLAN for IOT devices

Personally, I would place the IOT devices on their own VLAN, restrict network access, etc., but since there could be devices that expect to be in the same subnet as everything else, I decided to put them in the default VLAN.

Having a separate SSID for the 2.4GHz band

I made a separate SSID for IOT devices based on this article. It'll prevent your modern devices on the 5GHz/6GHz SSID from band steering down to 2.4GHz, and keep the IOT devices on 2.4GHz, but now my parents will have to remember to connect the IOT devices to a specific WiFi, and if their phones remember the IOT network, their phone might connect to that rather than the non-IOT network. In the end, I decided to keep the 2.4GHz band separate.

Conclusion

I personally wished that we could have centralized all of the networking equipment into one location rather than two, but at least we got all of our devices on a single network.

I had a lot of fun installing, configuring, migrating, and debugging all the networking things. I got some experience on managing WiFi with the multiple APs, something that I didn't have since I personally just have a single UniFi AP.

Miscellaneous

Dad was also looking to buy new ethernet cables. Back in the time, they would always buy flat cables. Having tried the UniFi thin cable that came with my cloud gateway and watching this video from Lawrence Systems, we bought some Monoprice SlimRun cables, and now I swear by them and thin/slim patch cables in general.