Network Layout

[LopezEL]

I am slowly upgrading my home network components and getting deeper into the Unifi ecosystem. My IP Cams are not allowed internet access since I have given them each a fake gateway ip address but I'd like to further isolate them as well as my IoT devices (alexa, smart plugs, smart light switches,etc). The isolation has been difficult to do because of the unmanaged switches in the shed and bonus room. I'll probably be replacing those switches soon. The Netgear R7960p router I'm using leaves a lot to be desired as far as firewall rules... the attached client device list is also very inadequate. It still thinks my parent's phones are on my network and they haven't been to the house in months.

I just ordered the Unifi Dream Machine all in one router/switch/controller. I think this will make it easier to segregate traffic versus the Netgear router I'm using now. Also, I was previously running the unifi controller on the blue iris box. Any tips on migrating my current controller settings to the dream machine? Anything else I should be considering?

 

[ctgoldwing]

I think the Dream machine may give you the same utilities I have with the Ubiquiti USG. With the USG it is very easy to isolate devices from the internet. You can use vlans and set rules for them but since I only have my cameras I want to isolate I just created a group:


Then I created a simple wan out rule:


You can see I was also experimenting with vlans here

Then I 'edited' the rule:


This worked for me. You must set the IP addresses to reserved on the cameras or whatever else you want included so they don't change when the dhcp lease is renewed.

I'm sure there are multiple ways to effect what you want (I still dial 1-800-call-the-kids when I have questions)

 

[JNDATHP]

^^ I did the same thing. No separate VLans at this point.