Jul 25 2025
VLAN Setup Best Practices: Real-World Advice from Our Instructors

Setting up VLANs with UniFi doesn’t have to be overwhelming. A recent Reddit thread sparked a great conversation between a  Reddit user and our instructor, Ryan, on troubleshooting tips for VLAN setup. Check out the original post here: Reddit Post

In this post, we’ve pulled together the most useful advice in one place to create a clean, secure, and scalable VLAN architecture.

  • Avoid the 192.168.1.0/24 subnet. It’s the default on many routers and causes problems when using VPNs or overlapping with remote networks. Instead, opt for a custom range like 10.x.x.x for flexibility and future scalability.

  • Stick to VLAN numbers like 20, 30, 40 instead of 2, 3, 4. This leaves room for expansion later (e.g., VLAN 21 for a test group within VLAN 20). It also makes port tagging and troubleshooting more intuitive when your VLAN IDs line up with your subnets.

  • Static IPs for network gear (APs, switches, controllers) DHCP reservations for everything else.
    • This approach keeps your IP management centralized and prevents conflicts without the need to manually configure every device. 
  • Stick to VLAN numbers like 20, 30, 40 instead of 2, 3, 4. This leaves room for expansion later (e.g., VLAN 21 for a test group within VLAN 20). It also makes port tagging and troubleshooting more intuitive when your VLAN IDs line up with your subnets.

  • Most users agree leaving management on VLAN 1. Changing it can lead to issues during adoption, firmware updates, or communication with UniFi cloud services.

  • Creating a dedicated IoT VLAN helps isolate smart devices from your main network, improving both security and performance.

  • Here’s what this looks like all put together:

    • VLAN 10: Management

    • VLAN 20: Main

    • VLAN 30: IoT

    • VLAN 40: Guest

    • VLAN 50: Voice or NVR

    • VLAN 60: Backup or automation

    Each VLAN uses its own subnet (e.g., 10.10.20.0/24) and is segmented with strict firewall rules. DHCP reservations ensure consistency and make troubleshooting easier.

The UniFi ecosystem offers incredible VLAN flexibility — but it pays to follow best practices. Start small, plan your IP ranges, and test your firewall rules before going live.

Want to go deeper? Join one of our upcoming UniFi training sessions and learn hands-on how to build enterprise-grade networks the right way. Click here for training schedule.

Elizabeth 0 Comments
Jul 23 2025
Did You Know Ubiquiti Has Solar?

 

Did you know Ubiquiti has solar products? Our instructors Ryan and Jason used a UISP Solar Point with some solar cells and batteries to power a remote camera system. The cameras connect to the Solar Point’s 4-port switch and use a UISP long range link to connect to the main UNVR at the site, allowing the customer to view and record nearby traffic.

Author: Eric Weber

Elizabeth 0 Comments
Jul 22 2025
Don’t Mess with STUN: What You Need to Know Before Blocking Apps in UniFi

At WiFi-U, we love showing students how to take control of their networks. One of the powerful features in the UniFi ecosystem is the ability to block unwanted applications with just a few clicks. Whether it’s TikTok, Snapchat, or any other bandwidth-hogging app, UniFi lets you shut it down quickly and cleanly.

Wait… What Is STUN, and Why Should I Care?

Imagine this, while scanning app traffic, STUN is showing up as one of your top bandwidth users. That might seem strange—especially on a quiet Wi-Fi network—but don’t panic. STUN isn’t doing anything malicious, and more importantly:

You absolutely should not block STUN.

STUN stands for Session Traversal Utilities for NAT, and it’s a vital part of how UniFi devices communicate with cloud services, especially when you’re running a self-hosted UniFi Network Application (e.g., on a Linux server).

What Happens If You Block STUN?

If you block STUN traffic (usually using port 3478), your Access Points and Switches may not be able to reach the UniFi cloud infrastructure. That means:

  • ❌ Your devices might not show up in Site Manager

  • ❌ You may lose remote management functionality

  • ❌ Troubleshooting will become much harder than it needs to be

In other words, blocking STUN can break your network visibility, which defeats the purpose of using UniFi’s management tools in the first place.

So next time you’re feeling like a network superhero and ready to kill off rogue apps—leave STUN alone. It’s one of the good guys. 👊

Want more hands-on training like this?
Check out our upcoming Ubiquiti courses and level up your network mastery: https://wifi-u.com/shop/

Author: Eric Weber

Elizabeth 0 Comments
Jul 20 2025
📡 6GHz vs. 5GHz — What’s the REAL story on coverage?

15 years ago, moving from 2.4GHz to 5GHz meant cutting coverage in half. Now we’re stepping into the 6GHz era… but how does it stack up?

  • At first glance, 5GHz and 6GHz APs have similar coverage areas.
  • BUT client devices on 6GHz must transmit at lower power (6dB less), due to FCC rules.
  • That means the effective range for devices is smaller, even if the APs look similar on paper.
  • To keep performance consistent, we’ll need to lower AP transmit power and move APs closer to users—just like we did during the 2.4 to 5GHz shift.
  • Planning for 6GHz? Build smart. Design tight.
Author: Eric Weber
adminew 0 Comments
Jul 14 2025
🚨 DFS Radar Detection… in the wild!

In class, we always encourage students to use DFS channels in the 5GHz band. Why? Because there’s so much clean airspace—and hardly any consumer-grade gear can touch it.

Some students worry about radar interference, but the truth is:


✅ DFS events are extremely rare


✅ Your clients get auto-moved to a new channel


✅ You benefit from less interference and better performance

📲 This week, one of our former students reached out after getting their first-ever DFS event—a full year after class! And guess what? Everything kept working just fine.

Take the challenge: Use DFS. Then let us know if it ever triggers.

Generated image

Author: Eric Weber

Elizabeth 0 Comments
Jul 3 2025
🚫 UniFi Owner Lockout: The Problem

When the user with UniFi Owner privileges leaves the company, you’re stuck. As of now, there’s no password reset option for the Owner account. The only recourse? A Factory Reset of the Console—which can trigger a cascade of device resets across the site.

✅ Ways to Mitigate the Impact

1. Super Admin Workaround

  • If you only have Super Admin access:
  • “Forget” all devices before performing a Factory Reset.
  • After the reset, once the Console is back online, you can re-adopt the devices.
  • ⚠️ You won’t be able to restore from a backup, as that’s reserved for the Owner.

2. Preserve Your Naming Scheme

  • Before resetting:
  • Take screenshots of the Devices page to retain names and configurations when re-adopting.

🛡 Best Practices to Prevent This Scenario

Option 1: Shared Owner Access

  • Create a role-based email (e.g., support@it.net) and assign it the Owner role.
  • Share credentials among trusted staff.
  • ⚠️ Trade-off: Shared access complicates accountability and auditing.

Option 2: Use a Managed Email Account with Recovery

  • Assign the Owner role to a mailbox within a managed system like Microsoft 365.
  • Benefits:

– Admins can initiate password recovery without factory resets.

– MFA can be reassigned or reset via centralized email tools.

Author: Eric Weber

adminew 0 Comments
Jul 3 2025
Challenges Network Admins Face in Maritime Environments

During our training in Fort Myers, I had the pleasure of meeting Juan Mayorga from Ecuador. He had traveled there to participate in the URSCA course.

Juan is responsible for managing the network infrastructure aboard four cruise ships that operate between Guayaquil and the Galápagos Islands—a role that presents numerous technical challenges.
One of his most pressing difficulties is maintaining reliable network connectivity while at sea and on the islands, where logistical constraints make it nearly impossible to receive replacement hardware. His primary obstacle involves overcoming signal interference caused by metal barriers, which significantly impairs Wi-Fi coverage onboard.

Since the Galapagos is a Scuba diving adventure spot and I had just got back from Scuba diving in Curacao, you can imagine that we got sidetracked quite a bit!

We had a great week of training, including the UFSP, UWA and the URSCA.

Author: Eric Weber

adminew 0 Comments
Jun 12 2025
AI Turret Test Rig

Personalize your all-weather, vandal-proof 4K PoE+ turret camera with enhanced AI capabilities and IR and visible LEDs for night vision as you like!
We tested the loitering and cross-line detection.

 

 

Author: Ryan Haag

 

adminew 0 Comments
Jun 12 2025
Top 5 Tips for Better Wi-Fi Performance

Top 5 recommendations for better Wi-Fi performance in residential and small business environments.

 

  1. Placement: Make sure your AP is close to where it will be used by your devices. At full power (not recommended) the highest throughput rate for a U7-Pro XG is 2.16Gbps. At 18 ft the data rate drops to 1.95Gbps, at 40 ft the data rate drops to 650Mbps.  Many residential Wi-Fi routers are placed in a closet, or out in the garage. Move that beautiful router out in the open.
  2. Power: Turn the power from Auto, which equals High, to 15dbm. This will cause your coverage to decrease, which is a good thing.  All clients share airtime so clients that are far away from the AP will take up more airtime than those that are close, but the result is bad for everyone because even those with a strong signal will be affected by the weaker signal devices.
  3. Use DFS Channels in 5GHz: The middle of the 5Ghz spectrum has 16 20MHz channels that often go unused. If your AP or Router makes those channels available, you can use them.  DFS is a method used to share this airspace with outdoor radar devices.  They rarely interfere with indoor wireless systems but if they ever do DFS is a way to automatically resolve the problem.
  4. Use smaller channels: In 5 GHz  20 and 40MHz channels are best, 80 is a killer and 160 well… If you deploy 80MHz channels you almost certainly are going to suffer from other devices using the same channels.  There are 25 – 20MHz channels in 5GHz, 12 40MHz channels, and only 6 80MHz.
  5. Add lots of APs: Preferably wired APs. Every time a mesh device is placed in a network it cuts the throughput in half.  So if you have expected throughput of 500mbps and you have four mesh APs your throughput is going to be 30mbps. Don’t let an installer put mesh APs throughout the house.  Have them wired as much as possible.
  6. BONUS: Use the Ubiquiti Wi-Fi calculator to determine throughput https://wifi.ui.com/ and then use the Design Center https://design.ui.com to place your devices and get an idea of your equipment requirements. This will help you have a great Wi-Fi experience.

Author: Eric Weber

adminew 0 Comments