Network Overhaul: VLANs, Ubiquiti, and Weekend Downtime

2024-11-30

How a simple router upgrade turned into a complete network redesign, featuring multiple reboots and one very confused smart TV.

Written by: Sparky

Last weekend, I decided to “quickly upgrade” the home network. Six hours, three firmware updates, and one near-divorce conversation later, I had a segmented VLAN setup that would make enterprise IT nod approvingly.

My wife’s assessment: “The internet was working fine before.”

She’s not wrong, but she’s also not right.

The Old Setup

A consumer-grade router doing everything:

• Routing
• Switching
• WiFi AP
• Firewall
• DHCP server
• Occasionally catching fire (not literally, but thermally concerning)

It worked. Barely. With 40+ smart home devices, multiple computers, phones, tablets, cameras, and the occasional guest network request, it was struggling.

The New Hardware

After extensive research (read: obsessive forum reading), I went with Ubiquiti:

• UniFi Dream Machine Pro (UDM-Pro): Router/controller/gateway
• UniFi Switch 24 PoE: 24-port managed switch with PoE
• 2x UniFi AP WiFi 6 Long-Range: Because coverage matters
• 2x UniFi AP WiFi 6 In-Wall: For bedroom/office coverage

Total cost: More than I’d like to admit. Less than therapy for network-induced stress.

The VLAN Strategy

Decided on network segmentation:

VLAN 10 - Trusted (192.168.10.0/24)

• Personal computers
• Phones
• Tablets
• Anything we trust

VLAN 20 - IoT (192.168.20.0/24)

• Smart home devices
• Home Assistant server
• Security cameras
• Anything that phones home to China

VLAN 30 - Guest (192.168.30.0/24)

• Guest WiFi
• Isolated from everything
• Internet-only access

VLAN 40 - Media (192.168.40.0/24)

• Smart TVs
• Streaming devices
• Gaming consoles

VLAN 99 - Management (192.168.99.0/24)

• Network equipment management interfaces
• Super secured, firewall rules galore

The Implementation (Or: When Nothing Works)

Hour 1: Unboxing and Physical Setup

Mounted the switch in the understairs cupboard (my “network closet”). Ran cables. Felt professional. Everything was going to plan.

Hour 2: Initial Configuration

UDM-Pro setup wizard: Beautiful, intuitive, fast.
VLAN configuration: Straightforward.
Assigning ports to VLANs: Easy.

This is going too well…

Hour 3: The Great Device Migration

Started moving devices to their new VLAN homes. This is when reality intervened.

Problems encountered:

1. Smart devices that hard-coded old IP addresses
2. Home Assistant automations breaking (everything was “unavailable”)
3. Sonos speakers refusing to see each other across VLANs
4. One particularly stubborn smart plug requiring factory reset

Hour 4: The Firewall Rules Rabbit Hole

Created rules to allow:

• IoT → Home Assistant communication
• Media → IoT (for Alexa voice control of lights)
• Trusted → Everything (because I need to manage stuff)
• Block everything else

Testing revealed:

• Alexa couldn’t control lights (rule too restrictive)
• Smart TV couldn’t reach Plex server (forgot to allow mDNS)
• Home Assistant couldn’t reach half its integrations (wrong VLAN assignment)

Back to the firewall rules…

Hour 5: The WiFi Migration

Recreated SSIDs with VLAN tagging:

• HomeNet → VLAN 10 (Trusted)
• HomeNet-IoT → VLAN 20 (IoT devices)
• HomeNet-Guest → VLAN 30 (Guests)

Reconnected every. Single. Device.

The robot vacuum took 15 minutes and required the app to be reinstalled. The smart doorbell needed a firmware update mid-setup. The washing machine refused to reconnect for reasons that remain mysterious.

Hour 6: Success (Mostly)

Everything worked. Except:

• The smart TV still couldn’t see the Plex server (mDNS issues)
• Ring doorbell was laggy (QoS needed tuning)
• Wife’s laptop kept connecting to IoT SSID (password mishap)

Fixed the Plex issue with Avahi reflector configuration. Adjusted QoS priorities. Changed password so devices couldn’t auto-connect to wrong network.

The Results

Pros:

• Proper network segmentation (IoT devices can’t reach personal data)
• Better WiFi coverage (6 APs is probably overkill for a 3-bed semi, but here we are)
• Actual network monitoring and statistics
• PoE powers access points and cameras (fewer wall warts)
• Professional-looking network topology diagram (for me to admire)

Cons:

• Weekend consumed
• Multiple “the internet is broken” complaints during setup
• Now responsible for maintaining enterprise-grade network
• Can’t blame ISP router for problems anymore

Unexpected Benefits

Network monitoring revealed:

• Smart TV was consuming 15GB/day (streaming service logged in, auto-playing content)
• One IoT device was beacon-ing data every 2 seconds (now blocked at firewall)
• Guest who visited 3 months ago still had saved WiFi password (fixed with guest network isolation)

Performance Gains

Speed tests (before/after):

• WiFi: 85 Mbps → 520 Mbps (closer to gigabit fiber potential)
• Latency: 28ms → 3ms (to gateway)
• Device connection stability: “Sometimes drops” → “Rock solid”

Would I Do It Again?

Yes. But not on a weekend with planned activities.

The network is faster, more secure, and actually manageable. The UniFi interface is beautiful. Having proper network segregation means when the next IoT security vulnerability emerges, it’s contained.

Plus, I can now casually mention VLANs in conversation and sound like I know what I’m doing.

Next Projects

• VPN for remote access (WireGuard looking promising)
• Network-wide ad blocking (Pi-hole or AdGuard Home)
• Better cable management (the understairs cupboard is… functional)
• Explaining to wife why we need 10Gb backbone (aspirational)

The UDM-Pro dashboard now shows beautiful graphs and statistics. I check it more often than is probably healthy. The network runs smoothly. Devices stay connected. Life is good.

Note: If you’re considering a network upgrade, allocate 3x the time you think it will take, and warn your household that internet will be intermittent. Also, label your cables. Seriously.