Table of Contents

This comprehensive guide walks you through the complete setup and configuration of a UniFi network, from initial installation to advanced optimization for maximum performance.

Overview

This guide covers setting up a UniFi network using a UniFi Cloud Gateway Ultra as the controller with UniFi access points. We'll configure a typical home network with:

  • Main wireless network
  • Guest network for visitors
  • Kids network with content filtering
  • IoT network for smart home devices
  • Proper security and optimization settings

Prerequisites

Hardware Requirements

  • UniFi Cloud Gateway or Console (Cloud Gateway Ultra, Dream Machine, etc.)
  • UniFi Access Points (6 Lite, 6 Pro, 7 Pro, etc.)
  • Network Cable (Cat6 recommended)
  • Power Supply or PoE injector for access points
  • Internet Connection via modem or ISP router

Software Requirements

  • UniFi Network Mobile App (Android / iOS)
  • Ubiquiti Account (recommended for cloud access)
  • Web Browser (Chrome, Firefox, Safari, Edge)

Step 1: Initial Setup Process

  1. Prepare the Hardware

    • Connect the WAN port of your Cloud Gateway to your internet source
    • Connect power and wait 2-3 minutes for boot up
    • Download and install the UniFi Network app on your mobile device

  2. Initial Configuration

    • Open the UniFi Network app
    • Sign in to your Ubiquiti account or create a new one
    • Tap the "+" icon to discover your new console
    • Once detected, tap "Tap to Setup"

  3. Console Configuration

    • Give your console a descriptive name (e.g., "Home Network")
    • Configure the initial wireless network (can be changed later)
    • Set the admin password for local access
    • Enable traffic prioritization if desired

  4. Complete Setup

    • Review your settings
    • Click "Connect" to finish the initial setup
    • Wait for the setup process to complete

Web Browser Setup (Alternative)

If you prefer not to use the mobile app:

  1. Connect a laptop to the network
  2. Open a browser and navigate to http://192.168.1.1
  3. Follow the web-based setup wizard
  4. Configure the same settings as above

Step 2: Update UniFi Apps and OS Settings

Access the Console

  1. Login to Cloud Management

    • Go to unifi.ui.com
    • Sign in with your Ubiquiti account
    • Click on your console to access the Site Manager

  2. Update Applications

    • Click on the console icon to open UniFi OS settings
    • Wait for the system to check for updates
    • Update all applications to the latest versions:
      • UniFi Network
      • UniFi Protect (if applicable)
      • UniFi Access (if applicable)

  3. Configure Backup Settings

    • Click "Backups" in the console settings
    • Enable "System Backups" for automatic cloud backup
    • Set backup frequency (daily/weekly recommended)

  4. Console Display Settings

    • In the "Console" tab, adjust LED brightness
    • Set display timeout for energy saving
    • Configure screen lock if desired

Step 3: Adopt Network Devices

Adding Access Points

  1. Physical Installation

    • Mount access points in optimal locations
    • Connect power via PoE injector or PoE switch
    • Ensure network connectivity to the controller

  2. Device Adoption

    • In UniFi Network, go to "UniFi Devices"
    • Wait for devices to appear in the adoption queue
    • Click "Adopt" for each device you want to manage

  3. Troubleshoot Adoption Issues

    • Device Won't Appear: Check network connectivity and power
    • Adoption Failed: Device may need firmware update or factory reset
    • Previously Managed: Use SSH to set inform URL: set-inform http://controller-ip:8080/inform

  4. Update Device Firmware

    • After adoption, update all devices to latest firmware
    • Check the "Status" column for update availability
    • Schedule updates during maintenance windows

Step 4: Create and Configure Networks

Network Planning

Before creating networks, plan your network segmentation:

  • Default Network: Main trusted devices (192.168.1.0/24)
  • Guest Network: Visitor access with internet-only access
  • Kids Network: Devices with content filtering and time restrictions
  • IoT Network: Smart home devices with limited access

Global Network Settings

  1. Access Network Settings
    • Go to Settings → Networks
    • Review Global Network Settings
    • Configure as needed:
      • IGMP Snooping: Leave default (off) for most home networks
      • Jumbo Frames: Disable unless specifically needed

Create Virtual Networks

Default Network Configuration

  1. Click on the "Default" network to configure:

    • Gateway IP/Subnet: 192.168.1.1/24 (default is fine)
    • DHCP Range: Configure based on your needs
    • Auto-Scale Network: Disable for manual IP control
    • DHCP Range: Set to 192.168.1.100-254 (leaves .2-.99 for static IPs)

  2. Advanced Settings:

    • Domain Name: Set your local domain (e.g., home.local)
    • DNS Servers:
      • Primary: 1.1.1.1 (Cloudflare)
      • Secondary: 1.0.0.1 (Cloudflare)
    • IPv6: Enable if your ISP supports it

Guest Network

  1. Create Guest Network:

    • Click "Create New Virtual Network"
    • Name: "Guest"
    • Advanced Settings: Manual
    • Enable "Guest Network"
    • Gateway IP: 192.168.2.1/24

  2. Guest Network Settings:

    • Bandwidth Limits: Set upload/download limits
    • Access Control: Block access to local networks
    • Time Restrictions: Set access hours if needed

Kids Network

  1. Create Kids Network:

    • Name: "Kids"
    • Gateway IP: 192.168.3.1/24
    • Advanced: Manual

  2. Content Filtering:

    • Enable content filtering
    • Set appropriate filter level
    • Configure time-based restrictions

IoT Network

  1. Create IoT Network:
    • Name: "IoT"
    • Gateway IP: 192.168.4.1/24
    • Enable "Client Device Isolation"
    • Block inter-VLAN routing except for necessary services

Step 5: Configure Wireless Networks

Create Wireless Networks

  1. Main Wireless Network:

    • Settings → WiFi → Create New
    • Name: Your main network name
    • Password: Strong WPA3 password (minimum 12 characters)
    • Network: Default
    • Security: WPA2/WPA3 (for compatibility)

  2. Guest Wireless Network:

    • Name: "Guest" or "[YourName]-Guest"
    • Network: Guest
    • Enable Guest Portal if desired
    • Set bandwidth limits

  3. Kids Wireless Network:

    • Option 1: Separate SSID for kids devices
    • Option 2: Use Private Pre-Shared Keys (single SSID, different passwords)

Access Point Placement Best Practices

  1. Placement Guidelines:

    • Central Location: Place APs centrally in coverage areas
    • Height: Mount 8-10 feet high for optimal coverage
    • Obstacles: Avoid walls, metal objects, and interference sources
    • Multiple APs: Use multiple smaller APs rather than one powerful AP

  2. Coverage Planning:

    • Overlap: Plan for 15-20% signal overlap between APs
    • Capacity: Consider device density, not just coverage area
    • Future Expansion: Plan for growth and additional devices

Radio Configuration

2.4 GHz Settings

  1. Channel Configuration:

    • Channel Width: 20 MHz (recommended for stability)
    • Channels: Use 1, 6, or 11 only
    • Auto Channel: Enable unless you have specific interference

  2. Power Settings:

    • Transmit Power: Start with Medium, adjust based on coverage
    • Multiple APs: Lower power to improve roaming
    • Minimum RSSI: Avoid setting too high (causes disconnections)

5 GHz Settings

  1. Channel Configuration:

    • Channel Width: 40 MHz (balance of speed and stability)
    • 80 MHz: Only if spectrum is not crowded
    • DFS Channels: Use if available and supported by clients

  2. Available Channels:

    • 40 MHz: 36/40, 44/48, 149/153, 157/161
    • 80 MHz: 36-48, 149-161
    • Avoid: Weather radar channels unless you support DFS

6 GHz Settings (WiFi 6E/7)

  1. Configuration:
    • Channel Width: 80 MHz or 160 MHz
    • Power: Higher power allowed in 6 GHz
    • Client Support: Ensure clients support 6 GHz

Advanced Wireless Settings

Configure these settings based on your specific needs:

Performance Settings

  • Band Steering: Enable to encourage 5 GHz usage
  • Fast Roaming (802.11r): Enable for VoIP and video calls
  • BSS Transition: Enable for better client roaming
  • Airtime Fairness: Enable to prevent slow clients from degrading performance

Network Isolation

  • Client Device Isolation: Enable for Guest and IoT networks
  • Private Pre-Shared Keys: For single SSID, multiple network access
  • UAPSD: Enable for IoT devices to save battery

Multicast Settings

  • Multicast Enhancement: Enable for Chromecast, AirPlay devices
  • Multicast and Broadcast Control: Enable for high-density networks
  • Proxy ARP: Enable for high-density deployments

Step 6: Optimize Internet Settings

WAN Configuration

  1. Access Internet Settings:

    • Settings → Internet
    • Click on your WAN connection (Internet 1)

  2. ISP Speed Configuration:

    • Enter your actual ISP speeds (run speed test first)
    • Set speeds slightly lower than actual for best performance

  3. Smart Queues (QoS):

    • Enable if connection speed < 300 Mbps
    • Set download rate 5-10% below ISP speed
    • Set upload rate 10-15% below ISP speed
    • Test with bufferbloat test and adjust

  4. DNS Configuration:

    • Disable "Auto" for DNS servers
    • Set custom DNS:
      • Primary: 1.1.1.1 (Cloudflare)
      • Secondary: 1.0.0.1 (Cloudflare)
      • Alternative: 8.8.8.8, 8.8.4.4 (Google)

Traffic Shaping

  1. Bandwidth Limits:

    • Set per-network or per-client limits
    • Prioritize critical traffic (VoIP, video conferencing)
    • Limit streaming services during peak hours

  2. Application Control:

    • Block or limit specific applications
    • Set time-based restrictions
    • Create custom traffic rules

Step 7: Security Configuration

Threat Management

  1. Intrusion Detection (IDS/IPS):

    • Enable for all networks
    • Start with "Notify" mode
    • Monitor for false positives
    • Switch to "Notify and Block" after testing

  2. Content Filtering:

    • Enable for Kids network
    • Configure appropriate filter levels
    • Enable SafeSearch for search engines
    • Block malware and phishing sites

  3. Region Blocking:

    • Block traffic from high-risk countries
    • Use allow-list for international businesses
    • Monitor logs for blocked attempts

Access Control

  1. Admin Account Security:

    • Use strong passwords
    • Enable two-factor authentication
    • Create separate admin accounts for different users

  2. Device-Level Security:

    • MAC address filtering for critical devices
    • Device-specific firewall rules
    • Client isolation for untrusted devices

Firewall Rules

  1. Inter-VLAN Rules:

    • Block Guest → LAN access
    • Allow IoT → Internet only
    • Permit specific services (printers, NAS)

  2. Application Blocking:

    • Create time-based rules for kids
    • Block social media during work hours
    • Limit gaming applications

Step 8: VPN Setup (Optional)

Teleport VPN

  1. Enable Teleport:

    • Settings → VPN
    • Enable Teleport
    • Generate invitation links for users

  2. Benefits:

    • One-click VPN connection
    • Secure remote access to home network
    • Bypass geo-restrictions using home IP

Traditional VPN

  1. L2TP/IPSec:

    • Configure for older devices
    • Set pre-shared key
    • Configure user authentication

  2. OpenVPN:

    • Generate client certificates
    • Configure for maximum compatibility
    • Export client configurations

Step 9: System Settings and Maintenance

Backup Configuration

  1. Automatic Backups:

    • Enable cloud backups
    • Set weekly schedule
    • Verify backup restoration process

  2. Manual Backups:

    • Export settings before major changes
    • Store backups securely off-site
    • Document configuration changes

Monitoring and Alerts

  1. Dashboard Setup:

    • Customize dashboard widgets
    • Monitor key metrics
    • Set up alert thresholds

  2. Notification Settings:

    • Configure email alerts
    • Set mobile push notifications
    • Create escalation procedures

Regular Maintenance

  1. Firmware Updates:

    • Check monthly for updates
    • Read release notes carefully
    • Update during maintenance windows
    • Test critical functions after updates

  2. Performance Monitoring:

    • Review wireless experience scores
    • Monitor bandwidth utilization
    • Check for interference sources
    • Analyze client connection patterns

Troubleshooting Common Issues

Connectivity Problems

  1. Client Can't Connect:

    • Check SSID broadcast settings
    • Verify password
    • Check MAC address filtering
    • Ensure DHCP pool availability

  2. Slow Performance:

    • Check channel interference
    • Verify optimal AP placement
    • Monitor bandwidth usage
    • Check for legacy device impact

  3. Frequent Disconnections:

    • Adjust minimum RSSI settings
    • Check power management settings
    • Verify AP transmit power
    • Review roaming configuration

Device Adoption Issues

  1. Device Won't Adopt:

    • Factory reset the device
    • Check network connectivity
    • Verify controller accessibility
    • Update device firmware manually

  2. Lost Connection to Controller:

    • Check inform URL setting
    • Verify network routing
    • Restart UniFi Network service
    • Check firewall rules

Performance Optimization Tips

Wireless Optimization

  1. Channel Planning:

    • Use WiFi analyzer tools
    • Avoid crowded channels
    • Consider 6 GHz for compatible devices
    • Plan for neighboring networks

  2. Client Management:

    • Set minimum data rates
    • Enable band steering
    • Configure load balancing
    • Monitor client distribution

Network Optimization

  1. VLAN Strategy:

    • Segment traffic appropriately
    • Minimize broadcast domains
    • Optimize routing between VLANs
    • Monitor inter-VLAN traffic

  2. Quality of Service:

    • Prioritize real-time traffic
    • Set bandwidth limits appropriately
    • Monitor queue utilization
    • Adjust based on usage patterns

Advanced Configuration

Custom Scripts and API

  1. UniFi API:

    • Automate routine tasks
    • Create custom monitoring
    • Integrate with other systems
    • Backup and restore automation

  2. SSH Access:

    • Enable for advanced troubleshooting
    • Use for emergency recovery
    • Configure automated backups
    • Monitor system logs

High Availability

  1. Controller Redundancy:

    • Secondary controller setup
    • Backup and restore procedures
    • Failover planning
    • Monitoring and alerting

  2. Network Redundancy:

    • Multiple internet connections
    • Link aggregation
    • Spanning tree configuration
    • Path redundancy

Best Practices Summary

Security Best Practices

  1. Access Control:

    • Use strong passwords
    • Enable 2FA
    • Regular access reviews
    • Principle of least privilege

  2. Network Segmentation:

    • Isolate untrusted devices
    • Control inter-VLAN traffic
    • Monitor network flows
    • Regular security audits

Performance Best Practices

  1. Wireless Design:

    • Proper AP placement
    • Channel planning
    • Power management
    • Client optimization

  2. Network Management:

    • Regular monitoring
    • Proactive maintenance
    • Capacity planning
    • Performance tuning

Operational Best Practices

  1. Documentation:

    • Network diagrams
    • Configuration documentation
    • Change management
    • Troubleshooting procedures

  2. Monitoring:

    • Key performance indicators
    • Alerting and notifications
    • Trend analysis
    • Capacity planning

Conclusion

This comprehensive guide provides the foundation for setting up and maintaining a high-performance UniFi network. Regular monitoring, maintenance, and optimization will ensure your network continues to perform optimally as your needs grow and change.

Remember to:

  • Start with basic configuration and gradually add advanced features
  • Test changes in non-production environments when possible
  • Document your configuration and changes
  • Stay current with firmware updates and security patches
  • Monitor performance and adjust settings as needed

For additional support and advanced configurations, consult the official Ubiquiti documentation and community forums.

Edit this page