I now have a Edgeswitch Lite 24 port for sale now, if you want to upgrade that TPLink ;).

SumnerBoy:

 

I now have a Edgeswitch Lite 24 port for sale now, if you want to upgrade that TPLink ;).

 

I'll have a read of the box when I get home :), you're right, sounds like something I need.

Hi can I use the ERPoe-5 as a switch with the USG?

You can use it yes, but it won't be managed from the Unifi controller. It has to be a UnifiSwitch to do that. A bit like the EdgeRouter Lite v USG - only the USG is managed via the Unifi controller, the ER Lite has its own web UI and management interface.

OK thanks, looks like I have a ERPOE-5 I can sell if anyone is interested.

So got my USG + USW-24 and have them installed and running. All relatively painless. Took a few goes to work out the firewall filtering setup and how to setup my VLANs but think I have it pretty much nailed now.

Must admit I am loving the Unifi UI for viewing and managing my entire network (instead of just WiFi clients previously). The DPI and statistics stuff is pretty slick as well, although not sure how much value it has in the real world.

I have been running dnsmasq since the dark old days of having a Fritzbox which refused to hand out fixed DHCP addresses. I am tempted to drop this and move all DHCP serving to the USG but I have a little python script which sends me a notification whenever a new DHCP lease is issued - a nice little security feature to let me know when someone/something connects to any part of my network. I also run various openHAB rules off this script as well. I would lose this by moving to the USG. Plus I quite like having the full list of MAC -> IP addresses in one file (dnsmasq.conf) for parsing when assigning a new address, rather than storing them against each device in Unifi.

I guess I have just talked myself out of dropping dnsmasq...my OCD just wants this shiny new toy (USG) to take care of everything tho!

Thanks for the tip @michaelmurfy - the USG is certainly a slick bit of kit.

PS - I now have an EdgeSwitch Lite 24 port managed switch for sale - bought new from GoWifi 12 months ago - $300 + shipping.

SumnerBoy:

 

I have been running dnsmasq since the dark old days of having a Fritzbox which refused to hand out fixed DHCP addresses. I am tempted to drop this and move all DHCP serving to the USG but I have a little python script which sends me a notification whenever a new DHCP lease is issued - a nice little security feature to let me know when someone/something connects to any part of my network. I also run various openHAB rules off this script as well. I would lose this by moving to the USG. Plus I quite like having the full list of MAC -> IP addresses in one file (dnsmasq.conf) for parsing when assigning a new address, rather than storing them against each device in Unifi.

 

Why go for the USG then? Wouldn't an EdgeRouter be the far better choice - you can hack away at that for ever in a day.

I am no networking expert. I managed to get my Mikrotik configured but that was only thanks to some details online tutorials and some help from @sbiddle. If I would have had to re-configure it from scratch I would have been screwed. So the USG provides a nice simple config with a pretty robust firewall by default. I was toying with getting the ER but the hardware is exactly the same, you can do the complex CLI config if you really want, but it has the nice fluffy UI for networking noobs like me.

There is something very satisfying logging into the Unifi controller and seeing your whole network presented in pretty green bubbles...call me superficial!!

SumnerBoy:

 

I am no networking expert. I managed to get my Mikrotik configured but that was only thanks to some details online tutorials and some help from @sbiddle. If I would have had to re-configure it from scratch I would have been screwed. So the USG provides a nice simple config with a pretty robust firewall by default. I was toying with getting the ER but the hardware is exactly the same, you can do the complex CLI config if you really want, but it has the nice fluffy UI for networking noobs like me.

 

There is something very satisfying logging into the Unifi controller and seeing your whole network presented in pretty green bubbles...call me superficial!!

 

Fair call! Pretty pictures are always awesome. I guess when I see someone talking about writing scripts I'm like "they know what they're doing". My annoyance with the networking stuff in Unifi is how they have made it so simplified. None of the options of highly customised firewalls etc.

Yeah I know what I am doing w.r.t to MQTT and HA scripting, but definitely not when it comes to firewalls and networking. Anything more complicated than what the USG provides just leads to locked-out networks and inaccessible servers in my hands...In saying that I am definitely learning all the time and have managed to setup my USG to isolate my VIDEO and IOT VLANs from the internet, but still give access to my monitoring software (icinga2) and HA servers (openHAB and mosquitto). 

Now I am about to have a go at setting up a VPN server for remote connection...

Just got my nanostation M5's , Edgerouter PoE and 2x UAP AC Lites working mint in my network with my double network with Wifi is great. The network is fast and I am getting some good speeds on VDSL. About 59/20.

Thanks @michaelmurfy for helping acquire the equipment. 

Pics to come...