I pulled this together in response to an query on the Unifi message boards and as I have way too much time on my hands thought that I would quickly write it up, partly to help out and partly so that I've a record when I come to repeat the install (if I need to!)

• update formatting
• Add Open SpeedTest container to UDM Host
• Many things on Pi-Hole
• Add some images and diagrams rather than a wall of text settings
• Walk through of my @boostchicken udm config

The start-point is a clean install of whatever version of the firmware and Unifi Application is current. I'm on the beta programme so for me thats currently:

• UniFi OS Dream Machine 1.11.1
• UniFi Network Application 7.0.21

..or what is it that we want to achieve? For me its a simple vlan setup that allows my IoT devices to exist on a stand-alone network thats generally a 2.4Ghz network and my 'Office' LAN that has wired and wireless devices that are normally on the 5Ghz network.

I want to be able to access my IoT devices from my LAN but make it a classic data-diode approach where information can only flow one way. This will allow my LAN to stay secure whilst allowing access to all the various apps/control surfaces etc that the IoT Devices expect.

In classic Internet parlance, YMMV but for me this setup works with the following devices:

• Sonos Speakers (3 scattered about the house)
• Phillips Hue lights (too many, also includes Innr lamps as well)
• Bosch Ovens (via Home Connect App)
• Siemens Tumble driers (via Home Connect App)
• Loop Energy Saver (simple device to monitor energy usage)
• ProWarm underfloor heating
• Various Nest Smoke Alarms
• Nest Thermostat
• Logitech Harmony Hub
• Velux Gateway
• Homekit devices
• Arlo Cameras
• Google Chromecast
• Yamaha Home Theater Amp
• Kamado Joe iKamand (essential!)
• IKEA TRÅDFRI Smart Lighting

Yes, there is also a Pi-Hole but thats probably a different readme. FWIW you should always have a pi-hole on your network. Mines a simple Raspberry Pi 4 that I have running with a PoE+ HAT so it just plugs into my switch under the stairs.. oh its also a docker box that can run a bunch of things and I'm probably going to add another one with a dual NIC module to get around the PPPoE issue that seems to affect the UDM/UDMP throughput

These are my settings for my use-case, you may have different needs but this will give you a starting point. Most of these are set to the default as I've not (yet) found a good reason to change them..

Basic LAN setup

Basic Wireless Network setup

So, thats the basics - you will now have 2 LANs and 2 wireless networks. You can connect the relevant devices to each network and just check that all is good. Noting that to use the apps and things that are used by the IoT network you will need to connect your device to that network as currently there is no real connectivity between the two. Thats the next step...

So, to enable your main LAN to be secure and walled off from your IoT LAN we need to set some firewall rules. Its pretty simple and you only need a couple of rules.

Firewall Rules

To allow proper multicast (compared to the broken one that ships with UnifiOS) you can install one via podman

Docker multicast relay

List of useful links