Building a Rock-Solid Home Network with UniFi, NAS, Smart Devices & Cameras

With a new home comes a new plan.

1. Game Plan

Before I even touch the cables, I need to think about how I want your network to look and work.

  • Separate networks (VLANs) for different types of devices with different rules. For example:
    • Main network – Family devices (Computers, phones)
    • IoT network – Smart devices; Smart switch, lightbulb, motion sensors
    • Camera network – UniFi Protect devices
    • Guest network – for visitors who “just need the Wi-Fi password”

Unique IP ranges so I don’t run into conflicts later. Should I avoid the boring 192.168.0.x and 192.168.1.x — go with something like 10.20.0.x?

2. Get My IPs in Order (DHCP & Static Assignments)

To prevent the dreaded IP Conflicts and also to manage my fixed devices properly and easily.

  • Static range for important gear (NAS, cameras, printers, AP). Example: 10.20.0.2 – 10.20.0.49
  • DHCP range for everything else: 10.20.0.50 – 10.20.0.254
  • To set static IPs via the UniFi Controller using DHCP reservations

3. VLANs: Your Digital Neighborhood Watch

VLANs are like invisible fences. Devices inside one VLAN can’t cross over into another unless you allow it.

Planned setup:

  • VLAN 10 – Main devices
  • VLAN 20 – IoT
  • VLAN 30 – Cameras
  • VLAN 40 – Guest Wi-Fi

Still thinking about the firewall rules. Example to block IOT devices from the internet? Do I care or worry enough about these things?

4. Wi-Fi SSIDs for Everyone (Well… Almost)

Matching my Wi-Fi networks to my VLANs:

  • HomeMain → VLAN 10
  • HomeIoT → VLAN 20
  • HomeGuest → VLAN 40 (guest isolation ON)

5. NAS: The Digital Vault

Where I will be using it as a plex media storage and important documents and photos.

  • Give it a static IP.
  • Keep it LAN-only unless you’re accessing it through VPN.
  • Turn on encryption for sensitive folders.
  • Set up backups to cloud for important items, currently testing with Storj. Current testing backing up 200gb worth of photos on a weekly basis is around USD$0.50 per month

6. UniFi Cameras: Eyes on Their Own Lane

  • Put them in their own VLAN with the Protect NVR (or Unifi Cloud gateways).
  • Block internet access unless remote viewing is a must.(To be decided)

7. Security: Lock the Digital Doors

  • Change all default passwords — everywhere.
  • Turn on UniFi Threat Management (IDS/IPS) ( however reducing performance)
  • Using DNS filtering for annoying ads (testing with controlD for USD$20 Some Control Plan)

8. Remote Access the Smart Way

To access my network while im away:

  • Use Wifiman (Unifi Teleport) - my current solution
  • Alternative to set up a VPN (WireGuard/OpenVPN) on the Cloud Gateway.

10. Document Everything

This blog will act as my network diary, recording the below:

  • VLAN IDs
  • IP assignments
  • DHCP reservations
  • Admin logins (in a password manager)