I was bored this morning so set myself a new project. Having managed network gear from Unifi I can very easily setup different dedicated networks or VLANs. I already have 3 separate ones, one for the main network and then one for Chromecasts and video stuff and the other for the rest of the IoT gear such as Alexa and Philips hue and harmony hubs. The latter VLAN is completely isolated from main network for security. Main Lan can talk to the IoT VLAN but not the other way.
Some believe that separating off audio gear from a busy network is beneficial for sq, I don’t adhere to that myself but as I was bored thought I would do it anyway as it’s so easy to do with Unifi kit due to it managment UI.
So I created a new VLAN network called Roon as its what I use to playback to everything, set up a new wireless network using same VLAN called Roon for the wireless music zones. On the Unifi switches that are used to connect to my Atom, Roon core and a pi based streamer set their respective ports to be the new VLAN and then rebooted them all. Next connect all the wireless zones to the new Roon SSID. Job done
All my control apps for Roon and the Naim app are on the normal network but can see and control all the devices on the audio VLAN thanks to the way Unifi manage their VLANs could isolate completely but then you cant control it without being on the same network which is not family friendly also I use the remote devices for other stuff on the normal network so it’s just not practical to keep switching networks so let Unifi manage this it’s effective and requires no input from me.
So now it’s done did I hear a miraculous change in SQ, of course not, but it might perform better in other ways and I won’t have the rest of the network including vpn for working from home getting in the way.
Anybody else done this? Did you find any benefit doing it?
No but would like to…don’t currently have the right kit to support it. Need to replace my crappy PlusNet router to start with. I’ve used Juniper firewalls/routers and Draytek in the past but really need to look at something new with good VLAN support too.
Not specifically although I could disable most features but would still need another router/firewall sitting behind with the more advanced features so thinking may as well change the unit out with for something with better functionality.
Yep full loom as it where . Virgin Hub 3 in modem mode to usg3, us860w as main switch off the router this feeds and powers two access points an AC Pro and AC Lite all via PoE. The n two ports run feeds via PoE again to standard us8 switches in each downstairs room one of which powers a subsequent AC lite access point via PoE. Have Nas and a few other devices off the main switch. Works brilliantly and all easily managed from their app or you can invest in a separate controller. Mine runs on my Nas , looking to get a separate controller so I can also run their home security stuff as well.
I have all Ubiquiti too. It works really well. I recently swapped a USG 4 for the USG Dream Machine Pro. It was fairly expensive but it’s an excellent bit of kit. It does all the router stuff, runs the controller and has an 8TB hard drive that records from our 4 security cameras. All controllable/viewable by app. Great! I must explore a music only vlan as you’ve done.
As it won’t work with Roon if fully isolated, nor can I use Plex properly. I have a number of Chromecast enabled devices for audio and video but I only use Chromecast for audio I use Plex as on my TV and Shield which are Android based and have Chromecast built in. So I left those as a video only Lan and it works fine. I am less concerned about those than the other stuff and cheap IoT gear. I dont activate Chromecast on the Atom at all.
It requires a lot more know how to get the isolated lan to work both ways and maintain the level of security than I have patience for. I tried for days to get it to work and couldn’t so decided on that plan.
So you do any special QoS settings for the different VLANs? Eg prioritize the audio one?
Or just separate traffic broadcast wise?
(Except in cases of isolation.)
I haven’t done so for my audio stuff - I’ll need to check that the Naim app works cross-VLANs. I have set up a separate VLAN for my IoT devices, and firewalled it from the rest of the network (i.e. it can see the internet, but not my internal networks), because I’m not overly impressed with security of IoT devices, and I didn’t like the idea of a heatpump controller being a conduit for my computers and NAS being trashed.
Just VLAN’ing should be sufficient in the first instance, as it’ll reduce the broadcast domain. And if the only devices within the audio VLAN are audio devices (plus your firewall), you’ll at least know that the devices are supposed to be talking to eachother.
From memory it works better using mDNS repeater instead of a reflector, for which you’ll need to use the JSON config as the UI will enable the reflector. But it’s a while ago, so I might have had other reasons to configure it this way.
It does, as my Naim stuff is on my IoT network. I’ve never seen a security fix from Naim appear, and between releases there’s 6 months… Possibly more often than for your heatpump, but still.
But I think it does rely on multicast which is always a pain to get to work right. (Why o why didn’t I just document things at the time I was setting it up.) So expect intermittent results and and an angry partner for a while while you’re figuring things out.
So my LAN (default VLAN), Guest network (VLAN 50) and IoT network (VLAN 100). Yes, the guest network also gets some access to IoT devices in case you’re wondering.
I got it working without doing anything to the config file. Disabled IGMP Snooping and it worked. I found a video that goes through all the steps and he gave advise to turn it off as it can help with Chromecast issues and it has. Happy camper now.