I do MDUs, hotels, and large residential (5000+ feet) with Unifi. For MDUs, I set a native/default VLAN on all switch ports with no DHCP/IP and no routing. I then selectively enable ports for devices and tenants. All hardware is on a "device only" management VLAN for the Unifi equipment to talk with itself and firewall rules to only allow inter-device communication and with the Unifi controller. Each tenant gets their own VLAN (no inter-VLAN routing). WiFi is an open guest network in the common areas with managed DNS/click-through authentication. Port isolation is enabled on the aggregation switches to each cascaded switch, and to each AP to limit broadcast domains.
The hotel setup is similar, with VoIP phones in the mix on dedicated "Guest + Tagged VoIP VLANs" for all Ethernet ports and dedicated staff WiFi/VLAN networks. 802.1x is coming to these networks soon to provide device authentication for the managed/corporate devices. Firmware updates are tested in the lab, then in a trial network, then scheduled for deployment during a maintenance window. APs are scheduled for upgrade first, and then switches get upgraded 30 minutes later. MDUs happen overnight. Hotels happen during the day, at off-peak hours (like 11AM Wednesday) , while staffed, in case there's a guest emergency. tim On Sun, Oct 28, 2018 at 10:35 AM Matt Hoppes < mattli...@rivervalleyinternet.net> wrote: > So you brick the entire network at one time? ;) > > What is your application? Apartments? Or single dwelling homes? > > On Oct 28, 2018, at 10:19, Tim Cailloux <t...@southern-internet.com> wrote: > > I'm using Ubiquiti Unifi for my SMB/large residential customers. It's got > virtually everything I need to manage, though it's not single pane-of-glass > monitoring for the entire network. > > I'm using Cambium cnPilot for my residential customers, managed through > cnMaestro with my other Cambium gear. It works nicely. > > (I'm far enough down the path with an installed Ubiquiti footprint that > I'm unwilling to migrate the Unifi to cnPilot, and Cambium is only now > coming out with switches that can be managed through cnMaestro.) > > tim > > On Sat, Oct 27, 2018 at 11:38 PM Adam Moffett <dmmoff...@gmail.com> wrote: > >> I'm curious general if anyone is selling WiFi systems. Not just a >> single router, but some kind of integrated package like AmpliFi. I see >> several options on the market, but AmpliFi is supposed to work with >> Ubiquiti's UNMS software. Something centrally managed like that might >> be very attractive to me. I like the idea that when they all need a >> firmware update I just click a button and they all get updated. >> >> -Adam >> >> >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > > > -- > Tim Cailloux > Southern Internet -- Locally Owned and Operated > t...@southern-internet.com > (404) 406-9911 > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- Tim Cailloux Southern Internet -- Locally Owned and Operated t...@southern-internet.com (404) 406-9911
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
