UniFi: Network Setup and Configuration for Short Term Rentals

Determine your desired hardware

Refer to our article on the different recommended UniFi devices you might consider for your short-term rental. Based on your decisions, follow the appropriate directions below.

Once you’ve purchased your equipment, perform the initial setup following UniFi’s instructions and plug it into your internet access device (or modem). Configure cloud control of your UniFi device, and set up multi-factor authentication. We also recommend installing the UniFi Network app on your mobile device, however we suggest performing the main setup using a web browser as it’ll just be easier for all the initial configuration.

Add your hardware

Add any additional hardware like switches or access points to your setup:

1. Login to unifi.ui.com and open the Network app for the location you’re choosing to set up.
2. Once you’re on the Network Dashboard, click on the “Devices” tab.
3. Plug any additional networking hardware into your UniFi controller or switch.
4. Give it a minute, and then the Devices screen will recognize the new device. Be patient, but if it doesn’t automatically, click the button to add device.
5. It will provision the device to be controlled by your controller, which will take a few minutes.

When complete, your Network Topology should look something like this:

Protecting your hardware

The initial setup in your short-term rental should consider location and access. Guests always assume they are the experts of your equipment and will mess with it if it’s accessible to them. We highly recommend keeping all of your internet equipment inaccessible to guests in a locked room. For adequate WiFi coverage, mounting an access point to the ceiling in guest accessible rooms, outdoor soffit or high on exterior walls with no exposed wiring will prevent guests from messing with the equipment but allow wider coverage throughout larger properties.

Connecting the UniFi hardware to the internet

Typical cable and DSL modems that also try to be a router and/or WiFi device tend to be unreliable if used both as the modem and the router/WiFi access for short term rentals. They will eventually become overwhelmed with the large number of prior devices that have been connected, become unstable, and require frequent reboots. To prevent this, we recommend isolating your internet access device to just one task – serving the internet.

If you have a fiber device (or another type of cable, DSL or other device) that is already just a pass-thru modem and needs another device to act as the router, you can skip the next several sections down to the Location of your hardware section. Otherwise, follow the steps in the next several sections to ensure your modem is configured in a reliable way.

Configuring your internet access device for reliability

If at all possible, configure your internet access device as pass-thru or “bridged mode.” This will shut off the majority of the functionality within the device, and hand that work over to the UniFi router instead. If this is possible with your internet access device, you will increase the reliability of your internet setup and eliminate or substantially reduce the need to regularly power-cycle it, thus allowing you to hide all of the network equipment in a locked area of your property.

Setting the device as pass-thru can be complex, so the simpler option is to simply turn off WiFi and other unnecessary features of the device, which will get you close to a pass-thru/bridged mode setup.

If setting up pass-thru or “bridged mode,” wait to actually change this configuration on your internet access device until your UniFi router is ready to support this. Instructions are below.

Basic concepts of a pass-thru internet device

The first thing to be aware of when you start changing the configuration of your internet device, once you change the settings to pass-thru or “bridged mode” you will no longer be able to connect to the internet through your internet device until the UniFi router is configured with your ISP connection information. You also won’t be able to get back into the internet device’s configuration screens without resetting the device.

Configure your WAN configuration

First, ensure you are directly connected to your UniFi controller/router. You can do this by connecting to the UniFi WiFI network, or plug your laptop directly into one of the LAN ports on the device.

Now we want to set up the internet configuration, allowing your UniFi controller/router to talk directly to directly to your ISP through your internet device in pass-thru mode:

1. Login to unifi.ui.com and open the Network app for the location you’re choosing to setup.
2. On the Network Dashboard, enter settings (bottom-right).
   
3. Click on the “Internet” tab.
   
4. Click on WAN1 configuration, and set it up using the configuration provided by your ISP.
   1. Under the Advanced section, select “Manual” and choose the appropriate IPv4 Configuration and/or IPv6 configuration.
   2. Typically, this will be IPv4 PPPoE, and will include credentials that you need to login to your ISP. Follow instructions provided by your ISP for proper configuration of this WAN setup.
      

If you have the Dream Router, skip the next section and move on to switching your internet device to pass-thru mode. In the event you need to factory reset your internet access device, you’ll need to manually switch the WAN1 IPv4 configuration back to DHCP by connecting directly to the Dream Router via the UniFi Wi-Fi or one of the LAN ports.

Configuring multiple WAN configurations with the UDM Pro

If you have a UDM Pro, you can prepare yourself to make it easier to manage this situation. The UDM Pro allows you to setup and configure multiple WAN setups, which you can assign to different internet ports.  We suggest that you configure a standard WAN setup for DHCP, which is the default of all internet devices to hand out IP addresses out of the box or factory reset, and a second WAN setup to interface with your ISP in pass-thru mode. Then, if you need to factory reset your internet access device, you simply change the port it plugs into your UDM Pro, and your UDM Pro will immediately communicate with it properly.

To do this:

1. There will be an existing Primary (WAN1) configuration present that you setup above. Rename it to “Primary (ISP)” or some similar name.
2. There will be a second unconfigured Secondary (WAN2) configuration, edit it and rename it to something called “Secondary (DHCP).” In the future, if things go awry, you can factory reset your internet device and switch the ports your UDM Pro is connecting with to the WAN2 port to quickly get back online and into into the internet device’s configuration.
   1. Leave this configuration set to “Auto” which defaults to DHCP:
      

Now that you have both WAN setups, you can easily switch between them by switching which port you connect the UniFi router to your modem. In a factory reset situation, you connect the modem to your “Default DHCP” configured port (WAN2), but once set to pass-thru, you switch the cable to the “ISP” configured port (WAN1).

Switch your internet device to pass-thru mode

Now that your UniFi router is setup to support talking directly to your ISP, log into your internet device’s configuration and change it to pass-thru or bridged mode. Since devices differ in their configurations, you’ll need to follow the specific instructions for your internet device, potentially with the support of your ISP.

Location for your hardware

Now that you’ve configured your UniFi router to connect to the internet, ideally you can find a central location for the WiFi access point. We recommend using more than one access point, as this allows you to tuck the majority of your hardware, including your modem and the UniFi router, out of the way in a closet or a utility room that’s locked off from your guests.

Even if you are using the Dream Router, you can connect one or more additional access points to it via ethernet cable, allowing you to provide good WiFi coverage throughout your property. In this case, you will likely need to purchase a switch to expand the ports you have available for running additional access points.

Power-cycling equipment

If you still have concerns about the need to power-cycle the equipment from time-to-time, we still recommend keeping your hardware locked up, but purchase a KeepConnect Router Rebooter to be able to schedule power cycles, automatically power cycle when the internet isn’t working, or manually power cycle devices remotely.

We do not recommend that you use this device with UniFi hardware, you can reboot UniFi hardware through the cloud interface if there are performance problems, but the UniFi hardware will never require a reboot to function properly and constant power cycles could corrupt the configuration.

Basic UniFi setup

Whether you are using the Dream Router or the UDM Pro, the configuration of the system is all the same. Configuration is done in the Network app within the configuration interface. This is all accessed via unifi.ui.com

1. Once on the main Network dashboard, enter the settings (bottom-left).
2. Click on the WiFi tab.
3. Add your default WiFi, this will be the network you will use and all of your personal and property-related devices will connect to.
   1. Name your network appropriately
   2. Setup proper encryption using WPA2 or stronger
   3. Most other settings can remain on their defaults
4. Click on the “Networks” tab
   1. Edit the default network
   2. We recommend changing the default network IP range so that there is no possibility it will conflict with your current or a future internet device’s network.
      1. To do so, update the “Host Address” field to “192.168.50.1“. When you change this field, the Gateway, Broadcast and IP Ranges will automatically update to the new network subnet, and will look like the following:
         
   3. If you’re interested content filtering on your default network or a separate “Kids” network, set the content filtering to “Family:”
      
   4. Click “Save.”

Setup the Guest Network

Now we want to create a separate network that you will provide to your guests. This isolates their devices from your network, and allows you to setup custom bandwidth limits, an optional guest portal, and many other desired features for a rental property.

1. Back in “Networks,” click “New Virtual Network,” name it “Guest”, and set a different subnet. We recommend using a very high subnet, like “192.168.199.0” and then click “Manual” under “Advanced.”
2. Under “Advanced” set a large VLAN ID, like 100 as shown below, and check the “Guest Network” box, similar to the following:
   
3. Click “Save.”
4. When you’re done, you should have several networks with different VLAN IDs and different Subnets, similar to the following:
   

Wi-Fi Configuration

Setup your multiple WiFi networks for your personal devices, your guest’s devices, and any other uses you see fit.

1. Click on the WiFi tab
2. Add a second WiFi network which will be your guest network.
3. Name it something related to your property and easy for guests to identify
4. Set the WiFi password, but utilize a different password, one that is easy for your guests to remember and completely different than your default.
5. Under “Network,” switch the option to “Guest” (which we just created above)
6. If you want the captive portal to have guests agree to your terms of service:
   1. Under “Advanced” switch it to “Manual”
   2. Under “Hotspot” choose “Captive Portal:”
      
   3. Then click the “Hotspot Portal” link to open the configuration for the Captive Portal under “Hotspot” configuration:
      1. Upload a logo
      2. Upload a background
      3. Set the text to be used on the captive portal (sample terms of service text in an appendix at the end of this article)
         
      4. Save Hotspot config
7. If you want to implement bandwidth controls for the guest network:
   1. Return to the Wi-Fi config
   2. Select the “Guest” Wi-Fi
   3. Under “Advanced” enable the “WiFi Speed Limit” and then click “Create New Profile” to create the “Guest” profile
      1. Set the name: Guest
      2. Set any download bandwidth limit if you desire
      3. Most importantly, if your network can be overwhelmed by too much upload, set the upload bandwidth limit
         
   4. Set the bandwidth limit dropdown to “Guest” that you just created.
      
   5. If you later need to edit the speed limit, search for “WiFi Speed Limit” in the settings and edit the “Guest” speed limit settings.

Device isolation

The guest network you configured above automatically turns device isolation on, so you don’t necessarily need to configure device isolation between the guest network and your primary network, but setting it up doesn’t hurt either.

Additionally, we recommend setting up device isolation for any WiFi smart devices you might utilize within a smart home automation system. This is important because any WiFi smart device, including those utilizing Matter, have access to your network and could steal information for maliciously impact other devices on your network.

Set up the isolated network

You will need to set up a new virtual network and WiFi network for the this purpose only, you won’t want to use anything we’ve already configured.

1. Return to the “Networks” tab
2. Click “New Virtual Network,” name it “Isolated” or something meaningful for your use (in our example, we named it “Smartthings and Matter”) and set a different subnet.
3. Click “Save”
4. Return to the WiFi tab
5. Create a new WiFi network, name it “Isolated” or something meaningful for your use (in our example, we named it “JF Isolated”)
6. Click “Save”
7. Click on the “Security” tab
8. Click on the “Traffic & Firewall Rules” tab on the top
9. Retain the “Simple” view, and click “Create Entry”
10. Steps:
    1. Name the new rule “Block traffic to/from isolated”
    2. Keep Action set to “Block”
    3. Set Source to the new “Isolated” network, in our example named “Smartthings and Matter”
    4. Under Destination, select “Local Network” and then select all other networks you have created, except the “Isolated” network
    5. Set Traffic Direction to “Both Directions”
    6. Schedule set to “Always”
       
    7. Click “Add Rule”

Connect your smart devices to the isolated network

Now that you have the isolated network and rules established, you need to move all of your smart devices to the new isolated network.

1. If your smart home hub (or any other smart device) is connected via ethernet, edit the port it is connected to so it is assigned to the “Isolated” network:
   1. On the far left bar, click “UniFi Devices”
   2. Click the switch or the router device that your smart home hub is connected to
   3. Click the “Port Manager” button
   4. Select the port number your smart hub is connected to, name the port and select your “Isolated” network:
      
   5. Click “Apply Changes”

2. If your smart home hub is connected via WiFi, ensure you connect it to the “Isolated” WiFi network instead of one of your others.
3. For any WiFi smart device you own, reconnect it to the “Isolated” WiFi network.

Wrap-up

The Network app is just one of the many useful functions of the UniFi ecosystem. As you can tell from the article above, the hardware is capable of very sophisticated configuration that can allow you the fine-grained control of your smart home that you need for it to be safe and reliable for both you and your guests.

Read our other articles that walk you through the setup of UniFi Protect (cameras and NVR) and UniFi Access (common door control and intercom system).

Appendix 1: Sample Hotspot terms of service

For your reference, we have provided some sample terms of service language you can use with your Captive Portal Hotspot configuration:

Terms of Use

By accessing the wireless network, you acknowledge that you’re of legal age, you have read, understand and agree to be bound by this agreement.

This wireless network service is provided by XXXX, LLC and it’s use is completely at their discretion. Your access to the network may be blocked, suspended, or terminated at any time, for any reason.

You agree not to use the wireless network for any purpose that is unlawful and take full responsibility of your actions.

The wireless network is provided “as is” without warranties of any kind, either expressed or implied.