Check if each PC operates independently by testing connectivity and performance in isolation.
Check if each PC operates independently by testing connectivity and performance in isolation.
Hello everyone, I'm trying to figure out the most effective way to ensure our PCs on separate networks remain truly isolated. We both work from home and each have a personal computer assigned to us. My goal is to verify that our devices on one network don't interfere with those on another. I currently use a USG, UAP lite, and a couple of UniFi switches. Our main LAN includes a wireless network, which I've set up with a VLAN called WVlan. Both workstations connect via WiFi, and I followed the steps from a video: instead of creating groups, I selected networks for source and destination. However, when I'm on my primary network, I can't ping my work PC, and vice versa. This suggests some level of isolation is working, but I'm concerned about the VLAN configuration. Additionally, the video mentions applying this rule in LAN OUT, where I found documentation on the Ubiquiti website suggesting it functions as expected. What do you think?
The easiest way to isolate devices in Unifi is by treating the Wi-Fi as a guest network and turning on client isolation. By default, it won’t allow connections to private IPs except for the router, so you can’t communicate with other devices on your network. No separate subnet is required here.
Yes, I considered that too, but it needs the Unifi controller running all the time. Right now I’m using it on my gaming PC, turning it off at night and during office hours. I also don’t have a cloud key for Unifi. This could be more useful later when setting up IoT networks.
I’ll look for an affordable PC or a cloud key to ensure it runs continuously, which is handy for logging. Usually it works fine. I might want to explore other connections since ICMP seems handled differently than TCP/UDP before. The guest network with client isolation will prevent devices on the Wi-Fi from communicating with each other, making these approaches more effective.
Well maybe that's what I should do for the short term then. I just felt it may be a good exercise for down the road when creating IoT networks and such. We will hopefully be moving into a house soon (currently in a condo) and all PC's will be hard wired and can finally do away with WiFi for all PC's so I would be nice to learn how to do this securely for hardwired connections. I think the idea is basically the same, just no need for the WiFi network that is attached to that VLan? That being said, are there other/better methods for confirming PC isolation between VLANs?