UniFi Network Infrastructure Recommendations

Current Environment

The existing environment consists of:
- 12 automotive dealership locations
- Approximately 35 users per location split between sales and service
- IPv4 networking throughout
- Location-specific subnets with some shared subnets
- Ethernet infrastructure supporting phones, desktops, and APs
- Corporate WiFi access to Windows Server 2019 domain services
- Location-specific customer WiFi SSIDs
- Manufacturer-specific SSIDs where required
- UniFi AP-AC-Pro and UniFi AP-AC-Lite access points
- WPA2/AES security implementation

Recommendations

Server Infrastructure

Option 1: UniFi Dream Machine Pro (Recommended)

Pros:
- Purpose-built hardware with high reliability
- Integrated security features including IPS/IDS
- Automatic backup functionality
- Streamlined update process
- Consolidated network management interface
- Reduced maintenance overhead
- No dependency on virtual infrastructure

Option 2: Self-Hosted Solution

Pros:
- Greater control over the environment
- Potential cost savings
- Integration with existing VM infrastructure

Cons:
- Higher maintenance requirements
- Increased complexity
- Potential reliability issues
- Recovery complications (as experienced with checkpoint issue)

Hardware Recommendations

New Access Point Deployment

Primary Recommendation: U6 Pro or U6 Enterprise
- WiFi 6 (802.11ax) support
- Enhanced performance characteristics
- Improved client density management
- Advanced security capabilities
- Better power efficiency profiles

Existing Hardware Migration Strategy

1. Phase 1: Deploy U6 units in high-traffic areas
2. Phase 2: Relocate AC-Pro units to medium-traffic areas
3. Phase 3: Phase out AC-Lite units or reassign to low-traffic areas

Network Architecture

VLAN Structure

1. Corporate Network (VLAN 10)
   - Dedicated to staff devices
   - Windows domain integration
   - WPA2-Enterprise authentication
   - Certificate-based security

2. Customer Network (VLAN 20)
   - Isolated from corporate resources
   - Unified “XXCustomer” SSID
   - Captive portal implementation
   - Traffic rate limiting
   - Guest policies

3. Manufacturer Networks (VLAN 30-50)
   - Separate VLANs per manufacturer requirement
   - Restricted access via firewall rules
   - Specific resource allocation

Wireless Configuration

Frequency Management:
- Dual-band operation (2.4GHz and 5GHz)
- Band steering implementation
- Dynamic channel selection
- RSSI threshold enforcement

Security Implementation:
- WPA2-Enterprise for corporate network
- WPA2-Personal for guest networks
- Regular security audits
- Certificate management system

Traffic Management

• QoS implementation for critical services
• Rate limiting for guest networks
• Application-level prioritization
• Bandwidth allocation policies

Implementation Prerequisites

Before proceeding with implementation, the following information is required:
1. Bandwidth utilization per location
2. Internet connection specifications
3. Current performance metrics
4. Physical layout of each dealership
5. Critical application requirements
6. Specific manufacturer network requirements

Next Steps

1. Assessment Phase
   - Document current network utilization
   - Map physical locations
   - Identify critical services
   - Review manufacturer requirements

2. Design Phase
   - Create detailed network diagram
   - Develop VLAN structure
   - Plan AP placement
   - Define security policies

3. Implementation Phase
   - Order new hardware
   - Stage configuration
   - Deploy in phases
   - Test and validate

4. Documentation Phase
   - Update network documentation
   - Create maintenance procedures
   - Develop troubleshooting guides
   - Document security policies

Maintenance Considerations

• Regular firmware updates
• Security audit schedule
• Performance monitoring
• Backup procedures
• Incident response plan
• Change management process

This document serves as a foundation for discussion and should be updated based on additional requirements and constraints identified during the planning process.