UniFi Network

UniFi Network

UniFi Hardware

Network Infrastructure

  • Router: UDM-Pro (UniFi Dream Machine Pro)
  • Switch: US 24 PoE 250W (UniFi Switch 24 PoE 250W)
  • Switch: USW-24-G2 (UniFi Switch 24 Gen2)
  • Switch: USW Flex (UniFi Switch Flex)
  • Switch: USW Flex Mini (UniFi Switch Flex Mini)

Wireless Access Points

  • Basement AP: UAP-AC-M (UniFi AC Mesh)
  • Office AP: UAP-AC-M-Pro (UniFi AC Mesh Pro)
  • Garage AP: UAP-AC-M-Pro (UniFi AC Mesh Pro)
  • Wall AP: U7-Pro-Wall (UniFi U7 Pro Wall)

Cameras & Protect Devices

  • AI Camera: AI 360 (UniFi Protect AI 360)
  • Bullet Camera: G5 Bullet (UniFi Protect G5 Bullet)
  • Flex Camera: G3 Flex (UniFi Protect G3 Flex)
  • Doorbell Camera: G4 Doorbell Pro (UniFi Protect G4 Doorbell Pro)
  • Instant Camera: G4 Instant (UniFi Protect G4 Instant)
  • Bullet Camera: G5 Bullet (UniFi Protect G5 Bullet)
  • Dome Camera: G5 Dome Ultra (UniFi Protect G5 Dome Ultra)
  • Flex Camera: G5 Flex (UniFi Protect G5 Flex)
  • Video Decoder: UP Viewport (UniFi Protect Viewport)

Settings and Notes

UniFi Settings to improve Bufferbloat

  • Enable Smart Queue Management (SQM) - This is a feature in UniFi that helps to manage bufferbloat by intelligently managing the queue of packets.

    1. Enabled Smart Queues (SQM) on the WAN interface.

      • Set upload/download rates slightly below real-world ISP speeds (not default/max), allowing the UDM-Pro to shape traffic and prevent excessive latency under load.
      • Result: Latency under load dropped from +524ms (Grade F) to +18ms (Grade A), dramatically improving real-time app performance, remote access, and overall responsiveness.
buffer bloat before - grade f! buffer bloat after - grade a!

Optimized Multicast/Discovery Traffic:

  • Enabled IGMP Snooping to prevent multicast flooding (critical for AirPlay, Sonos, smart TVs, and IoT).
  • Set unknown multicast traffic to “Drop” to further reduce LAN noise and prevent multicast storms.

Verify Core Network Security and Performance Settings

  • Ensure rogue DHCP detection is on (prevents network takeover by misconfigured devices).
  • Left advanced isolation/ACLs, Jumbo Frames, and 802.1X off (only needed for complex, enterprise or lab scenarios).
  • Kept RSTP enabled for stable switch loop protection.

Disable Intrusion Prevention System (IPS)

The Dream Machine Pro (UDM-Pro) has a built-in Intrusion Prevention System (IPS) that can cause latency spikes and slow down your network.

Reading more about this the Dream Machine Pro just doesn’t have the CPU power to run IPS without causing latency spikes, especially if you are running Protect with quite a few cameras.

© Mark Norgren. Some rights reserved.

Build Date: 2025-06-06

3f535e3