More happened today than the energy levels would suggest. Went into it wanting to knock out some network issues that had been sitting on the list, ended up also getting Tailscale properly sorted across all devices and swapping the server NIC while things were already open.
UniFi Troubleshooting — Aqara Doorbell
The Aqara G410 doorbell at 10.10.10.9 (Camera Network, VLAN 80) hadn't been viewable in the Aqara App or HomeKit since setup. Ran a proper diagnosis through the UniFi MCP tools in the terminal. The mDNS repeater was already enabled across the relevant VLANs — that wasn't the issue. Traffic inspection showed the camera was reaching Aqara's P2P relay servers via UDP, but only tiny 76-byte signalling packets — no video stream establishing.
Found the real problem: the "Allow IoT to Apple TV" firewall rule only covered IoT Network (VLAN 70), not Camera Network (VLAN 80). The doorbell had no path to the Apple TV HomeKit hub at 10.1.1.112. The camera was generating zero traffic toward the Apple TV, which confirmed the HomeKit pairing session was stale or broken. Added Camera Network as a source to the firewall rule.
The firewall is now correct but the HomeKit pairing itself still needs to be re-established — the camera won't automatically reconnect. Fix: remove the doorbell accessory in the Home app and re-add it with the HomeKit code on the device.
UniFi Troubleshooting — Canon Printer
The Canon G4610 had been offline since June 9. Found it connected to the IoT SSID (Potato Network, VLAN 70) but with a virtual network override already in place forcing it onto VLAN 30 (Home Network) — that's the correct setup for a 2.4 GHz-only device that can't connect to the main SSIDs.
The fixed IP was set to 10.0.0.99 — wrong subnet entirely (Management Network range, not Home Network). Also no firewall rule existed for the PC to initiate connections to the printer, and zero historical traffic confirmed print jobs had never been completing.
Fixed the IP to 10.1.1.5 (Home Network, below the DHCP pool), enabled the fixed assignment, and created a new "PC to Printer" firewall rule allowing the PC MAC to reach 10.1.1.5. Printer came back online, 1.3 MB of TCP print data confirmed flowing through. Network is good. The remaining issue is on the driver side — the correct driver is Canon G4600 Series, and the printer port on the PC needs updating to 10.1.1.5.
Tailscale Setup and Cleanup
Tailscale was technically installed but in a messy state — three separate installs found on the server: a snap version (1.92.5), a Docker container, and an apt package. Cleaned it up: removed the snap (it was holding the tailscale0 interface), removed the Docker container (the host install covers all containers), kept the apt install running as a proper systemd service.
Tailnet is now clean — OptiPlex (n5ubuntu, 100.78.149.70) and MacBook Pro (erics-macbook-pro, 100.99.153.21) both confirmed online. The Samba share on the server is accessible from the MacBook via smb://100.78.149.70/shared through Tailscale when off the local network.
Claude CLI on MacBook
Installed Claude CLI on the MacBook via Homebrew and npm. Node v26.3.0, npm 11.16.0, binary at /opt/homebrew/bin/claude. Claudian plugin path set to match. One unresolved issue: Claudian showing a session ID error on first use — likely a stale session in the plugin state, needs clearing or re-auth.
NIC Upgrade to 2.5GbE
Swapped the OptiPlex from the onboard 1GbE NIC (eno1) to a 2.5GbE USB-C adapter (enx7419f8195c7c). IP held at 10.0.0.5 via UniFi fixed DHCP reservation. The old NIC stays configured in Netplan but unused — available for future use if needed (Proxmox management network, etc.). The 1GbE ceiling would've become a real bottleneck the moment a NAS or Kubernetes cluster enters the picture. Better removed now.
What's Next
- Re-establish HomeKit pairing for Aqara doorbell (remove + re-add in Home app)
- Install Canon G4600 Series driver on PC, update printer port to
10.1.1.5 - Fix Claudian session ID error on MacBook
- Fix WAN uptime panel in Grafana (
wan_networkgroup="WAN"filter) - Cloudflare Access in front of Immich
A lot of ground covered for a low-energy day. The UniFi MCP tooling made the network diagnosis much faster than it would've been manually — being able to inspect traffic flows and firewall hits directly from the terminal is genuinely useful. The printer issue was satisfying to close out, even with the driver side still pending.