Files
truenas-stacks/home/doris-dashboard/docs/unifi-client-cleanup-shortlist-2026-05-22.md
Fizzlepoof bec21292de
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled
homelab: sync post-migration repo and n8n runtime audit
2026-05-22 23:05:41 +00:00

4.6 KiB

UniFi Client Cleanup Shortlist

Live basis:

  • Captured from PD with python3 automation/bin/unifi_network.py --raw
  • Capture time: 2026-05-22 21:45:20 UTC
  • Scope: active clients only

What looks correct already

  • Servers lane: PlausibleDeniability, Serenity, Nomad
  • Camera lane: front-doorbell
  • Trusted human/operator lane: Rocinante, FlyingDutchman, Pixel-7, Pixel-9-Pro-XL, Valkyrie, steamdeck
  • Trusted tooling/device that is probably intentional: MeshMonitor (MT)

Immediate cleanup candidates

1. Move out of Trusted first

These are the clearest remaining misclassifications, and the smart-appliance targets are now approved for IoT.

  • LG_Smart_Laundry2_open (10.5.1.184, 60:ab:14:5f:b4:ba)

    • Current lane: Trusted
    • Approved target: IoT
    • Identification confidence: high
    • Why: named LG appliance endpoint and sibling to LG_Smart_Dryer2_open; does not belong in the human/operator lane.
  • dc:e5:5b:8f:57:d2 (10.5.1.132, Google)

    • Current lane: Trusted
    • Likely identity: Google cast/speaker/display-class client
    • Likely target: IoT, but late-batch after discovery validation
    • Why:
      • Google vendor fingerprint
      • same family as the three Google clients still on Old IoT
      • consumer Wi-Fi client on the compat Trusted SSID, not a human endpoint
      • heavy traffic pattern is consistent with a media/cast-style household device
    • Caution: treat like the other Google/cast discovery-sensitive devices. Do not broaden policy just to appease casting.
  • d4:ad:fc:f2:df:d2 (10.5.1.154, Shenzhen Intellirocks Tech)

    • Current lane: Trusted
    • Likely identity: sibling to the two unnamed Intellirocks devices already on Old IoT; likely smart-home / embedded device class
    • Likely target: IoT or quarantine later if still unidentified
    • Why: vendor-family clustering strongly suggests it belongs with the other low-trust embedded devices, not with human/operator endpoints.
    • Caution: identify before moving if possible; if unknown, do not promote it by leaving it in Trusted.

Management offenders

These are now identified and should not remain on Management.

  • 58:d6:1f:54:e5:6d (10.5.0.123, hostname espressif)

    • Identified as: UniFi Protect WiFi Chime
    • Friendly name from controller fingerprint: upstairs landing
    • Best-fit target lane: Camera / security
  • 58:d6:1f:54:e5:af (10.5.0.189, hostname espressif)

    • Identified as: UniFi Protect WiFi Chime
    • Friendly name from controller fingerprint: Living Room
    • Best-fit target lane: Camera / security

Notes:

  • Both are Wi-Fi clients on UniFi Wireless.
  • UniFi fingerprint metadata reports product_line=unifi-protect and product_model=Protect WiFi Chime.
  • This means they are not mystery ESP junk anymore; they are known Protect accessories that should be treated like camera/security estate, not management-plane clients.

Old IoT move-now set

These still look like the cleanest deliberate moves from CIA Via into IoT.

  1. MyQ-29B (192.168.1.130)
  2. LG_Smart_Dryer2_open (192.168.1.186)
  3. Samsung-FamilyHub (192.168.1.149)
  4. Main-Floor ecobee (192.168.1.102)
  5. Upstairs ecobee (192.168.1.131)

Old IoT move-later / discovery-sensitive

These are probably IoT-class eventually, but not the first things to touch if the goal is a calm cleanup.

  • Google-Home-Mini (192.168.1.185)
  • 3c:8d:20:f3:92:36 (192.168.1.192, Google)
  • 90:ca:fa:b6:7f:6e (192.168.1.129, Google)

Old IoT quarantine-first leftovers

Leave these in legacy quarantine unless/until they are identified better.

  • 5c:61:99:41:73:40 (192.168.1.172)
  • 60:74:f4:54:fd:ec (192.168.1.136)
  • 60:74:f4:7b:6a:11 (192.168.1.117)
  • c0:f5:35:20:5d:94 (192.168.1.183)
  • d4:ad:fc:60:90:6a (192.168.1.100)
  • d4:ad:fc:ea:7f:65 (192.168.1.101)

If doing a low-drama cleanup pass, use this order:

  1. Move LG_Smart_Laundry2_open out of Trusted into IoT
  2. Re-home the two identified Protect chimes out of Management into Camera / security
  3. Migrate the approved Old IoT move-now set into IoT, one app-validated batch at a time
  4. Leave Google/cast-class gear for later unless everything else is stable
  5. Keep unknown leftovers quarantined; do not “clean them up” by granting Trusted

Bottom line

The clearest remaining lane problems are now:

  • one approved LG appliance still sitting in Trusted
  • one likely Google cast/display-class client in Trusted
  • one likely Intellirocks smart-home client in Trusted
  • two now-identified Protect chimes still sitting in Management
  • the approved appliance/thermostat/MyQ devices still lingering in Old IoT