5.4 KiB
UniFi Client Cleanup Shortlist
Status note: this file started as a live shortlist on 2026-05-22. Most of the appliance/thermostat cleanup in here is completed. For the current Protect doorbell/chime truth, do not rely on the original chime recommendation below without also reading unifi-protect-doorbell-chime-current-state-2026-05-26.md.
Live basis:
- Captured from PD with
python3 automation/bin/unifi_network.py --raw - Capture time: 2026-05-22 21:45:20 UTC
- Scope: active clients only
What looks correct already
- Servers lane:
PlausibleDeniability,Serenity,Nomad - Camera lane:
front-doorbell - Trusted human/operator lane:
Rocinante,FlyingDutchman,Pixel-7,Pixel-9-Pro-XL,Valkyrie,steamdeck - Trusted tooling/device that is probably intentional:
MeshMonitor (MT)
Immediate cleanup candidates
1. Move out of Trusted first
These are the clearest remaining misclassifications, and the smart-appliance targets are now approved for IoT.
-
LG_Smart_Laundry2_open(10.5.1.184,60:ab:14:5f:b4:ba)- Current lane:
Trusted - Approved target:
IoT - Identification confidence: high
- Why: named LG appliance endpoint and sibling to
LG_Smart_Dryer2_open; does not belong in the human/operator lane.
- Current lane:
-
dc:e5:5b:8f:57:d2(10.5.1.132, Google)- Current lane:
Trusted - Likely identity: Google cast/speaker/display-class client
- Likely target:
IoT, but late-batch after discovery validation - Why:
- Google vendor fingerprint
- same family as the three Google clients still on
Old IoT - consumer Wi-Fi client on the compat Trusted SSID, not a human endpoint
- heavy traffic pattern is consistent with a media/cast-style household device
- Caution: treat like the other Google/cast discovery-sensitive devices. Do not broaden policy just to appease casting.
- Current lane:
-
d4:ad:fc:f2:df:d2(10.5.1.154, Shenzhen Intellirocks Tech)- Current lane:
Trusted - Likely identity: sibling to the two unnamed Intellirocks devices already on
Old IoT; likely smart-home / embedded device class - Likely target:
IoTor quarantine later if still unidentified - Why: vendor-family clustering strongly suggests it belongs with the other low-trust embedded devices, not with human/operator endpoints.
- Caution: identify before moving if possible; if unknown, do not promote it by leaving it in Trusted.
- Current lane:
Management offenders (historical identification, but not current next-step guidance)
These were correctly identified on 2026-05-22, but the original recommendation to re-home them immediately to Camera / security is no longer the standing advice.
-
58:d6:1f:54:e5:6d(10.5.0.123, hostnameespressif)- Identified as: UniFi Protect WiFi Chime
- Friendly name from controller fingerprint:
upstairs landing - Best-fit target lane:
Camera/ security
-
58:d6:1f:54:e5:af(10.5.0.189, hostnameespressif)- Identified as: UniFi Protect WiFi Chime
- Friendly name from controller fingerprint:
Living Room - Best-fit target lane:
Camera/ security
Notes:
- Both are Wi-Fi clients on
UniFi Wireless. - UniFi fingerprint metadata reports
product_line=unifi-protectandproduct_model=Protect WiFi Chime. - This means they are not mystery ESP junk anymore; they are known Protect accessories.
- Current known-good live state keeps them on Management/default
UniFi Wirelessbecause the Camera-lane override caused them to show offline in Protect. - Do not re-home these two chimes again unless Protect connectivity is explicitly validated during the move.
Old IoT move-now set
These still look like the cleanest deliberate moves from CIA Via into IoT.
MyQ-29B(192.168.1.130)LG_Smart_Dryer2_open(192.168.1.186)Samsung-FamilyHub(192.168.1.149)Main-Floorecobee (192.168.1.102)Upstairsecobee (192.168.1.131)
Old IoT move-later / discovery-sensitive
These are probably IoT-class eventually, but not the first things to touch if the goal is a calm cleanup.
Google-Home-Mini(192.168.1.185)3c:8d:20:f3:92:36(192.168.1.192, Google)90:ca:fa:b6:7f:6e(192.168.1.129, Google)
Old IoT quarantine-first leftovers
Leave these in legacy quarantine unless/until they are identified better.
5c:61:99:41:73:40(192.168.1.172)60:74:f4:54:fd:ec(192.168.1.136)60:74:f4:7b:6a:11(192.168.1.117)c0:f5:35:20:5d:94(192.168.1.183)d4:ad:fc:60:90:6a(192.168.1.100)d4:ad:fc:ea:7f:65(192.168.1.101)
Recommended next move order
If doing a low-drama cleanup pass, use this order:
- Move
LG_Smart_Laundry2_openout ofTrustedintoIoT - Leave the two identified Protect chimes on their current known-good Management/default-SSID path unless you are doing an explicit Protect-validation test
- Migrate the approved Old IoT move-now set into
IoT, one app-validated batch at a time - Leave Google/cast-class gear for later unless everything else is stable
- Keep unknown leftovers quarantined; do not “clean them up” by granting
Trusted
Bottom line
The clearest remaining lane problems are now:
- one approved LG appliance still sitting in
Trusted - one likely Google cast/display-class client in
Trusted - one likely Intellirocks smart-home client in
Trusted - the Protect chimes are a documented temporary exception, not a rediscovery task
- the approved appliance/thermostat/MyQ devices still lingering in
Old IoT