Tag: unifi

Posted on

Retiring my 5 GHz SSID

As many people know, the 5 GHz WiFi band is going to provide better performance and is less crowded than the 2.4 GHz band. I have always tried to get my devices on 5 GHz. Most WiFi access points/routers broadcast the same SSID for both 2.4 GHz and 5 GHz allowing devices that support both bands to pick which band it wants to use. Unfortunately the devices sometimes prefer the 2.4 GHz band. Apple seems to have acknowledged this shortcoming of devices by providing an option in the AirPort Extreme base station for the user to set a separate 5 GHz SSID.

I’ve used a separate 5 GHz SSID for many years and have had devices that could use 5 GHz use it. While this has worked, once I got to the edge of the range my devices dropped off and I’d have to manually switch to the 2.4 GHz network. This didn’t happen often but it was enough to be annoying and the devices wouldn’t switch back to the 5 GHz network.

One of the features of the UniFi line of access points is band steering which is supposed to push devices to go to 5 GHz if possible. Since I was working on my network anyway I decided to see if I could have one SSID for both bands and if the devices would prefer the 5 GHz network.

The first thing I did was enable the Advanced Features in the UniFi controller:

Screen Shot 2017 09 20 at 1 43 17 PM

Screen Shot 2017 09 20 at 1 43 28 PM

After enabling the Advanced Features, I went to the configuration for each of my access points and turned on band steering to prefer 5 G.

Screen Shot 2017 09 20 at 1 44 04 PM

To finish off the configuration I set the transmit power to high for 5 GHz and medium for 2.4 GHz just to help devices think that the signal is a bit stronger on 5 GHz.

Screen Shot 2017 09 20 at 1 44 04 PM

I tested this configuration for a few days by forgetting the 5 GHz SSID from my devices and watched in the UniFi controller which band the devices chose. Without fail, all the devices including an Apple TV, iPad Pro, iPhone, Amazon Echo, and MacBook Pro chose the 5 GHz network. That was enough to convince me to retire the separate 5 GHz SSID. Today I removed the 5 GHz SSID and if all goes well no one in the house will notice a difference and devices will continue to operate at peak performance.

Posted on

Getting Better WiFi

As I’ve written in the past, I replaced all my WiFi equipment with Ubiquiti’s UniFi gear. For my relatively small 1600 square foot house, I’ve gone overboard and have 3 access points. The house is a tri-level house so ideally I’d put once access point on each level. Unfortunately, due to convenience, I didn’t do that.

I set up one access point in my networking closet near my office on the ground floor, one in the garage in the hopes that it would cover up (yes, I know it points down) and one behind the TV on the mid level (wall mounting is not a great option). While WiFi coverage was adequate, I’m always looking at ways to improve my network. A few weeks ago, I decided to put the access points where they belonged. Since I have attic access above the mid level and second story, I just had to get a Cat6 cable up there. After several hours of trying to get 2 wires through a hole in the garage (I have about 6 other wires through that same hole and didn’t want to make a new one) I managed to pull the cable and wire things up.

The result can be seen in these pictures; the access points pretty much blend in with motion detector and the smoke detector.

The coverage is now very consistent throughout the house and my wife hasn’t complained about the access points on the ceiling!

IMG 6403

IMG 6407

Posted on

6 months after fixing Internet woes

About 6 months ago, I wrote about how I replaced all of my dad’s networking gear with Ubiquiti products including the USG, Cloud Key, and a pair of UAP-AC-LRs. While it didn’t completely cure his Internet issues, we were at least sure that the router and access points weren’t the problem. His cable provider kept doing work on the connection and eventually he replaced the cable modem with an ARRIS 6183. I don’t believe that the cable modem was the problem, but I wasn’t going to argue with it working (we had already swapped out the cable modem with a different SB 6141).

The gear has been rock solid; one of the access points wasn’t touched since the day we installed it; the USG was rebooted when the cable modem was replaced and my dad had to reset the other AP when he did some wiring changes in a closet.

Screen Shot 2017 08 02 at 9 24 14 AM

Ubiquiti has been putting out regular updates to the equipment, but I decided to just leave it on older versions as everything was running. Yesterday I went ahead and performed the upgrade remotely which was quite scary as any firmware upgrade could render a device useless. Luckily upgrading all components went smoothly; the Cloud Key took a little longer than expected and I almost panicked when it didn’t come back online.

I asked my dad if he’s had any problems with the Internet and he said no; this was news to my ears. Prior to installing the Ubiquiti equipment, the family’s solution for any time they had a problem was to reboot the cable modem and router. This no longer happens and everything just works.

As much as I’d like to recommend this type of setup for the average household, the separate components make it intimidating. For anyone with a little networking knowledge that has to handle an Internet connection for someone else like a family member or a small business, I’m not sure that you can beat Ubiquiti for the features at the price point.

Yes, I know I sound like an advertisement, but the more I use their hardware, the more I keep looking at reasons to get more and see what it can do.

Posted on

Review: Ubiquiti UniFi Security Gateway

Sometime after I reviewed the Ubiquiti EdgeRouter Lite, Ubiquiti contacted me and offered me a few products to test and review. One of the products they sent me was the UniFi Security Gateway. At the time, I set the box aside as it didn’t have all the features of the EdgeRouter Lite. In January when my father was having trouble with his Internet, I put the USG into service. For that application, it was ideal as it integrated with the rest of the components and was simple to manage.

After the success of that install, I was kind of jealous and decided to purchase a USG and see what it would take to replace my EdgeRouter Lite; the UniFi team has done a lot of work on the controller (the GUI to manage the device) since I was originally sent the device. Replacing a router should not be rocket science. Unfortunately for me, my network is a little bit customized. Going from the EdgeRouter Lite, I had to move over the following:

  • Dynamic DNS (for my external IP address)
  • IPv6
  • VLANs
  • Firewall rules for the VLANs
  • OpenVPN server
  • Static DHCP entries
  • Static DNS host entries

Some of this is available in the controller, some of it isn’t.

The first step was to adopt the USG into my controller. I followed the instructions on how to integrate the USG into an existing network. Unfortunately, I was unable to adopt (meaning the controller can manage the device) the USG. I tried a few times with no success. Next I looked at an article that allows me to configure the USG to find the controller (instead of the controller finding it). I followed the SSH instructions and issued the commands:

    mca-cli
    set-inform http://ip-of-controller:8080/inform

This worked and I started getting somewhere. (After reading some more posts on Ubiquiti’s extremely helpful forum, it appears that an old firmware may have had issues adopting and that upgrading the firmware before adopting may have helped.)

After the USG was adopted into the controller, I plugged in the WAN connection, rebooted the cable modem (so that it would pick up the new MAC address) and was able to connect to the Internet. If I had a simple network, I’d be done, but nothing is ever easy for me.

Next up was setting static DHCP entries. While the current controller doesn’t let you assign DHCP entries until after a device has been seen, all my devices were online and showed up in the controller (I have UniFi switches which makes the controller populate with all devices it sees) using the addresses I had assigned from the EdgeRouter Lite. It was a simple matter of selecting each device, clicking the “Use fixed IP address” checkbox and clicking Apply. (Note there is a bug in the UI where the checkbox doesn’t stay checked even after applying.)

Screen Shot 2017 03 06 at 11 08 48 AM

Perfect, so now that was out of the way (tedious, but reasonable), I could move on or so I thought. The controller lets me assign static IP addresses for clients; switches and access points are not considered clients. I needed static IP addresses for the switches and access points so that I could use SNMP monitoring on them; the package I’m using, Observium uses host names to address the devices; in order to use host names, I had to first give devices static IP addresses. This is where the messiness begins. Ubiquiti has an article on how to customize the USG and have the changes persist across reboots. (The EdgeRouter Lite just lets you configure it using the command line and the changes persist.)

You start the process by doing something like this:

    configure
    set service dhcp-server shared-network-name LAN_10.0.1.0-24 subnet 10.0.1.0/24 static-mapping UniFi-LR ip-address 10.0.1.131
    commit
    save
    exit

and then

    mca-ctrl -t dump-cfg

At this point, you have to pick through what was dumped and only choose what you entered manually as the json file you create gets merged in with what is produced from the controller. This isn’t necessary if you have a standard config and the controller has all the options you need.

I then repeated this process for IPv6, static DNS entries and my OpenVPN server configuration.

There is a GUI for configuring the firewall and I setup rules that prevent IoT devices from talking to my LAN, my cameras from talking to anything except 1 device, and a few other rules. This was straightforward, but a little different than on the EdgeRouter Lite.

Screen Shot 2017 03 09 at 2 13 16 PM

Now that I had the USG setup like my EdgeRouter Lite, what did I get? The hardware is virtually identical, so I didn’t gain performance. The main thing I gained was being able to look at my entire network in 1 place. In addition, I get the ability to remotely manage/monitor my network through the UniFi cloud. Did I mention the pretty picture with the circles?

Screen Shot 2017 03 06 at 10 59 55 AM

People are going to ask, why go with a USG over an EdgeRouter Lite. Here’s my rundown:

USG

  • Easily integrates with other UniFi equipment.
  • Simplified configuration.
  • Remote access via UniFi mobile app.
  • Firewall configuration is slightly easier than on ERL, I think.

EdgeRouter Lite

  • UI has some more advanced configurations like being able to change any option using the configuration tree.
  • Firewall configuration in UI allows you to apply rules directly to VLANs.
  • Configuration via command line is a one step process; make change and save it vs USG which has multiple steps.
  • Core operating system is newer than USG.
  • Static DHCP reservations can be made prior to a device being on the network.

Conclusion

Pros

  • Easy setup for simple networks.
  • Full view of entire network in one spot.
  • Remote access to router from UniFi mobile app (using the UniFi cloud).
  • Easy configuration of firewall entries.

Cons

  • No IPv6 DPI (deep packet inspection).
  • DPI works across all interfaces and may not give you an accurate representation of WAN traffic (which is what interests me).
  • Not all configuration options are available via the GUI.
  • Initial setup into a non-trivial existing network is painful.
  • WAN speed test is only useful for up to 150 – 200 Mbps (according to a forum post; I have 300 Mbps down and can only get about 130 Mbps shown).
  • JSON configuration for command line options is a bit awkward as you have to use the command line first, export the options and then pair down the result to put in the JSON config so that settings persist.

Summary

As I’ve written about in the past, the UniFi line of networking products is easy to use and everything works well together. The USG fits in well and despite my rough start with it, I’m pleased with it. While there wasn’t a huge leap from the EdgeRouter Lite to the USG, being able to see my entire network configuration in one place makes it easier for me to manage. In the future, I plan on adding more firewall rules and possibly more VLANs to separate out more IoT traffic (a day doesn’t go by where you don’t here about some IoT device doing something shady).

If you already own an EdgeRouter Lite, moving to a USG is a tough decision. You gain no new functionality or performance, but an interface that works with other UniFi hardware. If you don’t already own an EdgeRouter Lite and either plan on getting UniFi access points or switches, I think it is a no brainer to get a USG. If you aren’t using other UniFi gear, a USG itself won’t buy you a whole lot. With the USG, I’m able to define VLANs once and have it apply to the WiFi access points and the switch ports; with the EdgeRouter Lite, I had to define VLANs in both places for proper routing.

UniFi employees are quite active on their forums and have posted their roadmap. I really like some of the features and their openness is refreshing. The features won’t really change how I use the device, but will help reduce the number of command line changes I have to make.

Posted on

Curing home Internet problems with UniFi gear

For as many years as I can remember, I’ve been the goto person for my family when they have tech problems. Anyone that is in this situation knows that this gets old pretty fast! At the beginning of January, my father started having problems with his Internet connection where he said it kept going out. I told him to call the cable company and get them to come out. He wasn’t quite convinced that it was the cable company, so he spent about a week testing out his router/access point (Apple TimeCapsule) and my sister’s router (similar device). (My dad and sister live in separate houses on the same property.)

After no real change in the stability of the connection, my dad started the game of contacting his provider. He also told me that he wanted the same router and access points that I have. Initially I said absolutely not as I didn’t want to have to walk him through configuring the UniFi devices. While the UniFi controller is pretty easy to use, it isn’t aimed at consumers. I thought about this for a day and told my dad that I’d set him up with a new router and access points on the condition that I managed all of it remotely. Once the UniFi gear is setup, there is very little management needed.

I purchased 2 UniFi UAP AC LR Access Points, a UniFi CloudKey, and a UniFi USG. I had an old Netgear PoE switch that I threw into the mix.

Setup of the pieces was pretty easy. I put all the pieces on my floor, connected them, and then hooked my MacBook Pro up to the USG to create a separate network. In addition to configuring the devices, I labeled everything and put “DO NOT UNPLUG” on the devices as power cycling seems to be a popular way to “troubleshoot” Internet connections. As I hadn’t used the CloudKey before, I was slightly confused that I had to goto the web interface of the CloudKey as well as the web interface for the USG for initial setup. I don’t remember the exact steps, but it only took a few minutes to get things running.

UniFi Setup

I setup the UniFi Controller on the CloudKey to use my UniFi login so that I could remotely manage it.

My dad and I installed the USG, switch and 1 access point next to the cable modem which took a little while to make everything look neat. The USG and the switch have those dumb slots for screws that I can never get right on the first or second try. The access point, however, has a removable base that made it a snap to install in the closet where all the equipment lives.

Once I powered everything on, it just worked as I setup the wireless networks with the same SSIDs and passwords that were already used. The only slight problem was that I had to turn off WiFi on the Time Capsules as devices were connecting to the wrong access point.

The UniFi iOS app has come a long way since Ubiquiti started it. The app now has everything I need to remotely monitor and manage the network. Ubiquiti uses a protocol for remote management that works in Chrome (on the desktop), but currently not Safari, so using the iOS app is the only way to look at the remote setup from my iPad.

UniFi iPad App

While my dad’s Internet connection has been up and down over the last 12 days, the USG and access points have been rock solid. The cable modem has been rebooted a number of times, but none of the UniFi gear has been touched.

This type of setup isn’t cheap, but it seems to be on par with some of the newer mesh systems.

Pros

  • USG, CloudKey, and UAP AC LR are easy to setup for networking savvy people.
  • Mobile app can handle most of the monitoring and configuration.
  • UniFi Controller with the USG shows traffic statistics in pretty pictures!
  • Remote access works well.
  • Very stable.
  • Access points provide good coverage.

Cons

  • UAP AC LR uses passive 24V PoE. The PoE switch I installed is 802.3af which means that I had to use a power injector to power the access point (I could have bought an adapter from Ubiquiti to conver the 24V to 802.3af).
  • Average consumer cannot easily setup the equipment.
  • USG is missing some features such as GUI configuration for IPv6, static DNS entries, DHCP reservations (before device is seen on network).
  • Default guest network configuration uses client isolation such that guests can’t connect to other devices on the network, but the guests can scan for other devices. I changed the configuration to use a separate VLAN and give out IP addresses in a separate range for guests. I think that this may be a better setup for an out of the box configuration when the wizard asks if you want a guest network.
  • When I inserted the micro SD card into the CloudKey, it got stuck. I basically had to destroy the card to get it out. I’m not sure if this was a design issue or a manufacturing issue, but I put a new micro SD card in there and everything works fine.

Summary

While I was hesitant to set my dad up with the same networking equipment I have. I now believe that this will be the best long term strategy to supporting him. If he or my sister blame the router and access points for Internet problems, I can show them that it isn’t. Being able to remotely monitor and configure the devices (including performing upgrades) is a great benefit to anyone having to deal with someone’s Internet issues.

I hadn’t played much with the USG prior to this install as I use the EdgeRouter Lite. However, based on this and the periodic updates to the firmware and controller, I’m definitely going to be switching over to the USG in the near future (there are a few items on Ubiquiti’s roadmap that I want).

With Apple exiting the router market, people are looking for alternate solutions. If you are savvy with networking, I think the USG, UniFi Access Points, and CloudKey (unless you have an always on machine to run the controller) are a great combination. For a home setup, it may seem like a lot of money, but how much is my time worth?

Note: The USG was sent to me by Ubiquiti as a review unit. It has been sitting on my shelf for a year now simply because the controller software wasn’t exactly what I wanted at the time. The controller software has come a long way and if I had to choose between the Edge Router Lite and the USG, the USG would now be my choice.