I sent out a couple tweets last week about doing a network upgrade in the house. Yes it’s not even 6 months since I moved in and installed the network gear, but as time went on it became clear it was much more wonky than I expected. Between the Apple Airport Extreme VLAN issues, and a tweaky UI on the Netgear switch I decided since Julie and I both work from home and the house is very internet connected, I needed something more stable. I wanted to put together my experience and overall findings here for people to read about. I was told about Ubiquiti Networks a while back by my friend Tim Jabaut. I decided to look into a 100% Unifi solution, but here is how it went.
Original Network Setup Pre-Ubiquiti
As we built the house there was a few things we needed like PoE, up to 48 ports, a firewall/gateway and multiple access points. When we moved in the original configuration consisted of the following.
- Netgear GS752TP 48-port PoE Switch
- Three Apple Airport Extremes
- Cisco RV180 gateway/firewall
- Netgear Comcast cable modem IN BRIDGE MODE
It all worked well with a few configuration exceptions. I had three VLANs on the network to separate things like the security cameras from regular traffic as well as guests. I was able to get it all working, but it required an Apple Airport to also be a gateway which resulted in a double NAT and extra hops just to get to the internet. So client traffic was going to the Apple, then to the Cisco, to the Comcast modem out to the internet. Finally it was three different UI’s for management and ultimately one core switch as a single point of failure.
The Ubiquiti Unifi Solution
After doing some research there is what’s known as the Unifi line of products marketed as an SMB version of their EdgeMax line. At $399 per 24 port switch and $114 for their gateway it seemed like a possible solution. The AC Access Points were a little pricey but I picked them up in a three pack. I found a small vendor in Oklahoma that was AWESOME on pricing and delivery beyond everyone else so be sure to contact Jason at Unifying Solution to get some prices. The other interesting thing that sealed it was the ability to run a cloud based controller for a single pane of glass for all aspects of the network. This made it very “SDN-Like” since all the configurations are pushed from a controller to the devices. It was very easy to stand up and configure and now I can monitor the network from anywhere outside the house. It also means I can manage changes remotely without VPN or other access. Below is a few screen shots including the Access Point coverage Map where you can import images of your site and insert the devices to see their expected coverage.
The Ubiquiti Unifi Cloud Controller
The one thing you want to be sure here is to use the 4.6.x version of the controller. There is actually a nice KB article documenting the complete install. The trick is to make sure you install “unifi-beta” which is not in fact “beta”. There is another KB article explaining this. but that’s just a quirk about their packaging they are looking to change. Just don’t be fooled by the BETA name, it’s a GA version of 4.6.x.
The controller also includes an out of box Guest Captive portal that can be used for various applications from just Terms and Conditions, to simple password, to paid hotspot. The nice thing is because it’s running cloud based it’s easily accessible by the clients.
The Ubiquiti Unifi Switches
I am so far impressed with the switches and the ease of configuration for VLAN’s and multiple networks. All ports support PoE and they actually give you 26 ports because they do not pair the GBIC ports with existing ones. I was able to pick up some $30 hummingbird Copper GBICs from amazon to use as uplinks which also gave me two other ports free for client connections. The switches provision directly from the controller and all VLAN updates are pushed down once a change is made. You can see the ports delivering power easy enough and quickly which are Gigabit or not.
The Ubiquiti Unifi Secure Gateway
This is a pretty simple two port unit. It has a WAN and LAN port and also acts as the VLAN and subnet router. As you create networks they are provisioned onto the gateway and then made available to the switches for VLAN tagging. The gateway has basic firewall functions and port forwarding but that’s about it. It does support PPTP VPN with the use of a radius server but it has limitations.
The Ubiquiti Unifi Access Points
These are well designed from an aesthetics perspective and I love the fact they are barely noticeable on the walls of the house. They look like a doorbell unit for the most part, so commercial or residential use works. They are fully configurable on both the 2.4 and 5Ghz radios using WLAN groups. They support Zero Handoff Roaming, although I am not using it. You can also configure Minimum RSSI settings instead which is what I am doing now. You can also mix and match the power settings by Access point and by radio. You can even override the global WLAN Group configuration locally on each unit. They are also PoE so that simplified the installation for me from the Apple units which needed an outlet near the mounting location. I ended up wire nutting those off and covering the wall box entirely with the new units.
Ubiquiti Unifi Downsides
Everything comes with positives and negatives. That being said I think for what I needed the positives outweigh them for now, but there is a lot of active people and employees on the forums looking to improve things. The Gateway VPN is a bit useless since you cannot define a DHCP server or VLAN’s, so you need to manually add routes to the clients for it to work. I’ve filed this as a feature request. The need to configure a RADIUS server for the VPN where you cannot route, was a bit cumbersome, but I ended up using my Raspberry Pi to handle that and it worked great except for the isolated network problem. The support is a bit delayed, it’s Email only, I cannot find a phone number to call. Lastly they have not yet released a clean way to replace any failed component like a switch or gateway. You pretty much need to add a new one and configure it from your documentation. They admit this is a problem and it’s already being worked on.
Ubiquiti Unifi Upsides
Overall for me the single pane of glass, the unified solution of gateway, switches, and access points along with client and device statistics sealed it. I like managing it all in one place, and compared to my original configuration it’s much cleaner an install and for client traffic. I also ended up with two switches instead of one so I could move wires around in the event of a failure. I won’t use the VPN much since I can manage the network from the cloud controller so I configured it for testing mostly. I think for a small business solution it’s quite powerful, but because it lacks decent phone support, and device replacement with configuration restorations, it may not be for everyone. I have spoken to a lot of people who use the AP’s a lot in hotels and schools, but the switches and secure gateway are a bit newer. I hope they come along with more updates soon to bring those up to speed, but even for now it’s good enough for my house and a vast improvement over what I was doing.