Unifi Network Review
I added Ubiquiti’s Edge Router Lite & Unifi access points to my home network a couple months ago. My home network includes two Unifi Access Points and an Edge Router Lite (links at bottom of article). I’ve had my eye on Ubiquiti’s access points for a while. I had previously been using a failing Cisco E3200 as my single Wifi Access Point as well as router and entertainment center network switch. It eventually started to fail about the same time another round of vulnerabilities hit the news about customer routers being horribly insecure. Here, here and most recently here, so I decided to try out a more robust solution. I wanted a product that would have a supported lifetime that was longer than the consumer stuff sold at your local Walmart. I’ve had some experience with the Unifi access points and management software through work, so I knew they provided firmware updates for longer than Netgear or Cisco/Linksys, offered advanced features, and had better range. I briefly considered putting an open source variant on a router, but decided it would be worth a very small difference in price to get something that I could setup in an hour and not worry about bricking my router in the process since I was looking at needing new hardware regardless.
I disabled the wireless radio on the E3200 (leaving it in charge of routing, DNS, and DHCP but not wifi coverage) and installed two of Ubiquiti’s wireless access points. The Ubiquiti Access Points (AP from now on) do not hand out DHCP addresses, they provide wireless network and depend on other devices for all other services. All but the most basic (and I mean most basic) config is handled via a web interface from a service running on a local machine. If need be, some basic configuration can be done by SSH’ing into the AP, but that is beyond the scope of this article. Software packages for Mac, Windows, and several variants of Linux are available here. As of the writing of this article, the management services require Java. I don’t want Java on any of my machines, but least of all any machine I use daily. So I created a Debian based Linux VM in Virtual Box and installed the software there. That makes it nice and easy to keep seperated from my main machine. The key for easy setup is to name whatever computer is hosting the Unifi Controller software with a hostname of “unifi” on the local network. When you connect the APs to the switch and power them up, they get a DHCP address and then try look for the management services on a local computer named “unifi”, so make sure you have a proper DNS entry. Connect all of the APs into the home network via CAT5 (even the ones that will be bridged wirelessly). Login to the management interface from your computer by going to https://192.168.1.x:8443 (where the IP is the IP of your computer running the Unifi) software. I do not have a screenshot of the setup screen, but my 2 access points were easily discovered. Once they have been discovered and managed by the software, you can then update the firmware (recommended), name them something that makes sense, and setup your wireless networking and security. Note that all of this needs to be done via a cabled network. There is no other option when first setting things up (obviously), but anytime you install firmware or make any major networking changes the computer running the Unifi Controller software needs to be hardwired into the network.
The coverage of the old Cisco unit just didn’t work on the opposite end up on the second story of the house. My home network layout is 1 AP downstairs cabled into the router and one upstairs that is wirelessly linked to the first. It then repeats the same SSID to the second story which provides excellcent coverage of the whole house with one single continous wireless network.
At this point, all of your APs are still cabled into the router. To create a wireless bridge between them, simply unplug the AP that will be “wireless”. After a few minutes the controller software will show a the AP has a status of “Isolated”, in that mode the isolated AP will spend a minute or two waiting on the cabled connection to come back and then it will switch modes which will cause it to uplink over the wired access point’s wireless network and it will appear in the controller as being online again. You can then power it down and move it elsewhere, just remember it needs to be in wireless range of the cabled AP. Look for a place where it will have solid wifi coverage from the first AP but be able to provide coverage where you currently have none. By default all access points managed by the same management console have the same wireless network and security settings defined. This allows the same SSID to be broadcast across many access points, some wired and some wirelessly bridged.
There has been one update available for the Controller software and AP firmware since I first started using it. The upgrade went fine, including pushing the firmware update out to the access points. The only caveat, which is to be expected, is that when you install the upgraded software you need to be cabled to the network. The access points will reboot and if you are doing this via wifi you can end up in a position where the access points are waiting to connect back to the management console but can’t because the management console was connected to them via wifi. For scenarios where you have one or more wirelessly bridged access points, there is a specific order to upgrade the access points. Check the documentation for your firmware version for details.
I have attached several screenshots of the Unifi management interface (version 4.6.6). Release notes can be found here [https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-4-6-6-is-released/ba-p/1288816]
I also purchased an Edge Router Lite. Reading reviews of the routers, I saw the same comments over and over again. They work great, but you’d better know how to config a router. Not for the faint of heart, etc. However a bit of research showed that new versions of the firmware provided setup wizards for most user’s common configurations. I ordered the router from Amazon and thought the magic of Amazon Prime I had it in hand two days later.
I bought the low end model which only has 3 ports, however for an actual router (not a switch), 3 ports for home use is more than enough. It shipped from the factory with firmware from 2013, so the first order of business was to get it running enough I could update it. After powering it on it defaults to 192.168.1.1 on interface 0. A quick static assignment to my Ethernet adaptor to anything on that subnet (I used 192.168.1.100/255.255.255.0) and I was in business. Logging in with the default credentials it was easy enough to update the firmware and reboot (at this point the router hasn’t been configured to do anything, so be sure to download the firmware update before you unplug the old equipment). The newer firmware does include a setup wizard. You have a couple options to pick from, of interest to most home users are:
The first option makes Interface 0 the uplink to your ISP (external port), and bridges Interface 1 and 2 to the same subnet (to create two internal switch ports). By default DNS and DHCP are enabled on the router’s internal ports and it will get a DHCP address from your cable modem (or whatever device your ISP provides that hands off ethernet and DHCP) on Interface 0. When using the WAN+2LAN wizard, your two internal ports are bridged together. At a basic level, that means the router is acting as a two port switch. Any two devices to plug into those ports will be in the same subnet, receive IP addresses in the same range, and be able to interact with each other on the network. I did not see any performance issues with the router in this configuration, however it should be noted routers are by their very nature not made to work this way. It is handling all of the “magic” to make those two ports function as a switch in software. I ended up going with the WAN+2LAN2 wizard. This means anything connected to Interface 1 is on the 192.168.1.x network with it’s own DNS and DHCP scope and Interface 2 is on the 192.168.2.x network with it’s own DNS and DHCP scope. Out of the box, those are two seperate networks and connect talk to one other. 99.9% of the time the only reason you’d want separate subnets on each interface is in a business environment. If you don’t know why you want to set it up that way, chances are good you don’t need separate networks on the internal side of the router. However as of the time of the post, firmware 1.7 was recently released. Release notes can be found here. One of the bigger features of the 1.7 firmware is DPI, or Deep Packet Inspection. This is something used by high end web filters to monitor and analyse traffic in real time and then enforce rules based on the type of traffic. At the moment, the DPI feature only works if you are not bridging any interaces. I’ve included screenshots of the dashboard, the Deep Packet Inspection interface, the services tab (DNS/DHCP), and the advanced setup screen (which I haven’t even discussed in this post).
I’ve been using the router and access points at home for a couple months now. I’ve ha zero issues with any of the units locking up or needing to be rebooted as well as excellent wifi coverage. In addition, Ubiquity continues to release new firmware that enables new features. Coming from the land of consumer grade Netgear and Linksys routers, this is a welcome change. If you are technically inclined enough to do the initial setup, I would easily give Ubiquity’s gear a 100% recommendation. If anyone is looking for a gift for a family member, consider a new router/wifi combo. We typically end up troubleshooting friends and family’s home networks during family events anyway, at least with this setup you know it is quality gear.
If there is any interest, I could do a second acticle related to more advanced features like setting up VPN access or Quality of Service.