UniFi arkistot - Metis.fi

Ubiquiti UniFi WiFi product line

UniFi network devices share common management through UniFi Controller. However, how all the pieces fit together is not obvious at first sight.

In the beginning access points were expensive and a single access point was the norm. When more coverage was needed a second one was added, then a third… Managing and updating the access points one by one turned out to be time consuming. The solution was to manage all the devices from a single point. Ubiquiti UniFi is one of the least expensive such solutions.

You don’t have to replace all your network gear with Ubiquiti brand. You can just get an access point or two and configure them using your existing network. However, there are appealing management benefits, because you can control everything from a single interface. In most cases, you still need an external LTE modem, ADSL modem, WISP CPE or a fiber media converter to get the Internet feed to the Ethernet port on the Ubiquiti Security Gateway.

Access Points

Ubiquiti has also older, 802.11n based access points, but this article covers the new 802.11ac hardware. All the new models support the old standard as well on both bands (2.4 GHz and 5 GHz). The indoor access points are designed to be mounted on the ceiling and they look like smoke detectors. The blue led can be turned off, so you can install the AP in a bedroom ceiling without disturbance.

UniFi access points receive their power over the Ethernet cable (PoE). Older Lite and LR access points required non-standard 24 passive power, but all current models use standard 802.3af/at (PoE or PoE+). Single units come with mains power injectors, but multi packs don’t. The most common solution is to provide power from the switch, which must support PoE or PoE+.

UniFi AP AC Lite is the least expensive access point for home or small office use. The device is physically smallest, it has just two radios per band, requires least power and is the most modest capacity wise, of course. The radios and antennas are good, though, so the coverage is still good.
UniFi AP AC LR means Long Range. You can turn up the transmit power, but not beyond regulated limits, so this doesn’t give any advantage in Finland. The LR-antennas have little more gain than the standard antennas, so you do get somewhat better range.
UniFi AP AC Pro has three radios per band and two gigabit Ethernet ports. It has significantly better capacity than the Lite or LR models.
UniFi AP AC HD or High Density has four radios per band and even more computing power. As an 802.11ac Wave 2 device it can serve multiple clients at the same time (MU-MIMO) which gives a big boost in areas with many clients close to each other: meeting rooms, auditoriums, restaurants, stadiums, exhibition halls etc. The HD is larger than the other models and requires 802.3at or PoE+ power.
UniFi AP AC SHD is a High Density access point with an extra receiver for spectrum analysis and functions for intrusion detection. The S in the name stands for Security.
UniFi AP AC Mesh and Mesh Pro are respectively two and three radio outdoor access points. The Mesh refers to wireless links between access points, but connecting each access point directly to Ethernet will make a far more efficient network.
UniFi AP AC In-Wall and In-Wall Pro are designed to replace an in-wall Ethernet outlet. It contains two Ethernet ports and a built-in access point. In-Walls makes it easy to bring access points close to users.
UniFi AP AC Edu is a special model for educational use. The access point is mounted inside of a loudspeaker to create a public announcement system.

You can mix and match all kinds of access points as you need: Lites to offices, Pros to lobbies and cafeterias and HDs to auditoriums.

Switches

Switches are basically just Ethernet splitters. You can chain switches, but keep the chains short. There are UniFi switches with and without Power over Ethernet (PoE). Not all PoE models provide passive 24V, which is required for some older UniFi access points. There are models with 8, 16, 24 or 48 ports per switch. Otherwise, the UniFi switches have all the features you expect in a switch: gigabit ports, SFP-cages, VLAN and QoS support and so forth.

Routers

UniFi Security Gateway a.k.a. USG is a router, firewall and DHCP-server. To connect to the Internet, you need a router to pass traffic between your internal network and the outside world. Often your ISP will provide an appliance, but if that is not the case, USG will do the job. The firewall in USG looks inside the packets (Deep Packet Inspection) to classify traffic instead of relying only on IP addresses and ports.

USG has two WAN-ports for connecting to the Internet. The device can use both simultaneously for higher throughput or the other can be a spare. The traffic will fail over to the spare connection if the primary connection is lost. For example you can set up a LTE connection as a spare for high availability.

The smaller USG has three ports without SFP while the bigger is rack-sized, four port, more powerful device. There are many firewall vendors out there with similar devices, but managing the USG with the same interface as the rest of the network is USG’s advantage.

UniFi Controller

UniFi Controller is the program to manage the whole UniFi network. The Controller is Java-based software, so it will run on Windows, macOS or Linux. The Controller will recognize all UniFi devices on your network and then you can adopt them to be managed. The software can be downloaded from Ubiquiti’s web site without any license fees. The Controller will start a local web server on the workstation and you connect to it with a browser. The default address is https://localhost:8443.

You don’t need to run the Controller continuously, only when you need to configure or manage the network. If you can run the Controller continuously (e.g. on a server) it will log network events and statistics and you can connect to the Controller from any workstation. The only function that requires a continuously running Controller is the guest WLAN captive portal web site, if you want one.

UniFi CloudKey

UniFi CloudKey a.k.a. UCK is a miniature computer, with UniFi Controller preinstalled. If you want to have a continuously running Controller then CloudKey is an option. It is an integrated computer that fits on your palm. There is no display or keyboard, only an Ethernet cable that will also supply power to the device. You connect to it using a browser. Ubiquiti recommends that you limit the number of UniFi devices to 30 for CloudKey.

Other products

UniFi VoIP is a phone connected to Ethernet. In Finland cell phones and calls are so inexpensive that VoIP phones are not common.

UniFi Surveillance are videocameras and recorders. They are connected to the Ethernet, which will also provide power. You can monitor the videocams with any mobile device or record it on a recorder for later inspection.

How to set up Ubiquiti UniFi WiFi access points with an iOS device (iPhone or iPad) in 5 minutes

If you have a very small deployment, you don’t need to set up a UniFi Controller at all. You can get by just using the iOS mobile app.

Ubiquiti has published the free UniFi.app on AppStore to manage UniFi access points. You can use it as the only means of deployment as well, but there are a few caveats. During deployment the initial connection poses the biggest challenge, since you can only work wirelessly with iOS devices. In other words: you need to connect to the WiFi in order to create it! A classical chicken-egg-problem!

The default network and password built into UniFi access points is a meaningless string of characters and numbers. On the back of each device is a QR code that needs to be scanned and decoded with the app to connect to the access point. Once you are connected the configuration is fairly straightforward. At least until you change the name of the network to something meaningful, because you are immediately disconnected… Then you just need to reconnect to the new network you just created.

On the video below these steps are shown for a two access point network. It was shot on an iPhone 5 (the smallest screen supported) just to show it is possible. With an iPad you have more screen estate to work with.

Steps:

To begin with: both access points are connected to the Ethenet network and are glowing a steady white light.

Scan the credentials for the default network
Join to the default network in iOS Settings > Wi-Fi
Set up the administrative account and country in the general settings
Configure both 2.4 GHz and 5 GHz networks on each access point: name of the network, WPA2 Personal Security and a security key (a.k.a. password)
(Since the name and password for the network changes when you configure the first access point, you need to join again to the new network at that point.)

At this point the HomeNet WiFi network is active and both access points are glowing a steady blue light.

(The UniFi.app is in English, but the iPhone user interface is in Finnish. You should still be able recognize the Wi-Fi settings anyhow. My bad – apologies)

I cannot recommend UniFi.app except for the smallest of deployments. Every access point needs to be configured separately. This is error prone and time consuming if the network is any larger. There are also very few options to configure. The access points are capable of much more. For example you cannot create multiple networks, just one per band. It is almost always better to install UniFi Controller on a workstation or a server.

Affordable enterprise WiFi

Centrally managed Enterprise WiFi doesn’t have to cost an arm and a leg

Wireless networks can be divided roughly into two categories: autonomous access points and managed enterprise networks. The latter used to carry a tenfold price tag and require skilled personnel to run. Today there are lighter weight alternatives for building an enterprise WiFi:

Ubiquiti is a U.S. based company specialized in wireless technology. Ubiquiti has kept their costs down for example marketing mainly by word of mouth. UniFi is their WiFi brand.
MikroTik is a Latvian company, that has delivered routers and other network equipment for the last 20 years. MikrotTik access points are fully fledged routers with a wireless card – and yet they are one of the lowest cost APs on the market. RouterBoard is MikroTik’s hardware brand.
[Edit 8/2018: Discontinued] XClaim is the lighter weight brand of Ruckus, an established U.S. wireless company. Their product line is very compact, but the quality is Ruckus level. For example there are two 802.11ac access points: one for indoor use, the other for outdoor use.

These brands share the price range in a couple of hunder euros, no annual licenses, centralized management and subdued, businesslike design. Centralized management doesn’t require a dedicated controller but runs as an application (that may even fit in your smartphone). A thousand euros will buy equipment to create a good network for a mid-sized office.

Links: