Overhauling my home network with gear from Ubiquiti Networks

As the Internet has become more pervasive, the routers we place in our homes have evolved to keep up with the ever growing demands of our phones, tablets, and IoT device families. Unfortunately, for me, they aren’t evolving fast enough and if there were ever a time to shout “Get off my lawn you whippersnappers!”, now would be it. It would seem the consumer and even small business flavor of routers have led to nothing but frustration and disappointment for me.

A few days ago, the air interface on our Linksys WRT1900AC router died.

For those unfamiliar with the term ‘air interface’, it refers to the wireless radio inside of the router or wireless access point (WAP) which broadcasts the signal your laptop, phone, and/or tablets use to connect without wires. It comprises layers 1 and 2 of the OSI model, physical and data link.
The router was a few months older than the 1 year warranty it was given. We have no idea why it died, it’s well ventilated, never abused (physically, of course), and generally performed well. We had been contemplating moving the router to the center of the house for better WiFi coverage, but really, it’s been solid. Nice for a Linksys product. But, all that glitters is not gold and we’ve been without WiFi for nearly two weeks. Before you ask, no, it’s not brought our family closer, in fact, we have wires everywhere. It looks like a data center exploded.

There is certainly a difference in consumer and enterprise/business hardware. I’ve often preached this with computers, i.e. if you should buy Lenovo, buy a “Think” branded product, not an “Idea” product. The difference being the quality of the item and the support you receive. With Lenovo, ThinkPad/Center/Server support is out of North Carolina and the product is of higher quality, in general. With Idea products, I’m fairly certain it’s the Philippines or Mexico. Either way, not really great. There’s that whole stigma in calling tech support and speaking with someone you can’t understand, doesn’t care, etc… Personally, I’ve had that experience with Lenovo in the past, but I digress…

As I said, there’s (usually) a huge difference in the quality of a product when it’s business-class or enterprise-grade. Although Linksys is owned by Cisco, they were not blessed with any of the quality associated with Cisco.

Below, a diagram of my network (as configured for the Ubiquiti gear).

map

 

When we purchased the Linksys router last year, I originally researched products from Ubiquiti. Ubiquiti Networks is a relatively small company who develops high-performance networking technology for service providers and enterprises. Their focus is on customer bases in markets which are underserved and underpenetrated, and a large portion of their products have to do with erlWISP-related hardware. Incidentally, they are also the manufacturer of a neat little router capable of switching 1 million packets per second which happens to be under $100. The EdgeRouter Lite.

Do not be fooled by its tiny appearance. This little guy is a carrier grade router, easily capable of providing routing, BGP, OSPF, and RIP services for a medium sized ISP. Running a modified form of Vayatta with a powerful GUI, the EdgeRouter Lite is the perfect fit for our unique network needs. And to sweeten the pot, I got it on sale for $9 bucks off… a good deal in my opinion.

unifiYou’ve probably noticed, the EdgeRouter Lite doesn’t have WiFi. Well, I researched that some time ago as well and found an excellent product from Ubiquiti. Now, our wireless needs aren’t as demanding as our wired needs, so I am sacrificing 802.11ac technology for some old fashioned 802.11n 300 mbps access points. We ended up buying a 3-pack of the UniFi AP Enterprise, UAP-3 WAPs. I also managed to get these on sale, $178.56, compared to $199.00 directly from Ubiquiti. Sorry guys, but gotta save money where I can!

 

Specs wise, the Ubiquiti WAPs are quite powerful and definitely geared towards the enterprise market. Many of my readers are likely familiar with products from Aruba Networks or Cisco’s Aironet product, for example. Ubiquiti’s UniFi product is very similar but a fraction of the cost, as you can see.

They operate via a controller app which you install on your computer, Windows, OS X, or Linux, and from there you define setup, SSIDs, and can clone configurations to other UniFI APs on the same network. They also have no software fees for the controller, so once you buy it, you own it, including updates! The best thing though? They’re equipped with PoE (Power over Ethernet), so toughswitchwhile we have to install these in our ceiling, I don’t need to run power.

Prior to this, I didn’t own a PoE switch, but I do now! And again, it’s from Ubiquiti. I selected the ToughSwitch for it’s ability to provide PoE to the 3 access points we intend to mount, and still have room to expand. Additionally, the ToughSwitch is somewhat of a managed switch, and can be configured for more advanced switching, if I need it. Unfortunately, Ubiquiti doesn’t make these any more, but I found one on Amazon at a stellar price: $76.57, new. This was a significant savings, and I’m quite thrilled with it.

 

Looking for packaging/unboxing photos? Wait no more!

20150808_015234291_iOS
« 1 of 20 »

Installation & Setup

Ubiquiti ToughSwitch 101

I began setup with the ToughSwitch. Mostly because I couldn’t disconnect my internet at the time to configure the WAN side of the EdgeRouter Lite. The ToughSwitch is a switch after all, albeit with a managed aspect to it, so it really doesn’t take a lot of effort to get going. As you may have noticed from the image above, the ToughSwitch is preconfigured with a IP range of 192.168.x.x, subnet of 255.255.255.0, and a default username/password of ubnt/ubnt.

I suggest you change the username and password combination as soon as possible!

Having already downloaded the latest firmware update for the ToughSwitch, I updated it (and that admin username/password) after logging in. Additionally, I reconfigured the IP address to a preferred range; personally, I find 192.168.1.x to be amateurish, and use a 10.0.1.x configuration. The GUI on the ToughSwitch is simple, but powerful.

Let’s take a look.

The main screen of the ToughSwitch displays a litany of information, including a really neat real time view of connectivity. I.e, what’s plugged in, where, and it’s link status. You can also see a total throughput in either Kbps or Mpbs.toughswitch_main

Under port status and statistics, you can see the exact configuration on a port-by-port basis, including if PoE is enabled, what the link speed is, and how much data has been transferred. It’s important to note, the ToughSwitch does not ship with PoE enabled by default, you’ll have to enable that as needed, manually. It’s pretty easy to do.

At the bottom, you can see a throughput graph, and data distribution charts. This is particularly handy since it breaks down the throughput per port. Since I’ll be using this switch to power my three UniFi access points, being able to dig into the bandwidth consumption will help me manage my network more effectively than before. Kudos to Ubiquiti for including this!

toughswitch_gui

Further demonstrating the managed side of the ToughSwitch, the devices tab of the ToughSwitch GUI enables you to configure:

  • Firmware settings
  • The IP configuration and hostname of the device
  • As well as a varied amount of network services (most of which I don’t need).
  • Additionally, you can test changes, revert changes, or create backups of the configuration.

Note the real time view of cable connectivity and throughput totals remain at the top.

Below is a gallery of the remaining three tabs: VLANs, Ports, and Alerts. The Ports tab is where you can modify port specific settings such as PoE.

 

 

alerts_tab
« 1 of 3 »

Ubiquiti UniFi Configuration

Perhaps the bread and butter, nay, cornerstone, of Ubiquiti’s product line up are their UniFi wireless access products. After all, many of the products Ubiquiti manufactures are designed with WISP and/or enterprise configurations, but easily installed in smaller deployments. That said, they are certainly not as complicated (or expensive!)to configure as their contemporaries… *cough* Cisco Aironet *cough*. In fact, I found configuration of my UniFi APs to be incredibly easy, taking perhaps 20 minutes to get up and running.

Unlike many consumer grade routers which feature a web control panel, Ubiquiti requires you install an app – the controller. The UniFi controller app is essentially a self-contained applet/serverlet which opens the management GUI in your browser.

Initial setup of the controller requires you configure a username/password to login, and opts for you to setup/configure any access points on the network as well as create your SSIDs. You can skip these options if you wish. However, I recommend setting up your APs in this process, it makes things a little easier with regard to access point adoption and provisioning later.

unifi_management

UniFi’s home screen is very clean and displays only relevant information. As you can see, UniFi is quite literal due to the WAN and VOIP options. I’m not using any VoIP solutions from Ubiquiti, but it’s nice to know you can mange them with this interface. I’d like to see mFi and UniFi Video integrated, if they are not already. It would be nice to have a single platform one can use to manage numerous Ubiquiti products. We’ll see if the EdgeRouter Lite appears in WAN once setup.

As you can see, the status of my WLAN is green, and I have 1 AP connected. I’ve only connected the one for the purposes of demonstrating the features of the GUI in this post. Additionally, you can see the number of wireless clients on the WLAN network.

The first time you plug in a UniFi AP, the controller will see it as either factory configured (default) or needing adoption. Either way, you must adopt the access point into the controller in order to manage it. Initial setup of the controller does prompt for this.

On the left, you will see several options, including my personal favorite (but not pictured for privacy reasons) – Map. Using this tool, you can upload floorplans, diagrams, images, or use Google Maps and overlay access points to estimate coverage. This proved quite useful when trying to determine where I will have the access points installed in the coming week.

 

 

unifi_devices

The devices section is fairly self-explanatory, it lists theaccess points, phones, or switches on your network, and allows you to perform administrative functions like reboot and locate. The locate feature is fairly handy, flashing the indicator light on the access points, especially useful in large installations when you aren’t sure which access point is where. Restarting the access points does take a minute or two, but bear in mind the refresh time (top right) when doing this. Manually clicking refresh will give you real time information.

unifi_device_list

 

The UniFi devices list is as the name suggests, a list of devices on your wireless network. From this screen you can see the IP address of the device, to which of your WLANs it is connected, and if you choose, block the device. There is some contention on how effective the block feature is, so be sure to read up on exactly how it works.

unifi_statistics

 

 

The statistics tab is perhaps my favorite. Using this information, you can see if a particular user/device is monopolizing bandwidth, track down rogue applications, or determine if you need to upgrade with better AP distribution and backhaul. I haven’t had a lot of use over this access point quite yet, so there isn’t much information to display.

There is a settings tab in the bottom left, which you’ll need to use when initially configuring the device. Let’s take a look at some of the options within this section:

unifi_settings

Since UniFi supports multiple sites, you can name the site you’re currently managing. Useful if you have a large deployment on one property but with multiple buildings. You can also enable features such as SNMP and automatically upgrade firmware. Personally, I’m ok with allowing the APs to automatically update, but it does restart them and can cause a network interruption. Something to keep in mind if you are in a mission critical environment.

unifi_wireless_network_management

Each access point supports up to 4 WLAN networks per network group, which means you can likely create as many wireless networks as you like. Especially useful for those WiFi SSID battles with your neighbors. Creating a new network, or editing one, is very simple. If you’ve ever configured a basic home router, you can configure this.

unifi_guest

The guest control feature of the UniFi AP controller is one of the most fascinating features, in my opinion. As these devices are designed for a business or enterprise deployment, there are features for ‘captive portals’, wherein a user connects to the WiFi network, and upon attempting to browse the web is redirected to a portal where they are prompted for a code or payment information. This is quite useful for small businesses, hotels, and other public spaces where you need more control over who is using the network. While I have not played with the captive portal option, it’s my understanding you can configure payment processing to accept credit cards, issue vouchers, and limit bandwidth per user, preventing a user from monopolizing your network. Using this feature requires the controller run at all times, unfortunately, so be sure you have a virtual machine or dedicated PC on site to use this. Otherwise, the controller does not need to run – the APs are the Foreman Grill of the networking world – set’em and forget’em.

Going back to the controller home, while managing an access point, there is a sidebar to the right with options for that AP. To the right is a gallery of these options, but essentially, using these menus you can change the channel the AP is using, increase/decrease the transmission power (helpful if you have lots of access points in close proximity, reducing transmission power can prevent conflicts), configure the IP address of the device, and it’s name on your network.

Essentially, the Ubiquiti UniFi product is a godsend to those who have had enough with unreliable and tedious wireless networking hardware and want something better. Although this is geared towards the enterprise/business sector, minimal technical experience is required in configuring these, and they work just as well in a home as they do in a office building.

unifi_sidebar_settings1
« 1 of 4 »

EdgeRouter Lite Setup & Configuration

Admittedly, I haven’t setup a router in this ‘class’ since at least 2007 and was somewhat nervous while configuring the ERL. While it is not as straightforward as I’d like, it wasn’t super complicated. I’d say it took me about an hour to configure. It is worth noting, the EdgeRouter Lite is a fully featured, carrier grade, enterprise class router, and as such, I do not need or use many of it’s features. Because of this, in this post I won’t be covering more advanced features such as:

  • OSPF
  • QoS
  • Traffic Analysis
  • And advanced firewall functions

Let’s take a look at the GUI and examine why it wasn’t so straightforward.

erl_main

The dashboard of EdgeOS is clean and well laid out. As you can see, the graphs from UniFi have carried over in a similar style. Below the distribution graphs are your device interfaces, current connection status, and configuration details. I have used the WAN+2LAN2 wizard (more on that in a bit) to configure the ERL and as such, eth0 has become my WAN (internet port), and eth1 is acting as a switched port for my local LAN. eth2 is disabled. You can bridge the two ports together, eth1 and eth2, but it is a software bridge and your ERL will take a performance hit. I’ve opted not to do this, after all, the connection to my LAN and devices within will only be as fast as the slowest uplink, which is my internet connection. This means linking my ERL to the ToughSwitch via gigabit ethernet, and the ToughSwitch to another switch, also via gigabit ethernet will not cause issues due to the speed of my connection at eth0. In the end, eth2 is effectively disabled and I have little intention of using it at the present time.

On the left you can see a list of system services and the quantity of configurations for each. For example, I have 2 routes configured, 1 active DHCP server, and 4 firewall rules. These were all automatically configured for me when I used the WAN+2LAN2 wizard for initial setup. Speaking of the wizard, let’s take a look at it’s options:

wan2lan2_wizard

Pictured above, the WAN+2LAN2 wizard in EdgeOS 1.70. EdgeOS comes with a few wizards (listed in the left of the image) and for basic SOHO configurations, the WAN+2LAN or WAN+2LAN2 wizards should suffice. Though the two wizards do the same thing, there are a few minor differences:

  • WAN+2LAN configures the router with eth1 as your WAN and eth0 as your LAN. The DHCP configuration defaults to 192.168.1.x/24 and cannot be changed from the wizard. It’s possible to reconfigure later on, it’s not a pleasant experience. (At least, that’s my take from trying.)
  • WAN+2LAN2 configures the router with eth0 as your WAN and eth1 as LAN. The DHCP configuration in this setup defaults to 192.168.1.x but can be changed within the wizard. I prefer 10.0.1.x/24. You can also opt to bridge the eth2 LAN interface with the eth1 as a switch, but as mentioned above, this is done in software and causes a performance hit.
  • In both configurations you can opt to use the eth2 interface on a different subnet, perfect for installations where wired devices are separated from wireless devices, for example.
    My ISP issues me a static IP address as a /24 subnet, and after configuring the ERL using WAN+2LAN2, I was up and running.

It’s important to note, the ERL prefers you enter subnets as a /xx network prefix. While it seems to allow you to enter 255.255.255.0 for example, when I tried doing this, it wouldn’t save, but the /24 network prefix worked fine. If you aren’t sure what that is, here’s a (very) brief overview on subnetting:

  • If you’re a SOHO user, you’re probably accustomed to using 192.168.1.1 or 10.0.1.1 to access your router. You’ve probably seen something called a subnet mask, yours is likely 255.255.255.0. In networking, this is called a Class C range or /24 network prefix. *Most* SOHO installations use this. With a /24 prefix, there are about 255 IP addresses available on the network. If you run out, you’ll have to subnet down to something like a /23 or /22 where you’ll get around 512 and 1024 IP addresses. In these cases, the subnet mask would look like: 255.255.254.0 and 255.255.252.0 (/23 and /22, respectively).
  • Subnetting was my least favorite part of college, so if I’m wrong in my explanation above, please let me know so I can correct it!
    You can find more information about subnetting here, and a subnet reference here.

While it’s pretty easy to configure your internet and LAN setup using one of the wizards, everything else is pretty much on manual. It took me a few minutes to figure out where the option to reserve DHCP via MAC address was, as well as port forwards. For the record, DHCP reservations are in Services > DHCP Server > Action > Configure, and port forwarding is in Firewall/NAT.

One concern I had after using the WAN+2LAN2 wizard was security. As I mentioned at the very top of this post, Ubiquiti has an excellent online support community and after posting with a few questions, I was advised not to use eth0 as my WAN interface. Reason being, if the router is reset (or security is lax) it makes the EdgeOS admin interface available over the internet. My first attempt at configuring the router was using the WAN+2LAN wizard for this reason, since it puts WAN on eth1 and LAN on eth0. Unfortunately, I couldn’t get the DHCP server to change over from 192.168.1.x to 10.0.1.x, so I reset and used the WAN+2LAN2 wizard. Call it n00b error. 😉 After researching the differences between the two wizards, I found using the WAN+2LAN2 wizard secures the EdgeOS admin portal, and blocks it from WAN access. Big relief there! If you are manually configuring your router, keep this in mind. Security holes in one’s network aren’t fun!

Ubiquiti’s user community are quite vocal, and while they’ve taken issue with a number of quirks in EdgeOS, especially with the 1.70 upgrade, many of them don’t really bother me, as they deal with features I won’t be using – such as the lack of Traffic Analysis while using QoS. I see their point, it should work, but, there are limited computing resources on the EdgeMax products; something’s gotta give. That said, let’s review a few of the quirks I’ve found:

erl_settings

Looking at the image above, this is the system settings panel. You can access this in EdgeOS by selecting “System” from the bottom left of the screen. This panel slides up and offers a wide variety of configuration options. Perhaps the most out of place in my opinion are the Name Server and Gateway options. Of course, the name servers are what devices on your network will be using to translate domain names, i.e. google.com into an IP address. I use OpenDNS because I like tracking requests across my network. The gateway address is typically the IP address of your cable/DSL modem, or Fiber ONT. Personally, I think this is a very odd place for these two items. Surely there is a better location to place this information in the mélange of menus and options elsewhere in EdgeOS.

If you were manually configuring things, you wouldn’t think to look here to configure nameserver and gateway settings, after configuring your eth0 and eth1 interfaces, in my opinion.

There are a few options not pictured above, including SNMP, logging, update/backup/system restore options. These are fairly straightforward to use. Once you have your router up and running, be sure to take a backup. Having to redo things just because you goofed certainly isn’t fun, and I had to do that once or twice before realizing I can backup > restore within a few minutes.

Be sure to download the manual for the EdgeRouter Lite from the Ubiquiti site and have it on hand during configuration. If you’re like me, you’ll need it.

There are a few features I’d like to see, Ubiquity.. if you’re listening/reading…

  • QoS by device/MAC address. I have a few devices on my network that benefit from having higher priority for bandwidth, VoIP devices mostly. Either I’m blind and don’t see the option to configure this, or it’s just not there.
  • More clarification or easier management of firewall rules. Right now it’s a very spartan process and may make some newer users nervous. Perhaps a wizard or FAQ on the Ubiquity Knowledge Base would help set customer’s minds at ease. After all, not all of us are network engineers.
  • In a future hardware version, I’d love to see the ability to use eth2 (or the 2nd LAN port, depending on your configuration) as a switched port so I can connect another switch to the ERL for better bandwidth distribution. (Yes, you can do this by bridging, but that software performance hit isn’t fun)
  • A merger of UniFi and EdgeOS. Seems like an odd request, but unification is implied in the name. It would be nice to manage the EdgeRouter Lite, my ToughSwitch, and the UniFi Wireless Access Points from one interface, as well as mFi and UniFi VoIP and Video in the future. The platform is powerful and certainly disruptive.

Final Product

I wanted to mount the equipment on the wall above the WAN port, although doing this presented some challenges. First, what type of material would I use as a “mounting board”. Perusing the aisles at Lowes and Home Depot had me leaning towards pegboard. While I’m unsure if that’s the official name, it’s what we’ll roll with. Pegboard would allow me to run zip ties from behind, securing equipment and cables and also have the holes necessary to mount on the wall.

Below, the (mostly) finished project:

  • EdgeRouter Lite in top left
  • ToughSwitch in top right
  • Middle right is a gigabit switch
  • Below that is a 10/100 switch (for the 10/100 devices I have)
  • Below that is an Apple Airport Express – we use this for it’s easy print server setup.
  • To the left of the Apple Airport, the larger black object, our Ooma base station. Seriously good phone service for pennies a month.
  • I left space for another switch, should I need to expand.
  • Not pictured are the 3 ethernet cables for the UniFi access points.
  • On the shelf to the right is our laser printer and beneath that, yes, I have a fax machine.
  • Also not pictured is the APC UPS to keep this gear on if the lights go out.

Summary

I’ve been using one of the UniFi Access Points for almost 2 days now and have to say, it’s provided more stable throughput than any wireless “router” I’ve used in the past. Moving files, streaming tv, even gaming have been quite pleasant with minimal lag or drops in speed. Unfortunately, just the one access point comes no where close to covering my entire home, but come Tuesday, this one and it’s two brothers will be installed in our ceiling, blanketing our home in sweet, sweet, WiFi for the first time since we’ve moved in nearly a decade ago. While I will miss the speeds offered by 802.11ac, I will not miss it’s instability and often slow speeds.

While I can’t yet speak for the reliability of the EdgeRouter Lite, I expect to have it in use for quite some time, and if it proves itself, it’ll take a major hardware change from Ubiquiti to compel me to upgrade. I am pleased with the relative ease with which I was able to configure the router, despite it’s odd options placement. Adapting to the layout of EdgeOS is like me having to learn Android – it isn’t going to happen overnight. Fortunately, the Ubiquiti community is very helpful, especially to n00bies like myself.

As we adjust to the new gear in the coming weeks, I’ll be sure to keep this post updated with my thoughts.

As always, questions, comments, technical corrections, contact me.

Update August 10, 2015: I wanted to write a note regarding the cables. I am aware they are bundled together very tightly and this is not good in the long term for the twisted copper inside the cable’s exterior. I have already ordered 6 inch and 1 foot cables for the interconnects and plan to replace them in the next few days. The way it looks now will obviously change, and of course, I will update the image. Thanks for the messages regarding that. Hysteresis isn’t fun, and is very difficult to troubleshoot!

Update December 20, 2015: We are no longer using the EdgeRouter Lite due to incompatibility with our TiVos. Somewhere along the lines, even with a basic configuration, the TiVos communication out of my network is being blocked. Despite weeks of troubleshooting, I threw in the towel and replaced the router with a Netgear N900 which we only use for the routing function. Since switching, issues with the TiVos have stopped.