New Residential Ubiquity Setup - Guidance Needed

[zero-degrees]

Hey Everyone, Wanted to solicit some feedback from anyone with direct first hand experience with Ubiquity Unifi hardware.

All my past experience has been with server/software platforms and I am looking to move away from that.

I am building another home and it will be networked to the max. Camera setup is already designed and planned and will be independent of this setup so that isn't what I need anything help with.

Here is what I want to accomplish.
1. Quality Hardware/Security firewall.
2. Managed Network - Want detailed traffic analytics
3. Blanket/seamless WiFi coverage across 5k sq ft.
4. Quality Hardware that won't EOL or crap out in 24 months or less.

(Everything will be rack mounted with patch panel config in basement - main comments needed are of config shown in pic)

Here is my proposed setup that I am seeking feedback on (picture attached)

 

[biggen]

I’m running just about the same thing you are proposing except I use a Raspberry Pi for the controller and a USG for the router. You really don’t need that rack mounted controller for your house. That much horsepower was designed for public WiFi access (e.g. hotel, restaurant, etc...)

But your plan is solid. I run two AP-lites and I get 100% coverage in my entire home.

 

[zero-degrees]

I’m running just about the same thing you are proposing except I use a Raspberry Pi for the controller and a USG for the router. You really don’t need that rack mounted controller for your house. That much horsepower was designed for public WiFi access (e.g. hotel, restaurant, etc...)

But your plan is solid. I run two AP-lites and I get 100% coverage in my entire home.

Do you do much with the traffic analysis? If so do you find it detailed and are you happy with it? Also do you by chance use it for VPN at all - if so, ease of use and happy?

I've seen people talk about using a pi for the controller vs the POE plug in key, I honestly just figured since I was building from scratch I'd get the controller and mount it in the rack to make things cleaner.

 

[dvand]

If you want to vpn with the unifi gateway make sure you check the thru put.

Not sure of that model but some max out at some low speeds.

I ended up using a pi for vpn vs a ubiquiti product.

Sent from my Pixel 3 using Tapatalk

 

[biggen]

Do you do much with the traffic analysis? If so do you find it detailed and are you happy with it? Also do you by chance use it for VPN at all - if so, ease of use and happy?

I've seen people talk about using a pi for the controller vs the POE plug in key, I honestly just figured since I was building from scratch I'd get the controller and mount it in the rack to make things cleaner.

I don’t do any traffic analysis but it’s there in the controller. It’s easy to use if you want it. It’s pretty detailed.

I used to have the PoE key. I sold it on eBay. Ran hot and it took up a PoE port on my switch. Running the controller on the Pi is fine. I wouldn’t use it for a public hotspot but for a home it’s fine. The Pi doubles as my DNS server (running Unbound) and also blocks ads network wide for my home.

I’ve not used the VPN but have read about plenty of people using it with no problems. I just port forward for the cams.

 

[keneil01]

I run Ubiquiti also. I am so glad that I moved away from a standard home router. Great Wi-Fi coverage and rock solid. I have the gen 1 cloud key (later version that does not run hot). The gen 2 has a built in battery, so the old problem with corrupt db seems to be solved.

The learning curve was steep in the beginning, but when you get familiar with the layout, it is easy to configure. I have dpi and IPS turned on, and don’t have any problems viewing my cam stream trough VPN (throughput). My internet line is fiber 500/500.

Lots of step by step tutorials on YouTube. Eg Willie Howe.

I’m sure you will be happy with your new setup!!

 

[ijdod]

I use unifi at home (but not the USG), and enterprise gear at work (50k nodes worth). It's a nice alround package, but don't expect actual enterprise grade. Featurewise it sits above the usual SOHO boxes, and no other vendor I'm aware of has an integrated solution like it, at this pricepoint.

I like unifi in general. The controller looks nice, and gives some insights in traffic (especially when combined with a USG), but it will depend on what you consider 'detailed traffic analysis'. USG Pro 4 throughput should be enough, although be aware it attains this speed through hardware accelleration. If you enable features which drop your traffic outside of hardware accelleration, throughput will drop significantly. The interface may or may not warn you about this. The hardware hasn't failed on me so far, but I only have a small sample in use.

Wireless cover is mainly determined by a proper RF design, and client tuning. Unifi in and of itself doesn't bring anything specific to the table here. Roaming is 100% client side, best an AP can do is gently (or ungently) nudge a client to move to a different AP, but it the end it's still the client's call. Unifi is not a controller-based wifi solution like the higher-end Cisco or Aruba solutions. This is usually fine for most SOHO implementations. (Unifi used to support a feature called 'zero-handoff', which is a single-channel solution with all APs on the same channel. Very specific solution for a very specific problem, with very specific issues as a trade-off. Avoid.)

You design seems fine. A few things to consider:
- The controller isn't required to be a dedicated Ubiquity device. It can run on other platforms as well. I run it as a docker container, but PC's or raspberri Pi work great too.
- Depending on the RF requirements, more smaller APs (such as UAP-AC-Lite) are usually preferable. The LR does have good range, but devices need to talk back as well. This may or may not work work as well at the higher range.

 

[biggen]

@ijdod Has the gist of it. I like my AC-Lites. I have two and they give me 100% coverage over my 2000sqft home.

If you are using multiple APs, then make sure you don’t have overlapping channel coverage. That usually means turning down their RF power and spacing them with appropriate channel assignments. This will also help your clients roam better since they can’t hang on to a farther AP than a closer one.

 

[ThomasPI]

Great post, we are about to break ground and going the same route with same coverage needs with 5 or 6 AP units and a 16 camera system. Bid just came in today to prewire a hell of a lots of Cat 6 drops maybe 30 plus and cameras. 2 Cat 6 cables to every drop. Bid was $1400 which is less than I’d thought and includes mounting camera junction boxes etc.

 

[aristobrat]

I’m not happy with either of my Unifi PoE switches. Both (8-port and 16-port) will drop power to the PoE ports if they have any of my cameras plugged into them and there is lightning nearby.

I’m not ruling out something weird with some of my camera runs, but I have used two other brands of PoE switches with the same cameras and they had no problems.

Unifi switch firmware upgrades have affected the sensitivity... they’ve gone from being affected by lightning strikes that WeatherBug said were 4-5 miles away to now only having problems if the strike is closer than a mile, but still...

There are some fairly big threads about the 16-port PoE switch dropping power to the ports on the Unifi community site.

Glad to see you’re going for the 24-port. That seems to be way folks with problematic 16-ports are switching to.

 

[mikeynags]

The 16 port switches do have issues with passive POE. Plenty of threads out there about it. The 24 port POE is a better option.