Other

UniFi’s home Mesh network deployment

Please follow and like us:
Before choosing a product, you should first recognize your needs and then list them yourself.

1. The first is coverage. At present, my house has two floors, with an indoor area of 300+square meters and an outdoor area of 760 square meters. It needs wireless coverage of the whole ground. Of course, there is no requirement that all places are full of signals.
2. It must be an AC route. The larger the bandwidth of 5G, the better. MU‑MIMO must be supported.
3.Wan port and Lan port must be gigabit. Ten thousand trillion is too expensive to consider at present.
4.Lan ports must support port convergence because NAS and other equipment need to be connected.
5. Whether wired or wireless, the stability must be better. As an IT migrant worker, his family has his own Lab for testing and then adds his own other equipment, which is basically 20-40 devices online all day.
6. Port forwarding, * *, DDNS all must have these, because I am used to using VDI connected to home by citrix in the company to surf the Internet. . . I can’t ask the company to monitor what’s going on online. .

I used ASUS AC88u before. It can be said that the 88u perfectly met my needs. It’s just that the stability of the previous versions makes people complain (The latest version has solved the stability problem, but remember to do double cleaning after upgrading.! )

Since I decided to try out UniFi, I went to the website to study it. . . And then found out. . UniFi has a lot of tmd products. . . There are too many tmd models. . .
Put the link first. .
https://www.ubnt.com/products/#default

The first time I saw this page, my children’s shoes must be as big as mine. I don’t know how to do it. . .
Anyway, there is a lot of time. After carefully reading other people’s introduction, I found that the original UniFi is a positioning enterprise-class wireless, so unlike civil-class wireless products, it does not integrate functions such as routing and wireless, and unfi is a pure AP mode. .

And then from top to bottom to choose. .

Then choose AP first, this is simple, choose the fastest. . AP HD and AP SHD. . Then SHD. There is a comparison chart on the official website. Then it seems that the difference between SHD and HD is WIPS. I checked that WIPS is a wireless intrusion detection system, that is, a wireless intrusion detection system. Think about the household should not use this thing, look at the price difference, then HD is good. . .

Because the purpose of UniFi is to make mesh wifi play, so choose another mesh wifi device. Since an electrician is still needed to replace the socket in Tuo ‘ao, it seems that the panel cannot be used for sure. There is only one option, namely UniFi mesh. (Some people ask why this is, in short, you just think of it as a low-profile AP. . . I chose this one mainly because I think it will be small. . . In fact, I only found out when I got it. It is better to choose another HD. . )

Then choose the cable equipment

First is the UniFi Cloud Key. It seems that UniFi needs to install management software to manage all devices, similar to Cisco’s ACS, and cloudkey is an embedded small device. Come on!

Further down is the UniFi Security Gateway, which is the router used to dial. . Because I don’t need a broadband router, I must choose one. . . It’s the cheapest. .

Then there is the switch. I think ac88u is 8, so it is enough to choose 8. There are 3 models here, US-8, US-8-60W, US-8-150W. The difference is the number of POE ports. Let’s calculate the devices that need POE, AP, Cloudkey, and then make mesh wifi. there must be an extra one, that is, three ports. So choose US-8-60. But friends said that you had better choose US-8-150W, lest you have to change it when you use it in the future. Just think about it, US-8-150W. Later, it was discovered that there was a big pit in UniFi. . Should buy 16 word of mouth. . . I will talk about the following

Then basically the equipment is determined. .

UniFi Cloudkey
UniFi AP-HD
UniFi Mesh
UniFi Security  Gateway
UniFi Switch 8-150W

Think about replacing my former ASUS AC88u with five UniFi devices …. I feel a bit exaggerated myself. . . But now that we have decided to do something about it, let’s do it. .

Then there is waiting for the arrival of the goods. .

A large box was sent. . . Of course the photo was lost! Here are a few separate unpacking. .

However, first of all, they are all UniFi products. The packaging style is actually different. Some are open up and down, some are like drawers open left and right, some need to be pulled out when sealing on one side, and some need to be pulled out before being opened. .

The first is the UniFi Cloudkey, hereinafter referred to as UCK.

The front side is compared with the iPhone 7 Plus. In plain English, this thing is the control end of UniFi. You don’t need to find your own computer to install it. You can directly integrate it and power it on.
Complementary map. .

On the back, there is even anti-counterfeiting. . Is this thing still fake? .

Unpacking, in fact, is a very simple thing.

Everything in a glance, CloudKey+network cable+instructions+SD card
The SD card is 8G from kingston and can be used for automatic backup when plugged in.

Compared with iphone 7 alone, everyone should have a concept of size. It is basically the same size as the popular tv stick in previous years.

Network port, POE power supply depends on here

Top, usb port and sd card slot. Usb port is used for power supply, which is convenient to use in the environment that does not support POE. However, I suggest POE directly

Then there is the fake unpacking of UniFi Security Gateway, or USG for short
USG is indispensable to realize the full functions of UniFi. Dialing, firewall, routing, traffic detection and other functions are basically all realized through USG

Positive

Back

There is still an anti-counterfeiting mark at the bottom. . .

Take it out and compare it with iphone. The square area in the middle here will be bright. .

On the back, because I hung the wall. . So it’s a little dirty

For the power supply interface, the USG side is basically full of heat dissipation holes, and the heat generated during use is actually quite large.

The net port part provides 4 ports
The console port is currently not open
WAN1 inbound interface
LAN1 is connected to the switch at the back.
WAN2 is used to connect IPTV or dual dial

UniFi Switch 8-150W

First look at a picture of the official website.

This thing is very beautiful, but it doesn’t feel very good. Looking at the picture, I think this thing is about the same size as the 8-port switch I have on hand. . .

And then actually get it. . . Does it look okay

Put on your cell phone and compare

This thing can be as big as my 8-port switch with 8 net pieces! ! !
This thing can be as big as my 8-port switch with 8 net pieces! ! !
This thing can be as big as my 8-port switch with 8 net pieces! ! !
This thing can be as big as my 8-port switch with 8 net pieces! ! !
This thing can be as big as my 8-port switch with 8 net pieces! ! !

Simple upper package diagram

Because I hung the wall, the physical picture was not sent. After waiting for the following picture to be posted on the wall
Again, the size of this thing is 235 x 43 x 204 mm! Don’t be fooled by the beautiful pictures on the website.

The following is UniFi AP-HD
UniFi’s Wireless Solution’s Core AP

Positive

Compared with iphone 7 plus

Back

Because it’s already nailed to the wall. . So I didn’t bother to tear it down. I found some on the internet and everyone looked after them. . .

Unpacking family photos, AP body, ceiling accessories, and a POE converter

Body, appearance is very durable

Power on status. . To be honest, this circle is very bright. . . I turned off the light directly.

Back, 2 mesh openings

Finally, UniFi Mesh

Positive

Back

Take it all out
The complete set includes UniFi Mesh, POE power supply, 2 antennas, and 2 fixed brackets & bases

The lower part can be opened, there is a network port, and POE is still used for power supply.

The size when not installed is the same as that of the Iphone 7p, and I feel it is still relatively large.

Plus the size of the antenna


This is all the fake unpacking. . . To be honest, the appearance of UniFi equipment is really good.

Then there is the specific configuration process

My personal suggestion is to configure Cloudkey first, because the discovery and configuration of all devices in UniFi must be done through the controller.

Since AC88u does not support POE power supply, I am using charging treasure to supply power to UCK at this time.

UCK starts for the first time by default DHCP obtains the IP address, so it is better to go to the router to see what address is obtained.

Some children’s shoes may directly start the power supply of the whole equipment. At that time, USG will act as DHCP server. At this time, UniFi’s official discovery tool will be needed to find the equipment address.
There are two official discovery tools, one is the installation package and the download address is

https://www.ubnt.com/download/ut … -java-all-platforms

The other is chrome’s plug-in, which the chrome store can install.

https://chrome.google.com/websto … fphgkemopofig? hl=en

The specific use of these two tools is very simple, so here is not much introduction.

In addition, using the UniFi software on the mobile phone can also ” discover devices”, provided that the WIFI and UniFi devices on the mobile phone are on the same network segment.

I went directly to the route and UCK got the address 192.168.1.175

Direct browser openshttp://192.168.1.175, the above is the configuration of UniFi Controller, the following is UCK settings

First, set up the UniFi Controller. Click and you will jump to https page, port 8443. This port is best remembered and will be used in the future.
Of course, the certificate is not trusted, you can manually add browser trust.

On the first boot, firmware updates are checked over the network. The screenshot was taken several months ago, and now the latest version has been updated to 0.10.1

Click Update to start downloading and then update automatically


It will restart automatically after the update is completed.

Start again and you will see the setup interface. First, the area and time zone. Automatic backup will of course be turned on. Here also can choose the previous backup direct recovery. After my tests here, I found that the version number of the backup cannot be higher than the current firmware version.

If all the UniFi networks have been connected by this time, this will appear in the list, because I am only connected to UCK, so I do not have any equipment.

Set up wireless, I chose to skip here


Set login information about the Controller.
The above is the login name, email address and password of the UniFi controller. If the alarm is set, the email will be sent to the email address filled in here.
The following username and password are used for SSH login of the device.

Setup complete

Click Finish and a new window will pop up asking to create UBNT.com’s account.
The purpose of this account is to access the UniFi controller via the Internet and to post replies in official forums. According to personal needs. Personally, I suggest to open it. After all, you can come and have a look outside.

UBNT’s account requires two authentications to be opened by default to improve security.

UBNT recommends using slag like google authenticator. . Personally, I recommend using Authy from Cloudflare, because Authy synchronizes multiple devices directly, and the previous verification code settings can be retrieved after the mobile phone is reset, which does not need to be regenerated or bound. Personally, I also suggest replacing Microsoft’s verifier and all other verifiers with Authy.

Authy’s download address: (produced by the largest and largest CDN operator in the world, so don’t worry about safety)

https://authy.com/

After all the settings have been set up, log in to the UniFi Controller interface. At present, there is no equipment, so it is basically blank. At the same time, it is obvious that USG is required.

At this time, if you look at the specific settings of UniFi, you will also find that USG is required.

At this time, return to UCK’s setting interface, which is the position shown in the figure below.
Then select UCK settings below

The main interface is the current firmware version and space usage.

It can be said that there is more than enough space. I have used it for nearly 5 months and the basic remaining space has not changed much. .

The following are the specific settings, setting UCK IP, etc. Here I set it to 192.168.1.2

UCK will restart after setting up. Log back into this page to the maintenance section to shut down UCK.

Then you can shut down AC88u and connect the entire Uniif equipment.

After all of them are started, log in to the UniFi Controller management page again. In the equipment part, as shown in the red circle on the left of the figure below, USG will be found. Click adopt, and the equipment will be initialized, thus allowing USW to accept UCK management.
Note that once all the devices of UniFi are managed by the UniFi controller, they will not appear on the discovery page again.

After initialization is completed, it will become connected, and errors as shown in the figure will sometimes appear on the right. According to my experience, it seems to appear frequently when adding equipment, which should be the reason why the startup is not yet completed.

Immediately after connecting, you will be prompted for new firmware. Do you want to upgrade it? Yes, of course

The upgrade is still to download firmware automatically through the Internet, of course, you can also manually download it yourself. Details will be described later.

After the upgrade is completed, it will restart automatically and then appear on the device page again. Click on the device and a sidebar will appear on the right. Select Settings and set IP manually.

USW’s IP is set to 192.168.1.3. Please note that I wrote it wrong. .

Then connect all devices at once and set IP manually.
Note that UCK does not appear in the device list

The IP of all devices is as follows

USG 192.168.1.1
UCK 192.168.1.2
USW 192.168.1.3
AP-HD 192.168.1.4
AP- Mesh 192.168.1.5

Then there are various configurations. To be honest, UniFi’s management interface and mobile phone APP are the reasons why I decided to switch from ASUS to UniFi. The interface is much more comfortable to use, although it lacks some functions.

During the use of UniFi in the past few months, there have indeed been quite a few pits. Let’s briefly talk about them here so as not to make friends take the same detour as I did in the future.
1. The allocation of fixed IP.
2. DLNA broadcast problem.
3. Problems with 3.DDNS Setup

Then there is the specific setting. Here I simply went through them one by one for those who have not seen the UniFi interface. Of course, this part can also be skipped directly.

The following descriptions are all based on the latest stable version of UniFi controller, version 5.7.30

Log in to UniFi controller, and then at the bottom of the left sidebar, the gear icon is the setting interface.

First set up the site.
There’s nothing to say here, it’s all the basic settings.

Enable LED indicator light-this will be applied to all UniFi devices. My personal suggestion is that the site should choose to turn on and then turn off the devices that need to be turned off. After all, we can judge the status of the current equipment by the status of the indicator light, which is still very useful.

Port Slave Mapping-Need to Set Enable for WAN2

SSH Key-This is a new function added in 5.7. You can log in to the UniFi device through the key. But through my tests, it seems that Mao is useless at present. . . Each device still needs to log in with a password.

Network settings, I skipped wireless settings here. Because many parameters in wireless settings need support from network settings. So you should set up the network before setting up wireless

Here I set up 4 networks for different purposes

Guest guest network, segment 10.0.0.1, isolated from other segments, VLAN 30
LAN Home Network, Network Segment 192.168.1.1,
Netflix, network segment 192.168.3.1 This is to watch Netflix of US. This network segment uses smartdns of dns4me. Devices connected to this network segment will access Netflix of US.
* *, network segment 192.168.2.1 * * Private network segment, VLAN cannot be set by default

Specific network settings

There is basically nothing to pay attention to, just set it according to your own needs.

And then return to that wireless part arranged above,

As shown in the figure, I turned on 4 wireless SSID.
Flex is a special wireless for watching US Netflix.
Hydra is 5G band.
NoInternet is guest wireless.
S.H.I.E.L.D is the 2.4G band.

Specific settings

The biggest difference between this and home routing is that it cannot be enabled specifically for 2.4G and 5G. At the same time, a few options have been added.
Multicast and Broadcast Filtering-When turned on, multicast and broadcast packets on the wired network cannot be sent to wireless devices.It will lead to the failure of DHCP and DNLA etc. If you turn this on, be sure to whitelist the USG IP address.. This option is set in ASUS-routed Wireless Advanced and is turned off by default.
Enable multicast enhancement-that is, turn on IGMP V3. it is recommended to turn on

The settings for the guest network are as follows

Select Deploy Guest Policy, turn on multicast filtering, and add VLAN ID at the same time.

Router and Firewall Options

This is where static routes need to be added.

Port forwarding, I turned on Citrix related settings. Because I don’t want the company to monitor what network m in the company, I basically use Citrix to access VDI at home. .

Firewall rules
Here, firewall rules will be automatically created according to the port forwarding rules you added.

Advanced settings for firewalls

IPS, intrusion detection

The new functions introduced after 5.7 are used to improve enterprise network security. However, the efficiency of USG will be seriously reduced when it is turned on.
For USG-2P (that is, the USG I am using now), the bandwidth of WAN port will be reduced from 1G to 85M after opening! Personally, I suggest not to open it at home.

DPI, this does not mean resolution. But deep packet inspection, similar to level 7 package inspection on tomato.
USG is required to turn on this function. After turning on, you can see the traffic of various data packets. Suggested opening

Guest Settings, a part of network settings specifically for visitors

Enable the guest portal page-after this is opened, the user connection will pop up a web page, which requires my consent to access. You can open the key on the page, etc.
The bottom access control is the key point, because the guest network is a separate VLAN, I have already thrown the UniFi controller onto the cloud when I was solving the diagram, so I have to add the IP and domain name of the machine on the cloud here, otherwise I cannot verify it.

configuration management

Basically, it is the setting of Radius, which can be turned on and used for user authentication of *. There is not much to introduce.


Service settings, where there are many items, are set according to requirements.

The first is the configuration of Radius, Radius key in this place

Only screenshots are shown here. There is nothing to introduce. After all, it is relatively simple.

For dynamic DNS settings, there are relatively few types of DDNS supported here, but dyndns protocol is supported, i.e. servers that use dyndns protocol, such as google dns, can be used.

I used duckdns here. However, it should be noted that UniFi can only set one for each type of ddns. For example, both googel dns and duckdns use dyndns protocol. only cars can be set up here.

UPNP and NTP settings need not be introduced

Administrator, only supports simple 2 categories, administrator and read-only

User group rent, I simply divided two. Homeuser is a home user without any restrictions. Guests made the speed limit.

In the place where the wireless visitor network is set up, you need to select the Guest group and don’t forget

The controller is the UniFi Controller setting.

The screenshot shows the controller that I migrated to Azure, which opened Layer 2 network discovery. The mail server is configured to use Gmail.

Event management is basically the case of sending short messages and e-mail notifications. . . But there is no Wan monitoring here. In other words, if there is no prompt for disconnection. .

Cloud access, that is, accessing the controller through ubnt.com. Support intranet penetration, that is to say, after opening, even if you can only get intranet IP, it can be managed as well.

Maintenance section. It is enough to look at the picture.

Automatic backup, backup every day about 2M .. . In other words, UCK’s space can support many, many days of backup.

After all the parts have been configured, we will return to the main interface of UniFi again and look at the interface of the famous UniFi Controller in the industry.

The front page is the equipment status, various statistical reports, and the interface looks very comfortable. The delay inside is displayed by USG according to the return value by constantly ping ubnt.com. The specific ping address can be customized. I usually use DNS address 1.1.1.1

Click on the speed test to run a simple test.

The second icon in the left sidebar is statistical data, with the following options

First of all, overview, basically is the equipment usage

Traffic statistics: if the DPI function of USG is turned on, unpacking detection will be carried out, and then statistics will be carried out. this page can customize the display content

Statistics can also be made according to applications and equipment flows.

However, it seems that the statistics by device are not accurate, and obviously NAS traffic statistics are not correct.

Equipment performance statistics

Switch statistics, basically is the USG 8 port traffic information statistics

The third one in the sidebar is the map option, which is quite interesting.
Users can directly upload the household map or directly use google map to upload the appearance of their home and then analyze the signal strength.

Because my present house has a three-story structure, I have created 3 maps. . . I don’t find a way to put the three-storey apartments together here. .

The first is the ground floor and the first floor. First upload the account map.

Then set the map scale according to the button on the left

Then add the device, the existing device can only be added once, because I am a three-tier layer, so I need to add a virtual device

After completion, the currently placed signal intensity map can be obtained

2.4G Full Coverage

5G coverage strength

In fact, the coverage area in the graph is much smaller than the actual one. I feel that when UniFi generates the intensity graph, it is generated according to the lowest power.

Then 2.4G and 5G on the second floor

The coverage of the whole house, the result should be said only for reference. The specific signal strength should be tested separately, which will be mentioned later.

The fourth button in the left sidebar shows all UniFi devices under the current site.

The default display device IP, model, firmware version, online duration. If the firmware is updated, there will also be a prompt here.

On the right side of the pointing device, information related to the device will be displayed and the device can be configured.

The WAN IP of the entire network needs to be viewed here, there is no other simpler place.


The network part shows the current USG is divided into several networks, as well as traffic and number of users.

The configuration section will vary from device to device. This is also where I find UniFi inconvenient. Each device needs to be set up here separately without a more centralized management port.

Turn off the LED, USG I chose to set according to the site, that is, the default is on.

WAN port settings, namely DHCP or PPPOE, and DNS settings. Note that this DNS setting is only used for USG, and DNS setting for devices on the network should be done in the network setting section of UniFi.

Advanced settings, USG supports hardware acceleration, which is turned on by default. The following response server is the server used to delay the display of the home page

Equipment management, this all equipment has

UniFi officials will frequently introduce firmware upgrades to devices. However, the upgrade frequency of UniFi Controller is far lower than that of equipment firmware.
The current firmware version of the device is related to the current UniFi Controller, that is, the latest version of the device considered by the UniFi Controller is unchanged.
If you do not upgrade the UniFi Controller, the background detection update cannot find the new firmware.
Therefore, a custom upgrade is provided here. After the new firmware is published on UniFi’s official website blog, just paste the address here and upgrade it.

Synchronization forces settings to be rewritten to the device. Generally speaking, if you change any settings, the UniFi Controller will synchronize them once. This button is rarely used

Remove. If you want to delete the device, click this button. If you want to reset the device, you can do so by clicking this button or by resetting the device. Once the device is removed, it can be discovered by other UniFi Controller.

Some settings for USW
The port status is shown above, and different icons indicate the current port status, which is relatively simple and clear.

Can show the current power, can see now is only 10.86W, far lower than the official said the highest 140W .. .
To be honest, I feel it is an estimate, because there is no change in the UCK power when I plug it in or unplug it. . .

Uplink and downlink information


The port section can see the specific status of each port and manage the ports in various ways.
Off means POE is turned off, black means the device is not turned on. The device with POE turned on will display power nearby.

For specific management options, I personally am used to turning POE on only on devices that need POE power supply.

USG supports port mirroring and link aggregation and is also simple to set up.
The following figure shows that I have opened the link aggregation of ports 5 and 6 for NAS.

At the same time, you can set the network (vlan) on which a port is located. I set up a special port as Netflix so that my desktop can access Netflix information in the United States only by plugging the network cable into this port. DNS need not be set up on the computer. . . Is a lazy way

For AP, the same settings apply.

At the top is the current usage of 2.4G and 5G
The overview section includes firmware version, user information connected to this AP, etc

Uplink. I am currently connected to USW by network cable. I can see that the uplink rate is 1000M m.
After the first setup is completed, the wireless link can be used, but the bandwidth will become the wireless link speed. This will be mentioned in detail later.

Radio frequency information, the current transmission power is 28dBm.

Wireless network information, note that Flex appears twice, one is 2.4G and the other is 5G. The SSID created by UniFi by default is under 2.4G and 5G at the same time

Clients list showing currently connected wireless clients

Specific configuration page. I turned off the LED because it was too bright at night! !

Frequency dependent settings

Channel width, this is not easy to explain. Basic settings to the maximum.
But oddly enough, when I first got the device, UniFi had VHT160 option under 5G. VHT160 and VHT80 (80mhz and 160mhz on ASUS router). In the 5.6.30 update, VHT160 was removed. I contacted the authorities, who said VHT160 had not been approved by the FCC and was therefore banned. . I don’t know when it will be available at present. .

Among them, there are 4 options for transmission power, low, medium and high, and custom. The maximum value is 25dBm. However, it can be set to a value greater than 25 through the mobile phone APP, for example, I set 40dBM. But in fact, the real value fluctuates between 25dBm and 28dBM, which should be the maximum power of UniFi AP-HD.

According to online information, automatic = high = 20dBM
Medium = 12-20dBM
Low = 5-12dbm

Here I have to mention the common sense of many people’s mistakes. Many people think that the higher the power of wireless routing, the better, and that the higher the power, the stronger the signal. In fact, this statement is incorrect.

Communication of wireless devices is a process of receiving and sending. When you increase the power of the wireless router, wireless devices can receive signals from the wireless router far away. However, after receiving the signal, the terminal equipment also needs to send its own data to the wireless router. However, the power of the terminal equipment is usually very small. When the distance is too long, the data of the terminal equipment cannot be sent back to the router. This is the situation that will appear, it looks like the signal is very strong, but the Internet cannot be accessed.

Therefore, blind pursuit of signal strength is meaningless. UniFi is a positioning commercial device, which is generally aimed at high-density scenes. The official suggestion is to reduce the power and signal strength of the equipment as much as possible and increase the number of equipment to achieve a larger coverage area and more stable coverage. However, for household use, from an economic point of view, the smaller the terminal equipment, the better. Therefore, a balance needs to be struck between the signal strength and the number of equipment.

Continue. . .

WLAN settings

As shown in the figure above, the default UniFi enables 2.4G and 5G for each SSID. If you want SSID to work only at 2.4G or 5G, you need to disable that band separately in AP settings, as shown in the following figure.
It should be noted here that if there are multiple APs, operations need to be performed on all APs. . More troublesome

Network configuration, AP-HD has 2 network ports and supports port convergence. Personally, I don’t think it makes much sense for wireless AP to enable port aggregation.

Some relatively advanced settings can be set according to individual needs.


The last TAB is a tool, which is actually wireless band scanning.

After clicking scan, the wireless frequency band of the current AP environment will be scanned to find the frequency band that is least used.
Because the residential density is too high in China, this function is still very useful. I basically have no wireless around abroad. . So the result after scanning is the same in any frequency band.


The fifth icon in the left sidebar is client-related information, which can list information of current devices and historical devices.

Similarly, a pointing device can display device-related information.


Naming devices and setting fixed IP all need to be set here.

Note that setting fixed IP here does not detect IP uniqueness. In other words, you can assign the same IP to multiple different devices.. After allocation, the device will use the same IP when connecting to the network!
This point isGiant pit. After switching from ASUS to UniFi, I found my wife’s iPhoneX was cut off. The first few minutes of wireless connection are good, but the network is slow after a few minutes. I suspect it is iPhoneX’s system problem, so let’s restore all kinds of talents. . Later, he suspected that it was a conflict with UniFi’s AP and went to seek official support. . . Then I happened to find out one day that I assigned the same IP to iPhoneX and my father’s iphone …. change the IP and solve it. . .

The bottom icon in the left sidebar is a variety of statistics

It is more useful to have all the configured device options
I am used to assigning fixed IP to all devices in my home, so I can check if there is any duplicate IP assignment here.

Then another useful report is the status of DDNS

There is also a report listing the surrounding AP. It seems that someone parked next to my house and the WIFI of the tachograph will be listed. . .

There is another place to say. UniFi does not provide the function of deleting historical records. . . . In other words, all connected devices, all AP information that appears next to your home, will be permanently retained. . .
Personally, I feel uncomfortable. .

This is basically the introduction of the UniFi Controller. Some children’s shoes will ask, what if such a complicated page is on the internet?

As I mentioned above, UniFi supports external network access and provides internal network penetration.
You only need to set up the Ubnt account in the settings to pass through the external network.https://UniFi.ubnt.comTo access the UniFi environment you have set up.

As shown in the figure below, all configured sites will be listed after login.

Click launch to access the same management interface as the local one, which can be said to be quite comfortable.

The above introduces some specific contents of the UniFi Controller web page, which I think are smelly and long. . .
But this thing is also what UniFi attracts me. . . I like to brush and look at the report when I am fine.

Look carefully children’s shoes may have found the problem, UniFi management interface seems to lack some basic functions of home routing:

1. Viewing real-time traffic of equipment is not supported. Only the so-called ” active state” is shown in the following figure.

Which device would you like to see occupying bandwidth? Sorry. . . Take your time. . .

2. Lack of easy-to-use QOS settings.

The QOS of UniFi can be explained by setting up abnormal trouble. UniFi has plenty of technologies known as Smart Queue.
It is also simple to set up. Find the WAN port setting of USG, set the uplink bandwidth and downlink bandwidth, and suggest setting it to 80% of the bandwidth (or you can directly click on pre-fill). Ok, that’s all.

The official claim is that packet priority can be automatically adjusted according to bandwidth usage. What, do you want to play first? I can’t hear that. . .
However,When Smart Queue is enabled, DPI will be automatically turned off, that is, deep packet content detection will fail. . . At the same time, when turned on, the hardware of USG will be shut down and the network performance will decrease. . .

3. Various pages of UNIFI use https links. However, a self-issued certificate is used. Asus and others have already supported the use of Lets Encrypt certificates.
Of course, this is not a big problem.

4. DHCP can set duplicate addresses. . I’ve already made a complaint about this.

If you can accept the above points, then use them boldly.

After introducing the web version of UniFi Controller, I have to mention UniFi’s mobile phone APP here. Although the comparison between commercial products and household products is unfair, I still have to say that UniFi’s mobile phone APP has left ASUS several blocks away. . .
The reason why I made up my mind to switch from ASUS to UniFi was that I used the APP that was used to UniFi. .

Open UniFi’s APP. . My mobile phone is English and I am too lazy to switch language tests. . ),
Mainly on the 4 tabs, discover neighboring devices, direct access, cloud access, users

Nearby devices are mainly used to discover unmanaged UniFi devices on the network. For home users, only the AP of UniFi can be purchased for wireless routing without installing the UniFi Controller, and all configurations can be completed through the mobile phone APP. Because all of my UniFi devices are receiving management status, there are no devices here.

Direct access, i.e. direct connection to the UniFi Controller via IP.
For UCK, if it is in the intranet, the mobile phone needs to be connected to the same intranet to access.
I have two devices here, one is the Controller I threw on Azure, and the other is UCK on the intranet.

Cloud access, i.e. access to the UniFi Controller through internal network penetration by connecting to the UniFi.ubnt.com. Because I have turned on 2-step 2 authentication, I will ask token for 6 digits when connecting.

Enter the correct token to connect.
Similarly, I have two Controllers here, one is the UniFi Controller installed on Azure and running on Debian, and the other is UCK.
Pay attention to the icon in front, the key indicates UCK, the details of APP are still very good.

The last tab is account related settings.
Only when I saw this picture did I realize that I could set the language for UniFi’s APP independently without being consistent with the system. . X。

After introducing the basic tabs, go directly to ” Direct Access” and click a site to enter.

See is the current site related information, the interface is very good.

Of course, the bandwidth delay connection time is displayed

The device part displays the status of the current device.

When any equipment fails, the interface will look like this

Click on a device to see details

Click the configuration button in the upper right corner to configure

USW’s information page can display the status of each port.

Pull down to show more

Click on the port and the device connected to the port will be displayed. If there is a UniFi device under the port, the icon and related information will also be displayed directly.

Specific configurations can be made for each port

Information about USG

The User tab displays the status of the user. The details here are perfect. Lan ports, 2.4G devices and 5G devices all use different icons and colors. For example, 2.4G is orange and 5G is green.

Click on the device to see relevant information about the device and various statistics

Historical connection information of the device

Traffic Statistics and Analysis of Current Equipment

The Statistics tab is the statistical report in the web page version.

More is the configuration of the UniFi site, which is exactly the same as the web version.

home plan

Known equipment

Various system logs

Alarm message

It can be said that the website can do it, and all of it can be done here. It’s still very interesting.

The above is about the introduction of the UniFi Controller, which seems a little long. . .
Like Asus, UniFi also provides an online version of DEMO, which can be accessed directly by interested children’s shoes.https://demo.ubnt.comTo see. Demo also supports mobile phone app connection, which is quite serious.
This demo seems to take Fedex in real environment as an example, with quite a lot of equipment. . .

Part to be updated. . .

Actual picture of equipment. .

At night. . .

Signal strength testing and comparison
Because AC88u took it to a friend for testing, the signal comparison between AC88u and UniFi cannot be provided here for the time being. The details will not be available until 88u returns.

First of all, regarding the router signal, what kind of signal is good? How should the signal be judged?

Here is a little knowledge about dBM. The unit of measurement of dBm is somewhat similar to decibels, not a simple size relationship.
The more popular calculation method in the industry is

For every +3 dBm, the signal strength is about doubled.
For every -3 dBM, the signal strength is reduced by about half.
For every +10 dBm, the signal strength increases about 10 times.
For every -10 dBm, the signal strength is reduced by about 10 times.

So, how do you judge the signal strength in reality?
Refer to the instructions provided in dr wifi of IOS APP trend (spit out dr wifi, the previous version is very easy to use, the new version was updated 2 weeks ago, and as a result, all the functions have been charged)

It is considered that >-30 dBM is a strong signal,-71–90 71-90 is a relatively poor signal.
However, in fact, when I put my mobile phone on the router’s face, it was only a signal strength of -42dBm. . .

Therefore, in real life, generally speaking, the signal strength above-70dbm is relatively good, the signal strength below-70 DBM to-80dbm is medium, and the signal strength below-80 DBM is weak.

Then there is a simple test, a three-layer structure, and the router is arranged at the middle layer into the graph.
A is next to the router at the middle layer.
B is the living room on the lower floor.
C is the restaurant on the lower floor (the farthest distance in the room and the position with the worst signal)


First, only UniFi AP HD is installed and AP-mesh is turned off.

(Note: The mobile phone I tested is the Australian version of iphone 7, which uses Intel baseband and has lower performance than Qualcomm baseband)

The first is the signal strength of 5G.
Abc from top to bottom

It can be seen that the signals of A and B are all good, but the signal of C kitchen is already close to -80dBM.

Then 2.4G of signal strength,
It is still A B C from top to bottom.

It can be seen that the signal strength of 2.4G is good through walls, and the attenuation is not much.

Run speed test at this time.

First 5G,

The top 2 are the C-point tests with the worst router signals, and the bottom 2 are the A-point tests with the best router signals
It can be seen that although the 5G signal at point C -78dBm is much weaker than that at point A -45dBm, however,Simply speaking, there is no difference in the speed of surfing the Internet. A hundred megabytes of broadband can run full.

Then 2.4G speedtest

The upper 2 are the test results of point a with the strongest signal and the lower 2 are the test results of point c with the weakest signal
Here is a very interesting result
The speed of 2.4G seems to be more affected by the signal strength. From A to C, the signal strength has only dropped from -45dBm to -51dBM, thus the download speed is different from 1-Mbps, and neither can run the bandwidth of 100 megabytes of broadband.

This result was very unexpected to me. I repeated the test many times and it was similar.
Personally, I think it should be that although 5G signal is poor, the total bandwidth of 5G is much higher than the bandwidth of 2.4G, which is why this happens.
According to this conclusion, should we give priority to 5G signals when there are 5G signals?

The next step is to link AP-Mesh wirelessly
The state when AP-Mesh is linked by wire first

Uplink of AP-Mesh is displayed as 1G.

Then go to the AP-Mesh configuration page and select Allow Roaming to Other APs (Note, this option appears after 5.7.20 and firmware settings before 5.7.20 are different)

After synchronization is completed, disconnect AP-Mesh,

In about 30 seconds, UniFi will prompt AP-Mesh that the heartbeat has gone, and then it will go offline.

Take AP-mesh to the kitchen and power it on. After about 3-5 minutes, it will automatically go online and become connected (wireless)

At this time, if you look at the uplink of AP-Mesh again, you will find that it has become a wireless connection.

Since AP-HD and AP-Mesh have formed Mesh mode through wireless and used the same SSID, the trend Dr.Wifi can no longer accurately display the signal strength. therefore, I switched back to the Android version of WiFi signal test in the following test (it is very troublesome to find an Android mobile phone! )

Using the Android version of Wifi signal test, we can see that although it is Mesh mode, in fact, we can find 2 identical SSID.

5G signal:

First, at point a, 5G signal strength

The strong signal comes from AP-HD and the weak signal comes from AP-Mesh.

Then go to point c where the signal was weakest before.

The signal from AP-Mesh is stronger (MAC address judgment)

To point b again

From the MAC address, we can see that the stronger signal comes from AP-HD.

At this time, basically in the range of all three layers, the intensity of 5G signal is basically within -55dBm, and the relatively poor points have been well covered.

As for the 2.4G, you don’t need to look at it to know the result. basically, the signal should be good everywhere.

Signal testing at points a and c


As for speedtest, i am too lazy to test. . .

As far as I am concerned, the coverage has been said to be very satisfactory, just as I mentioned at the beginning. The WiFi signal does not mean that all corners should be full of signals, as long as most positions are excellent.
Frankly speaking, without AP-Mesh, 5G signal coverage is enough to support the speed of 100m broadband indoors, so for me, AP-Mesh is more like icing on the cake.

One point that needs to be explained here is that my Australian house is of double brick structure, not reinforced concrete of domestic buildings. The blocking degree of double brick to 5G signal and 2.4G signal should be much weaker than that of reinforced concrete. Therefore, for children’s shoes in China, an appropriate number of AP should be installed according to the need.

Compared with AC88u signal:
The AC88u mentioned above lent a friend to test NBN. . When to return is unknown. So this part needs to be updated.
However, when I got the full set of UniFi equipment, I did a signal test. Unfortunately, the screenshot was lost. But the conclusion is roughly as follows (2.4G is basically the same):

When the AC88u area is set to Australia, the power defaults and the AP-HD power is set to high:

5G signal
At point a, the AC88u signal is 3dBm higher than AP-HD, that is, the signal strength is twice as high.
At point c, the AC88u signal is 10-15 dBm higher than AP-HD, that is, the signal strength is 10 times higher.

In the case where the AC88u area is set to Australia, the power defaults, and the AP-HD power is set to 40 through the mobile phone APP and the actual equipment power is 28.5:

5G signal
At point a, the AC88u signal is lower than AP-HD by 3dBm, that is, the signal strength is half weaker. .
At point C, the AC88u signal is 5-6 lower than AP-HD, that is, the signal strength is about 1/4 of AP-HD.

The conclusion is that, by default, AP-HD signal strength is weaker than AC88u. However, after increasing the signal strength, AP-HD can reach and exceed the signal strength of AC88u.

Migrate UniFi Controller from UCK to cloud (Azure/AWS)

At first, I used UCK to run Unifi Controller, which is easy to manage and use, but there is one problem that makes me very uncomfortable.

Because all the companies I am running use Citrix to access the home network. When the home network fluctuates and drops, there is no way to know whether my home network is down or whether the company has blocked my home address. .

Some people may say that Unifi does not support the monitoring of WAN connection status. What’s more, because the Unifi Controller is also in the intranet, even if there is monitoring when disconnection occurs, mail cannot be sent out. . .

This statement is quite true, but if you put the UniFi Controller outside the network, when the home network is disconnected, all the UniFi devices will lose their connection with the Unifi Controller, and at this time there will be a warning and an email can be sent.

In addition, because I am abroad and my parents have not retired in China, there are problems and troubles in my hometown network. My parents will not debug the router. One of the benefits of throwing the Unifi Controller to the outside network is that you can throw an AP directly at your hometown and then connect to the Unifi Controller of the public network, which can be managed remotely. And it can unify SSID both at home and abroad, and it can also roam directly and wirelessly when returning home. .

Do what you say. .

The official website actually has a very detailed tutorial, but it is aimed at AWS. The link is as follows

https://help.ubnt.com/hc/en-us/a … Amazon-Web-Services

Because I have Azure’s account, I started it in Azure.

The steps are simple,

First, build a virtual machine. I use a relatively small standard A1 v2 (1 vcpu, 2 GB of memory), which is cheap. . . Then install debian. After the installation is completed, return to Azure’s network settings, security group, and add the inbound rules as shown in the following figure:

Then ssh into azure’s virtual machine and execute the following command

  1. sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ubnt.com/unifi/unifi-repo.gpg
  2. sudo apt-get update
  3. sudo apt-get install unifi

Copy code

Unifi Controller can be successfully installed.

Then the remaining question is, how can UniFi devices managed by UCK be seamlessly migrated to the past? (I didn’t take a screenshot of the following operation at that time). If the disconnected device is rediscovered, it will cause the device to restart and initialize. All configurations are lost and need to be reconfigured.

The steps are also relatively simple. UCK first creates the currently configured backup, then accesses the Unifi Controller address on Azure and directly selects backup recovery.

After the recovery is completed, log in to the Unifi Controller of Azure, and you will find that all the Unifi devices are present, but all of them are displayed as disconnected. At this time, you only need to modify the site IP and domain name to complete the setup.

Then log in to all Unifi devices through SSH and execute the command

  1. set-inform http://ip-of-controller:8080/inform

Copy code

Then return to Azures’s Unifi Controller and accept the new equipment. Basically, seamless transition can be achieved. Switching is complete.

Then disconnect the home network and test it. The mobile phone will receive email within a few minutes:

In this way, if there is any fluctuation in the home network, you can basically receive notification within a few minutes.
However, because the Unifi Controller on Azure is always online, the APP of Unifi can always be connected through direct access, which is much faster.

According to my experience, even if the A1 v2 virtual machine is configured at a lower level, its running speed is much faster than UCK. The page opens much faster than the local one.

Some people will ask what is the resource consumption of the UniFi Controller? The following is my performance report after migrating to Azure.

According to Azure’s report, it can be said to be very low. Basically, CPU usage is only below 5%, which can be ignored.
However, there is continuous network access, from the home’s Unifi equipment to the Unifi Controller, which basically keeps about 500K uploads and 200K downloads at all times. The daily total flow is about 1-1..5G. Between 30g and 40g per month.
AWS charges for traffic in both directions, while Azure charges for upstream traffic, so when you put the Unifi Controller on the cloud, you must calculate the charge for traffic.

Here is a brief summary of the advantages and disadvantages of the Unifi Controller on the Cloud:

Advantages:

Easy access,
Convenient management of equipment in multiple regions
For local network disconnection and the like, the alarm such as mail, short message and the like can be quickly sent out
The performance is better than UCK

Disadvantages
Virtual machines on the cloud require additional costs
The guest network needs to communicate with the Unifi Controller.. If the upload bandwidth is small, the network speed will be affected.
The delay of the Controller on the local network and the cloud is too high, which is easy to cause the problem that the guest network login is extremely slow or unable to login.


Run UniFi Controller with group light.

Because UCK is relatively expensive, running a UniFi Controller on the cloud actually costs money. It is also a good choice to install the UniFi Controller on a computer. However, is it too extravagant to run with a computer? Think about NAS in your home, can you run on Synology?

The answer, of course, is yes, and it is simple to do.

First of all, to Qunhui’s network settings, set the IP to NIC 4, because I intend to replace the previous UCK, so the IP is directly set to 192.168.1.2. Of course, if your group has only one or two internet portals, it is ok not to set them here. Can share IP with NAS.

Then go to the kit center and install docker.

After the installation is completed, start directly.

Select the registry on the left and search jacobalberty/unifi

Double click, select latest, the latest stable version, and then click select

The installation has already started at this time, then click on the image on the left and the downloaded size will be displayed on the right. The content to be downloaded is about 600-700M m.

After the download is completed, the start button will become depressible.

Directly start, set the container name, according to personal preference, I changed to Unifi-Controller

Don’t go to the next step, select the advanced setting in the lower left corner.

Open the interface again, select Add Folder, and then create a folder under docker, named Unifi. Then choose

The loading path is filled in as/var/lib/unifiBe sure not to write wrong here.

Then select the network above and check to use the same network as docker host.
Then click Apply

Then go to the environment and set BIND_PRIV and RUNAS_UID0 to false. this is to reduce the permissions of the Unifi runtime and prevent the Unifi Controller from affecting NAS when the vulnerability is invaded.

Of course, if Unifi is not exposed to the public network (transit through ubnt website is not counted), this step can also be omitted.

Then click Next and click Apply

After the application, docker was started, and the CPU and memory share was actually very low.

Visit at this timehttps://192.168.1.2:8443, you can open the UniFi Settings page!

What if there is a new version? Directly to the container to delete the mirror, then to the image to delete the old mirror, and then install the new one.
Pay attention to selecting the same folder as before during installation, so that the previous data will be completely preserved.

DLNA’s Exhaustion:

Since I started with Qunhui NAS in 2013, my home has always been a DLNA service provided by Qunhui through direct wireless connection of TV to play videos on NAS. Especially after the child is born, the animation on NAS is played through DLNA almost every day. However, after I initially configured UniFi, I found a very strange problem, that is, every time the video is played through DLNA, there will always be the problem of playing 3s, cards 3s, then playing 3s continuously and cards for a few seconds. I tried to reset AP, switch 2.4G and 5G, change channels and other operations, which could not be repaired.

In desperation, I opened a case on the UniFi website, contacted Level 3 support, and then started the process of continuous testing. . . Back and forth every day, at least 3 mails. . . It provides all kinds of debug information, all kinds of log, and has carried out all kinds of different tests under the requirements of UBNT technical support. . . It lasted for 3 months. . . . The problem remains unsolved. . . .

Then suddenly UniFi released a new version of AP-HD firmware, and then. . . The problem has been solved. . .

To be honest, UBNT’s technical support is still very dedicated, but L3 Support didn’t know that a problem would be solved in the firmware to be released. I really want to say something. . .

Then, the DLNA incident made me realize a problem:

The broadcast of DLNA is the multicast protocol used.The multicast protocol plays all devices on the network.

When I was playing video through DLNA at 2.4G, I found that the channel usage of AP-HD’s 2.4G increased from 10% to 85%. In other words, DLNA multicast information over the air will seriously affect the network performance of 2.4G

So, what is the solution?
Method one
In the 2.4G wireless setting, the ” block Lan to WLAN multicast and broadcast data” is enabled (multicast and multicast packets sent from LAN to WLAN are blocked). however, note that DHCP is also blocked, so here, the MAC addresses of NAS and USG need to be whitelisted.

Method 2:

It is also my personal recommendation. DLNA is used at 5G.
After my tests, DNLA under 5G basically has no effect on the signal utilization rate. This should be due to the larger bandwidth of 5G channel.

Power part

Before using UniFi, I was frightened by the nominal maximum power of 140W of USW-8-150 W. . . After actually getting the test, it was found that it was ok. .

The comparison is as follows:

AC88u  – power fluctuates between 6W and 9W in daily use.

UniFi complete set (USG+USW+UCK+AP-HD+AP-mesh) with a total power of about 26W. Removing UCK and AP-Mesh has little effect on power consumption. (The tested USG shows inaccurate power)

In other words, the power consumption of UniFi is much higher than that of AC88u.


Summary:

If you have patience and read my long and smelly post, you probably don’t need to read this conclusion I wrote again, and you should know.

For ordinary home users, if they do not want to stir up trouble, or want a device to solve the problem of home network coverage, or there is no reserved network cable in the house, then there is no consumption route such as AC88u on the brain. More worry-free, labor-saving and electricity-saving.

If there is no reserved network cable in the home, but a wireless device cannot provide good coverage. Then, choosing 2 ASUS devices as Mesh will be relatively simple and cost relatively low. What if two devices are not enough? Then, there is no brain-based UniFi.

If there is a reserved network cable in the home, and you want to mess with it, but you care about stability and playability, then UniFi is your dish.

Comment here