You can combine an EdgeRouter lite plus a 5GHz UniFi AP for a good BBC + Netflix streaming box. The EdgeRouter has an IPsec VPN offload https://community.ubnt.com/t5/EdgeMAX/ERL-Performance-Testin... which I use with BlackVPN's "TV subscription" so my parents can watch HQ BBC shows.
EdgeRouter firewall you can write a small script so whenever the BBC app is running it and the Chromecast2 are automatically rerouted to the UK VPN, while everything else is sent over their regular provider like Netflix. This guy also wrote a php app that manually does this https://github.com/TravisCook/Detour though it's easier just to have a go app running automatically reroute the requests.
The one issue I had with it was Chromecast2 not initially connecting to the 5GHz network, which is solved by creating a 2.4GHz network, setting it up, disabling that network and then creating a new 5GHz one with the exact same SSID which the Chromecast2 will automatically connect to. The UnFi AP is so powerful covering the entire apt building with a good signal I thought about setting up the guest network and dropping a card charger on there to charge unlimited WiFi Netflix and BBC access for $5/month to the neighbors as the building has a fibre ISP w/'unlimited' bandwidth.
Unfortunately your BBC access is likely to be cut off soon as I think the Beeb will be restricting iPlayer access to validated TV license holders only.
To clarify for anyone unfamiliar with UniFi from Ubiquiti.
The controller is the GUI that allows you to adopt new UniFi devices and manage the network devices. It's cross-platform via Java. It doesn't have to run continually, as the devices themselves hold the settings. However, continual logging does require the controller to run.
While the switches, Security Gateway and WiFi access points are managed; none of them actually have their own GUI. The can, however, all be accessed via SSH.
The Cloud Key is a POE dongle that runs the Controller software. Nice out-of-the box, plug and play option.
Yep.. most annoying bit is that the Cloud Key uses 48v POE while all their APs (and the cheaper routers) only support 24v. So you can't actually run a Cloud Key off say an EdgeRouter X SFP.
Annoying for sure, though if you are doing a big install you'll probably need another switch and you can just make it a POE one.
This statement is not complete, almost all new Ubiquiti PoE equipment is 802.3af compatible (48V). Older hardware is 24V only. To cross this gap they released several switches (and routers) with PoE ports which can do both (passive 24V or auto sensing 48V).
Sorry, I should have clarified that this is for their consumer grade stuff.
Yes, the pros and edu unifi's are 802 but the lite and LR are not. The prosumer edgerouters are mostly 24v as well. (what reading I've done says to stay away from the ER lite POE and get the X SFP instead but that's only 24v)
Anyways, not a big deal, just pointing it out as I was bitten by this. Nothing a $50 switch didn't solve.
In addition to logging, I believe if you want hassle free roaming handoff between wifi APs you also need it running. It's been a while since I played with it since my setup is so rock-solid now (compared to when I had linksys gear...)
Wow...so do these APs actually hand off client based on proximity/signal strength? I'm running a home-grown network with four openwrt routers running the same SSID, but client stickiness is my biggest problem. I've always been told this was something you can't get around...that AP selection is left up to the client. However, clients do weird things...like a FireTV stick selecting an AP 100 ft away instead of the one sitting around 10 ft away. If Ubiquiti's solution solves this, I might seriously consider getting a set.
As an additional question assuming the above is true...can you bind different SSIDs to different VLANs? This is really the best value openwrt provides to me atm.
It does "work", but the beauty of it is subjective. Sure, if you have 10-20 devices it might work. More than that and it falls apart fast. But the reason is pretty simple - when you enable "Zero Handoff Roaming" you're making a huge compromise: 1) all UAP need to be on the same L2 network and 2) all UAP use the same channel. This doesn't work in any large scale deployment or deployment where you truly care about leveraging bandwidth via balancing clients based on channel utilization.
I've tried it (a long time ago) and yes it works. But, you will pay the price, even in your home network if you have clients doing large uploads / downloads. There's really no point since there's no logic with it either (the UAP devices don't influence handover / AP selection). If they did they could get around the limitation of being relegated to the same L2 network.
Also if you're using zero handoff you have old Ubiquiti gear (since none of the 802.11ac units ever supported it). Ubiquiti is likely moving to 802.11r to reimplement it. I wouldn't run Zero Handoff in my house with the APs I run even if it was an option (3 x UAP-AC Pro, 2 x UAP-AC Lite, 1 x UAP-N Pro).
I'm pretty sure that if you run ZHO you lose the ability to have the maximum number of SSID as well. Which is completely counterproductive from having a Ubiquiti system. I run 3 different SSID for different use cases with different security policy applied to each. One is also specifically for guests. The UniFi controller does captive portal and authentication for guests - so no having to give guests access to your entire network and you can restrict amount of time each code is valid for as well as the bandwidth a user is allocated.
I was not aware of this! I take it this hasn't changed in 2 years, has it.
I was looking to buy Ubiquiti gear to get away from failure-prone consumer all-in-one routers but not anymore. If they're sticking to this, it sincerely changes my plans as I can't support a company that so brazenly violates FLOSS licenses.
They can be meshed, but you need to set them up wired first. The UAP-AP is 2.4Ghz only, the UAP-AC-PRO also supports 5Ghz. The UAP-AC-LITE has fewer MIMO antennas but also supports 5Ghz.
Ha. My FireStick is the one device that can't get its shit together. It's about 6ft line-of-sight, hanging out the back of my receiver, to the Meraki 802.11ac AP on the wall above it.
Naturally, it insists on connecting to the AP 60 feet away down the hall and around a corner, and keeps insisting that "connection quality is poor."
Handoff is an overloaded term. If you advertise the same SSID on the same L2 network from multiple APs, clients should seamlessly move between those APs, subject to the client's own mechanism.
Ubiquiti has a feature called Zero-Handoff [1] which indeed requires the controller's participation. The APs all end up on the same RF channel in this arrangement. While I've not used this feature, multiple APs on the same channel tends to be a bad idea and I much prefer my setup of simply using the same SSID on multiple APs/channels.
In my experience, placing the same SSID across multiple APs/channels and letting the clients decide is a problem, because the clients often get it wrong. Granted, most of what I see this on are Android-based systems (FireTVs, android phones, etc), but I've also had the problem with Ring.com cameras, and with Amazon's Echo. I personally wish the APs would force the issue instead of relying on different client stacks.
The client is in the best position to manage the handoff because it knows which aps it can hear and is configured to connect to. I've seen some APs that will disconnect clients with low signals strength, but the AP doesn't know if the client can actually see something else. Zero handoff addresses this by having all APs listening to the same channel, with synchronized security parameters; whichever AP receives the packet gets to send replies. The down side is you end up with a larger coverage area but the same channel capacity as a single AP.
But they don't, really. I tried this with a Meraki security gateway+AP, plus a separate AP. Same subnet. Handoff between the gateway and separate AP took up to a minute.
Meraki insists you need to disable the wireless on the security gateway and ONLY use a "combined network" of APs to have the same SSID for roaming.
Granted, I know very little about how it actually works -- I think they use separate channels, unlike what folks here discuss for Ubiquiti.
I use zero handoff. proof is easy. connecting to a wifi L2 network for me takes ~ 500ms, i can unplug each station in turn and observe no loss of connectivity at all for that duration
note that unifi does not mention requiring controller running (and i do not have mine running ever and it works)
Quick q:
My understanding is that the unifi controller doesn't actually control anything actively, it just serves as UI to the APs. When my controller box goes down, I don't seem to notice any service difference with my 3 APs.
This is true. You don't need a dedicated box (at least for the simple configurations that I've run). A home user would be fine installing the controller software on their laptop and only launching it when changing config settings.
They have some hardware that runs it's management interface on the device itself. Their UniFi and USG and some of their more prosumer-ish switches and stuff require you to run the UniFi Controller, which is web-based, on a computer. Our ops guys manage our 3 UniFi APs running the UniFi Controller on their individual laptops. If they need to change configuration they fire up the UniFi Controller and hit a webpage on their localhost.
The devices, once configured, run independently of the UniFi Controller. It's just needed for configuration changes or monitoring outside of snmp. (or apparently the guest portal)
I just run the Unifi Controller on my Mac when I need to configure something and then shut it down. AFAIK some features (e.g. WiFi captive portal, if I remember correctly) require a Controller running full-time.
Yeah don't need it all the time, but it's nice to have running since you can use their mobile app to make config changes without having to boot up a laptop or make sure the app is running.
The Unifi controller is largely overkill when you just have one AP to manage. Booting up 200 megs of Java software on a desktop to just tweak a few bits quickly became old. Re-flashed my Unifi AC Lite with LEDE and configured it through Luci. I can happily forget about Unifi controller and maintaining a live Java stack on a desktop.
I might try this, i still have a few pies lying around. Do you need the power of a Pi 2 or do you think an earlier model might be enough. Small home network, 2 APs, no fancy stuff (so far...)
WiFi networks need to be configured every now and then, e.g. to set up a guest WiFi, change the password, change the channel to a less crowded space, or activate MAC-filtering to kick my neighbours out. With LEDE I can do all of that with a straight ssh. No way I will maintain Java alive on my Mac just for this.
The tipping point for me was a bug in the Ubiquiti firmware, I systematically had to boot the AP twice to get it working. LEDE is perfectly stable.
Does anybody know if it's possible to pull a running configuration from a working AP back to a fresh Controller install?
I configured the APs here at the house with a laptop running UniFi that has since been decommissioned. Now that I've installed UniFi on the new laptop, it seems I have to re-adopt the APs to the new controller and start from scratch with their configuration. This is a huge pain. Is there any way around this?
Yes, same username and password as whatever is used to login to the controller software. At least it is for me. I only have one user setup for the Unifi Controller.
I'm using a Raspberry Pi 2 Model B with Java set to use a maximum 512MB heap (-Xmx512M). The controller is fast enough for my (rather small) home network.
I ran the controller on my own machines, for a while in AWS and for a while in my closet, for a few years. It's fine. But I've been happier since I switched to the Cloud Key. The functionality is the same, but I find the maintenance (upgrades, etc.) a fair bit easier, and it gives me more freedom in choosing to run or not run the servers and instances that I had the controller software on (I do like having the controller running all the time). I guarantee that I've spent more than $80 worth of my time maintaining the Linux system and controller running on it over the years. With the Cloud Key, I've never had to mess around more than clicking the "upgrade" button.
Yeah, I brought up a UAP-AC-Pro+ERLite3 network both at my office and my home. The first time I did that setup I spent maybe an hour learning about the ERLite3 and configuring it, and then proceeded to spin my wheels for two hours trying to get the UniFi Controller working under Linux. I just gave up and ran it on a Windows machine. The second time I brought the EdgeRouter online in 5 minutes, and then proceeded to spend another two hours of my life trying to get the UniFi Controller running in a container using a pre-built Docker image. No go. By the end it would see the AP and begin configuration, but then lose it halfway through. Had to use it on my Windows VM instead, where it worked first try.
This Ubiquity based setup has been the most stable network I've had at my home in all my years, even when used in RF-crowded environments. But the UniFi Controller is the biggest downside for someone like me who just wants to throw up a network.
I was also bummed about having to install the controller, so I double checked apple's app store. There's an official, but defeatured app that was still overkill for my home network. I think bootstrapping only worked because I was replacing an existing access point, and had IP access to the ubiquiti via etherenet through the old one, but I didn't rtfm, and connecting via wifi to a non-setup access point seems like an obvious feature to include. Zero issues connecting to the access point directly now that it is setup.
If you're interested in WiFi access points beyond the consumer level but still affordable, check out Mikrotik. It's a Latvian company that makes really cool stuff. Their cheapest dual band ac access point is around $40, very small and nicely designed, PoE in and out, and works together with their ecosystem of access points and routers. They are almost endlessly customizable through ssh, a web interface, or a Win32 program (supported on Wine).
I only got my first Mikrotik a few days ago but I love it so far. Haven't yet actually connected it to another one so I can't really comment on using several access points.
One issue for me is that they didn't seem to have any "nice looking" access points. I like the Unifi ones as they look pretty nice mounted on the ceiling. I took another glance at the Mikrotik site and I see they have an 802.11b/g/n ceiling mount access point, and I wanted 802.11ac. I have a Mikrotik switch that I am very happy with though.
+1 on this switch. I have two of them in my home network and very happy with then, now that they are setup. Configuring them initially was kind of a pain when I was setting up the VLANs. But I got it figured out on a Saturday and now it runs like a champ :)
For more colour, I have 4x AP Pro and 2 X POE switch and their gateway. The key was just logical as it can be plugged into the POE port and done.
I have tried to remove having servers running at home as I am working to cut down on the power bill. I have the Intel Compute Stick on the 3 TVs that run Windows 10 and Kodi (I am to lazy to figure out how to get Linux on the stick). They sleep when not in use (well one does, have not figured the other 2 out - you would think they would behave the same). The only thing I have running all the time is my FreeNAS system and a Minecraft server (friends and family). I am thinking about replacing the Minecraft server with a compute stick also. It is currently an old dual code PC with 4GB of RAM. I am sure that the power draw it stupidly high.
FYI, there's also an iOS/Android app that you can use for one-off simple setup of their APs now. I used it when setting up my UAP-AC-LR.
Years ago, I got fed up with the Java-based controller as well, and reflashed my UAP-LR at the time with plain OpenWRT so it was all self-contained. Still one of the best APs I've ever used.
EdgeRouter firewall you can write a small script so whenever the BBC app is running it and the Chromecast2 are automatically rerouted to the UK VPN, while everything else is sent over their regular provider like Netflix. This guy also wrote a php app that manually does this https://github.com/TravisCook/Detour though it's easier just to have a go app running automatically reroute the requests.
The one issue I had with it was Chromecast2 not initially connecting to the 5GHz network, which is solved by creating a 2.4GHz network, setting it up, disabling that network and then creating a new 5GHz one with the exact same SSID which the Chromecast2 will automatically connect to. The UnFi AP is so powerful covering the entire apt building with a good signal I thought about setting up the guest network and dropping a card charger on there to charge unlimited WiFi Netflix and BBC access for $5/month to the neighbors as the building has a fibre ISP w/'unlimited' bandwidth.