Lee Hutchinson – Oct 23, 2015 6:30 AM | 308
The UAP-AC-Pro, one of the three types of UniFi wireless access points I tested. Credit: Lee Hutchinson
This piece is now a few years old, and we've posted an update on Lee's experiences with Ubiquiti gear as of mid-2018 that you can read right here.
Back in July, Ars ran a syndicated piece from The Wirecutter on the best consumer-grade wireless access point, with the winner being the $100 Netgear EX6200. The result didn’t particularly move me—I’d been using an 802.11ac-capable Apple Airport Extreme since late 2013 and Wi-Fi in House Hutchinson seemed pretty much a solved problem. The Apple access point had been more expensive than just about any other consumer wireless gear when I’d picked it up, but it was solidly reliable, quite quick, and covered all 2,600 square feet (about 241 square meters) of the house without any noticeable dead spots.
But a few of the comments in the syndicated piece echoed a general dissatisfaction with the consumer wireless access point landscape and recommended we check out some entry-level "enterprise" wireless gear instead. This tickled my urge to tinker—if there’s one thing the latent sysadmin in me loves, it’s tearing out a perfectly functional existing production system and implementing something new from scratch!
ADVERTISING
So shortly after that piece ran, I reached out to Ubiquiti Networks, an enterprise networking gear manufacturer that makes, among other things, the types of mesh-capable Wi-Fi systems that often get installed in hotels and airports. I wanted to see what it was like to leave the kiddie pool of home Wi-Fi equipment and jump into the big pool—the shallow end, at least (the deep end would probably be bolting Cisco Aironet access points all over my house). My contact with Ubiquiti happened at a fortuitous time, too, since the company was in the process of redesigning its UniFi wireless access products.
Ars Video
How The Callisto Protocol's Team Designed Its Terrifying, Immersive Audio
I wound up with four different Ubiquiti UniFi wireless access points to test. Ubiquiti first sent two preproduction models, a UniFi AP-AC-Lite and a UniFi AP-AC-LR, and then followed them up a couple of weeks later with a production model UniFi AP-AC-LR and a production model UniFi AP-AC-Pro when they were ready. (There's a fourth UniFi model included with Ubiquiti's UniFi product refresh, the UAP-AC-EDU, but it's intended to be sold directly to educational institutions, and I didn't get one to test.)
UAP-AC-LITE | UAP-AC-LR | UAP-AC-PRO | |
Dimensions | 160 x 160 x 31.45mm | 175.7 x 175.7 x 43.2mm | 196.7 x 196.7 x 35mm |
Weight | 170g | 240g | 350g |
Radio | 802.11ac/n/b/g/a | 802.11ac/n/b/g/a | 802.11ac/n/b/g/a |
2.4GHz MIMO | 2x2 | 3x3 | 3x3 |
5GHz MIMO | 2x2 | 2x2 | 3x3 |
Max 2.4GHz TX power | 20dBm | 24dBm | 22dBm |
Max 5GHz TX power | 20dBm | 22dBm | 22dBm |
Max rated range | 122 meters (400 feet) | 183 meters (600 feet) | 122 meters (400 feet) |
Power over Ethernet | 24V passive | 24V passive | 802.3af / 802.3at |
MSRP | $89 | $109 | $149 |
How I used and reviewed these things
One of the core ideas behind an enterprise-type Wi-Fi solution is that you can throw down multiple access points and manage them from a single interface while your wireless clients seamlessly (or nearly seamlessly) roam between the access points as needed. On top of that, enterprise Wi-Fi setups differ from home set-ups in that they typically offer the ability to configure multiple (as in dozens or more) of SSIDs from the same set of hardware, each with different security and networking policies applied. There’s also often rich guest network functionality, with the ability to allow guests to connect not just with a single password but also with timed-expiry passphrases or tokens, or to charge guests for access (like you might see in a hotel).
It’s important to set expectations here at the outset: this is not intended to be a comprehensive review of an enterprise Wi-Fi solution in an enterprise context. I’m not going to be presenting a discussion on how to do a pre-deployment RF survey to map out which frequencies you should assign, or how to set up RADIUS authentication, or how to support hundreds of wireless users, or how to use Paypal to charge guest users for access via the guest portal—I don’t have the equipment or expertise (or time!) to deliver that kind of review.
Instead, this will be a reasonably skilled sysadmin’s review of how "enterprise-grade" Wi-Fi gear works in a home context, detailing how a home user can benefit from the improvements brought to the table by using business-class gear instead of an endless, endlessly breaking series of disposable home networking access points. I’m going to go into my own use case for the UniFi wireless access points (WAPs) and how they fit into my life and provide a justification for why even after sending the review gear back, I’m planning on spending my own money and purchasing at least a pair of the devices so I can keep using them. In that regard, I'm like the guy who experienced a luxury hotel or a first-class airline seat and now can't bear the thought of going back to the way things used to be.
UAP-AC-LR in the living room, peeking out from underneath a decorative thingy. Credit: Lee Hutchinson
It is extremely important to state that these devices are not NAT routers. They are wireless access points, and that is all they are. They do not replace your existing router and you can not use them to connect your home LAN to the Internet. If you have an all-in-one wireless router, you’d add Ubiquiti’s WAPs to your network by disabling the Wi-Fi on your existing wireless router and leaving it otherwise intact and functional, with the router portion of the router still doing its job (the standalone UniFi Controller management application can do DHCP if that’s desired). Or if you want to keep everything within the Ubiquiti ecosystem and manage your router and WAPs with the same application, you could also purchase one of Ubiquiti’s security gateways.
I’ve been using Smoothwall Express for my router and firewall for probably 10 years, and I do DNS and DHCP off-box with bind9 and dhcpd (although Smoothwall can handle those roles as well). Smoothwall is an excellent and easy-to-manage Linux firewall distro with fully configurable rules and stateful packet inspection, and I have it running on a dual-NIC OEM 2550L2D in my closet. That means that the Airport Extreme I’ve been using for Wi-Fi has been strictly for Wi-Fi, and disconnecting it and plugging in the Ubiquiti gear to test with was straightforward. Again—and I know I’ve said this more than once, but it’s worth repeating—if you’re thinking of replacing your existing Wi-Fi setup with something like Ubiquiti’s gear, you need keep your existing router or account for the cost of buying a router to work with the new gear.
Getting the gear
Final packaging for the UAP-AC-Pro and UAP-AC-LR.Lee Hutchinson
Sleeves off, boxes open. The WAPs take up most of the packaging room.Lee Hutchinson
Beneath the WAPs are their mounting brackets; the devices are intended to be attached to walls or ceilings.Lee Hutchinson
The two prerelease WAPs I received (a Lite and an LR) didn’t arrive in final packaging and didn’t have a final external design, but the second LR and the Pro that Ubiquity sent a few weeks later were production devices. I snapped a bunch of unboxing photos before setting the devices up around the house.
The WAPs all resemble the same basic design—they are squat round hubs, with one side flat for flush mounting and the other side domed, like a mushroom, with a circular LED-backlit ring near the top. The LEDs change color depending on the device’s mode of operation, and they can be flashed from the management console to identify the device. The lights can also be disabled if desired, which is good because they’re very bright in a dark room.
POE compliance
Standards compliance in Power Over Ethernet (PoE) implementations isn’t always as rigorous as it should be with different manufacturers, especially when it comes to how PoE devices identify themselves to PoE-enabled network switches. I asked Ubiquiti engineers how closely their AP-AC-PRO access point sticks to standards, and they said that the Pro uses a fully qualified 802.3at Texas Instruments PoE implementation. It draws a maximum of 9W of power, and it registers itself as an 802.3af device and works with 802.3af switches and higher-powered 802.3at switches. Ubiquity also said that it has done PoE implementation testing with a wide variety of PoE switches to verify its products’ compliance.
The WAPs I had in hand were differentiated primarily by their physical size, antenna count, and transmit power, though there were other minor factors that set them apart. At the high end was the AP-AC-Pro, with dual 3x3 MIMO; the AP-AC-LR (for "long-range") with 3x3 MIMO for 2.4GHz and 2x2 MIMO for 5GHz; and the AP-AC-LITE with dual 2x2 MIMO. All three WAPs run on PoE, with the Lite and LR access points using Ubiquiti’s proprietary passive 24V and the Pro using standards-compliant 802.3af/802.3at PoE. If you happen to have a PoE-capable switch, you can plug the Pro straight into it; home users without PoE can use the included power adapters. Ubiquiti sent us a 24-port PoE switch to try out with the UniFi WAPs, and the Pro correctly identified itself and started drawing power over Ethernet without a fuss (the LRs and the Lite had to have their ports manually set to 24-volt passive, but once that was done, they too started working without issue).
According to Ubiquiti’s data sheet, the Lite and the Pro have an effective range of 122 meters (400 feet), while the LR stretches to 183 meters (600 feet). The Lite is physically the smallest of the devices, measuring 160 x 160 x 31.45mm, and it’s able to push out a maximum of 20dBm in both the 2.4GHz and 5GHz ranges. The LR is larger at 175.7 x 175.7 x 43.2mm, and it can push 24dBm in the 2.4GHz range and 22dBm at 5GHz. Finally, the Pro is the biggest of the trio, at 196.7 x 196.7 x 35mm, and it transmits at a max of 22dBm in both the 2.4GHz and 5GHz ranges. They’re all relatively lightweight, though the Lite is (appropriately) the lightest at 170g. The LR weighs 240g and the Pro weighs 350g.
The devices are all meant to function optimally when ceiling-mounted, and they come with brackets to facilitate this. I wasn’t willing to drill holes in my ceiling just to test the gear out, but I had no problem stashing the devices at various places around the house—on a shelf in the office, hidden in a coat closet, and parked beneath a decorative thingy in the living room. Because the WAPs draw power from their Ethernet connection, you only have to run a single Ethernet wire out to them and they don’t need to be located near a power outlet (though if you’re using the provided power injectors, you do need to plug them in somewhere).
Power draw is relatively low as well. The Lite and LR versions both draw a max of 6.5W, while the Pro draws a max of 9W; we observed a fairly steady draw of between 4-5 watts with the Pro and 3-4 watts on both the Lite and the LRs. Assuming an average US electricity cost of $0.12 per kilowatt-hour, a pair of Pro access points running at max draw 24 hours per day would add about $20 per year to your utility bill (or about $1.58 per month for 18Wh, not counting taxes or other local utility fees). A single Lite WAP would cost a bit under $7 per year.
Getting set up
The feature set when stepping up from a consumer-grade wireless access point or wireless router to something like this can be intimidating. I've had our Ubiquiti gear in place for a little over a month and I'm just now getting comfortable with some of the more advanced options. Since this gear is designed to work in a distributed environment with hundreds or potentially thousands of wireless clients, there’s a bit more configuration necessary out of the box than with a Linksys or Netgear whatever router.
Whether you have one or a dozen of the things, the first thing to do is plug them in. At least one of your WAPs needs to be connected over wired Ethernet to your LAN’s switch or switches, which means running a network cable from the switch to somewhere near a power outlet, connecting the LAN cable to the PoE injector—every WAP comes with one—plugging the injector into the power outlet, and then running a second network cable to the WAP itself. If you’re trying to install a WAP in a place where it’s difficult or impossible to physically connect it back to your switch, you can have the WAP operate in wireless bridge mode, but I ran into performance and connectivity issues when operating that way. Wireless clients would occasionally connect to the bridged WAP and then cease being able to access the Internet. These devices are best used when they can be connected via wired Ethernet to your LAN switch.
Once physically installed and situated, the WAPs need to be provisioned, and to do that you need to either install Ubiquiti’s UniFi Controller software (which runs on Windows, Linux, or OS X) or use the new UniFi Easy Setup app for Android. I didn’t test setup with the Android app, because if you’re the kind of person who’s looking to install this gear in your home, then you’re likely the kind of person who is going to prefer the Controller software. The Controller software is the single pane of glass with which you configure and manage you UniFi controllers, and while it doesn’t have to be up and running for the WAPs function, it does have to be reachable by the WAPs for certain features to work (like the captive portal).
This is the first thing you see when you set up the UniFi Controller application.
Any UniFi devices that are in the controller's layer 2 broadcast domain should be picked up here. I started with a single Unifi WAP connected, so that's what's showing. More devices can be added later.
You can also set up your primary wireless network SSID here, along with a guest portal if desired. The security for the WLAN defaults to WPA Personal.
I chose to run the UniFi Controller on a headless Linux server, since it’s a Java-based app that you access through a Web browser even when running locally, and I already had a few Ubuntu servers doing server-y stuff in the closet. Though there’s no PPA for a quick installation via apt-get, there is a .deb file available for Ubuntu and Debian users like me, and I opted for that install route (I also installed the console's dependencies, which were MongoDB and either the OpenJDK 6 JRE or the Oracle Java 7 installer package). After installing the file with dpkg, I was able to log on and configure the Controller application.
(As an aside, the controller comes with a self-signed HTTPS certificate, and replacing it with a real certificate requires some fiddling with the Java keytool. It also has issues with wildcard certificates. The process is perfectly doable but annoyingly complex compared to simply editing a configuration file to point to a certificate and key.)
Once you have the Controller installed, you point your browser at it and run through a first-time setup procedure, which will identify any UniFi WAPs on your LAN and provision them (though if you’re just setting up the controller and don’t yet have any WAPs, you can skip this step). The application will ask for you to set up a WLAN SSID and encryption key with WPA2 Personal as the default encryption method, and you can also set up a guest SSID at the same step. Finally, you set up admin credentials for the Controller itself, and then the setup process completes and the app launches.
At this point, you should have a functional wireless network—but we haven’t gotten to the fun part yet.
Options, options everywhere
When you log in to the UniFi controller, you see a screen showing a bunch of different Ubiquiti device categories you can control with the portal. Ubiquiti is making a strong play in the software-defined networking space, and they have products that fit into a whole multitude of different roles: from multisite WAN devices to physical LAN switches, routers, WLAN components, and even VOIP devices. If all you have are UniFi WAPs, the only thing populated on the controller "dashboard" view will be the "WLAN" part.
Even a single UniFi WAP operating by itself brings you a complex array of configuration options, and almost all of the configuration options and functionality we’re going to talk through is applicable whether you’re using a single UniFi device or a grid of devices. Of course, the main draw of these kinds of devices is the ability to link them together and have them function not just as dumb Wi-Fi extenders but as intelligent access points, delivering full bandwidth wireless connections on both 2.4GHz and 5GHz bands while allowing clients to roam between them without having to worry about changing SSIDs or anything.
The WAPs also have the kinds of features you’d expect for their primary corporate/enterprise use case: 802.1Q VLAN trunking is supported, and there’s extensive logging and the ability to throttle connected users’ connections (or even ban their MAC address so they can't connect to the WLAN at all). The guest portal functionality is also exactly like what you’d find in a hotel, airport, or other institution: not only can it be set up to offer timed access via password, generated voucher, or pay gateway (like PayPal or another payment processor), but it can also be fully customized. For example, this is the password-based guest portal I set up for visitors to use:
21 USC §643 actually concerns meat-packing business registration rules.
The guest portal runs on its own SSID, but the WAPs can also be grouped by different networks and configured to run up to four SSIDs simultaneously per network, and each SSID can have its own authentication and security methods and even its own operating schedule. If, for example, you want your kids to only be able to use the Wi-Fi on weekdays between 7am and 10pm and on weekends from 3pm to midnight, you can set them up their own SSID and apply a scheduled access policy to it, while the grownups get a different SSID (we'll get into testing this near the end of the review).
Enabling the guest portal does come with some performance penalties, though. I was unable to achieve anything even remotely approaching 802.11ac-appropriate speeds on either the internal or guest wireless networks with the guest portal feature toggled on. Instead, repeated testing with iperf showed me running into a transfer speed wall at about 115Mbps per client. Ubiquiti engineers informed me that this was due to the guest portal function causing the physical access points to partition themselves into multiple virtual access points with different QoS settings for each virtual access point. It’s a neat feature that I enjoyed using when friends came over—the custom portal logon page got a laugh out of everyone—but it’s hard to overlook the impact on speed if you regularly shuffle large files around your WLAN. With the guest portal feature disabled, wireless transfer speeds were in their expected ranges.
Freqs and geeks
The most important configurable bits are the WAPs’ radios themselves, and there are a lot of areas for tweaking to fit your needs. For each WAP, you can adjust the channels on which both the 2.4GHz and 5GHz radios operate, though if left to auto, the radios do a pretty good job of sticking to the most usable channels. You can also modify the channel width, selecting 20MHz or 40MHz for the 2.4GHz radio, and 40MHz and 80MHz for the 5GHz radio.
In determining which channels to use in auto mode, the WAPs do some algorithmic interference detection, attempting to sniff out other WLANs operating in the area, microwave ovens, and other RF devices like wireless headphones. WLAN signals are relatively easy to detect since they adhere to a specific power/frequency slope characteristic to Wi-Fi. Microwave ovens pulse at 50 or 60Hz on 2.4GHz Wi-Fi channels 6 and 11. Frequency-hopping RF devices can be detected by their peak power and how wide the signal is. Other sources of interference can be identified in various other ways, and all this is taken into account by the WAPs when they figure out what frequency to auto-assign themselves. (Thanks to Ubiquiti engineer Brandon Gilles for his explanation of how the UniFi WAP radios work!)
A recent update to the UniFi controller application added a pretty powerful Wi-Fi channel scanning tool, which will do a more in-depth profile of the available 2.4GHz and 5GHz signal space and try to give you as the admin a recommendation on which channels to pick for manual assignment.
A bunch of wireless clients, happily connected. Purple icons indicate 5GHz connections, while cyan are 2.4GHz connections. A leaf-shaped icon means the device is in low-power mode.
Taking a quick RF assessment of the 2.4GHz frequencies available to the Pro WAP.
The assessment can tell you how crowded each channel is and can help you with manually planning your spectrum assignments. You can leave all of this to "auto" if you want, but enterprise users will appreciate the ability to take a detailed look at what's crowding the airwaves.
The option to alter the channel width is mainly a compatibility one. As we’ll see in the benchmarking section, you can only achieve the maximum 802.11ac connection speeds with 80MHz channels selected. However, not all 802.11n devices will be compatible with 80MHz channels, and the wider channels themselves will be more prone to interference than 40MHz channels (simply because they cover more spectrum). If you’re using these devices in a corporate setting, you need to be mindful when planning out what channels to use so as to make the best usage of the spectrum you have available; for home users, this is less important. However, if you’re planning on getting a UniFi WAP in an apartment or other Wi-Fi dense area, you might need to do some advanced configuration to avoid stepping on your neighbors’ toes. (Or you can say to hell with your neighbors and crush their weak consumer-grade Wi-Fi with your multi-WAP steamroller.)
The radios’ transmit power can be adjusted within legal limits. The radio power setting defaults to "auto," but it can be changed to "low," "medium," and "high" presets, or you can take control and set the radio power manually. The UniFi controller won’t let you send more power to the transmitters than is allowed, but if you want to lock your WAPs to their full power, this is how you do it. It’s not necessarily the most friendly thing you can do to your neighbors—and it might not necessarily do anything for your WLAN bandwidth, either, since increased signal strength can mean increased signal distortion. In our testing, leaving this setting to "auto" resulted in excellent reception and coverage, and it also let each WAP in the grid keep its own house in order.
There’s also an option labeled "Min RSSI," which stands for "minimum received signal strength indicator." Though disabled by default, the minimum RSSI setting allows you to kick low-strength wireless clients off of your WLAN. This is potentially desirable because a very low-strength client can affect the performance of other clients on the WLAN, so providing an automatic means of disconnecting them saves you from having to troubleshoot a weirdly slow wireless network.
Coverage and range
One of the neat options in the UniFi Controller application is the ability to import a floorplan or map, set the scale, and then place your registered WAPs on the floorplan and have the controller software estimate the coverage and signal strength of each WAP. It makes for a cool visual, but it appears to be an estimate based purely on distance, without taking into account walls or other structures that block Wi-Fi (not to mention actual RFI sources that interfere with the signal).
5GHz coverage map, using my house's floorplan (the UniFi Controller allows you to set the map's scale so that it can attempt to accurately project the WAPs' ranges). Compare this estimate to actual coverage in the next gallery.
2.4GHz coverage map, using my house's floorplan (the UniFi Controller allows you to set the map's scale so that it can attempt to accurately project the WAPs' ranges). Compare this estimate to actual coverage in the next gallery.
To see how well the estimate stacked up with reality, I conducted a wireless site survey of my house using NetSpotApp (and big thanks to the NetSpotApp folks for loaning us an evaluation key for the enterprise version of the tool). I was able to construct a map of my house that displays both per-WAP coverage and also aggregate coverage, separated into 2.4GHz frequencies and 5GHz frequencies. I ran a separate survey on my single 802.11ac Airport Extreme (with the UniFi WAPs offline to keep the spectrum free) in the survey as a point of comparison.
5GHz band coverage from three UniFi WAPs.NetSpotApp
5GHz band coverage from my previous Wi-Fi solution, a single Airport Extreme. Coverage holes exist in some of the bedrooms due to distance or interference.NetSpotApp
2.4GHz band coverage from the UniFi WAPs.NetSpotApp
NetSpotApp yields a wealth of data across both ranges of the spectrum. The UniFi Controller’s estimate only vaguely reflected reality. It’s useful to help you keep track of where your WAPs are installed and to give you a high-level guesstimate of coverage, but a site survey is still a requirement to actually understand your signal.
Speed, speed, speed
All the WAPs are quick, but I only spent time benchmarking the Pro due to its dual 3x3 MIMO antennas. I found that speed was somewhat of a mixed bag. In synthetic testing with iperf, my 2013-era 802.11ac-capable Apple Airport Extreme left the UniFi AP-AC-PRO in the dust, turning in sustained average transfer rates as high as 870Mbps; the Pro was never able to get any higher than a sustained average of about 500Mbps (it burst up to 560-570 a few times, but never for more than a few seconds).
Then there’s the issue of configuration complexity. To get these speeds out of the Airport Extreme, all I had to do was plug it in and turn it on. To hit even the 500Mbps rates seen at the top of the Pro’s range, I had to alter a number of default settings–most notably, changing the 5GHz radio to 80MHz channel width and disabling the guest portal. As noted earlier in the review, enabling the guest portal comes with speed limitations as the WAP has to divide itself up into virtual access points to handle the multiple SSIDs. I was able to hit 500Mbps only after disabling all but one SSID, and even then I only got that high when running iperf with ten simultaneous transfer streams. The Airport Extreme scored as much as 75 percent faster with no effort.
Sponsored Content >
First-Ever Equinox EV
Make everyday a getaway with available switchable all-wheel drive.
by Chevrolet
Read More
Things were a little more balanced in the real world. For file transfers over both AFP and SCP, the Pro scored between 480-500Mbps and the Airport Extreme drifted around 540-580Mbps; any practical speed difference between the Airport Extreme and the UniFi UAP-AC-Pro has been too small to make any kind of noticeable difference in my usage. The only thing I’ve noticed, really, is that since switching to the UniFi WAPs, I now have Wi-Fi in my detached garage and back yard, and I can stream music over Wi-Fi when I’m out in the garden.
Give me a home where the Wi-Fi clients roam
Before I got the UniFi WAPs in hand, I was most intrigued by the devices’ "Zero Handoff" feature, which when configured allows wireless devices to move between multiple UniFi access points without any delays or interruptions. This feature, though, isn’t present on the WAPs I received to test.
When I asked Ubiquiti’s engineering team about Zero Handoff, they informed me that the feature was originally added because of poor roaming support on a lot of the most popular (at the time) Wi-Fi devices. Zero Handoff had the WAPs take an active role in shuttling clients between WAPs (provided all the WAPs were physically connected back to the same LAN segment), but now most devices are a lot smarter about their roaming choices and can more readily shift between multiple access points on the same WLAN.
UniFi WAPs don’t currently support the 802.11r or 802.11k standards to assist wireless devices with roaming choices, although Ubiquiti expects to add support via a firmware upgrade by the end of the year. Currently, wireless devices on a network of UniFi access points make their own roaming decisions, so how well a device shifts between WAPs and how much of a connection interruption is involved with a shift is dependent on how well the client device handles Wi-Fi roaming.
Tracking my phone ("Lesotho") from access point to access point as I walk around the house on a Skype call.
Benchmarking this in a comprehensive way with the available equipment was a little difficult, so the best way to describe it is to talk about personal observations. When wandering around my back yard and through the house with my personal iPhone 5S, I noticed no obvious slowdowns in Web browsing—I kept up a constant stream of link clicking and at no point did the phone perceptibly hang or freeze or go unresponsive, even though the console showed that the phone switched WAPs several times.
Roaming didn’t seem to bother streaming video, either. Neither YouTube nor Twitch had any problems delivering smooth and uninterrupted video to the iPhone while I wandered around the house, roaming between the three active WAPs without issue.
Skype performance was a little more demonstrative, since Skype doesn’t have nearly as much buffering luxury as streaming video apps do. When wandering around the house while on a Wi-Fi Skype call, I observed a short drop-out in the call every time the phone switched access points. The drop-outs were probably on the order of a quarter-second and manifested as a blip of silence. The calls didn’t disconnect and, other than the blip, the roaming didn’t appear to bother the call.
These tests were all accomplished with the WAPs physically connected via Ethernet to the same network segment. Because of the issues I had in getting a couple of my devices to stay connected to the WAPs while in wireless bridge mode—specifically, my wife’s main computer and phone—I didn’t do extensive testing of how handoff and roaming works with UniFi WAPs set up as wireless bridges.
Through that single pane of glass
There’s a huge amount of functionality buried in the UniFi Controller application that I haven’t yet touched on, and a deep dive into all of it would take up more space than I have here. However, before we dig into a couple of specific use cases in detail, let's do a warp speed screenshot tour of the controller console.
The controller is both the UniFi WAPs’ greatest strength and greatest weakness. On one hand, it enables a level of control that most sysadmins dream of having over their home networks—in other words, a granularity of security policies and logging similar to what you might have at work. Having friends stay with you and don’t want to screw around with giving them the Wi-Fi password? It’s pretty trivial to turn on the guest portal and give them their own guest password or generate some voucher codes that expire in a specific number of hours. Want to keep your kids from browsing the Internet after midnight or blowing your data cap with their incessant snapflixing or whatever it is that kids do? Create a usergroup with restricted upload/download bandwidth and assign their devices to it.
On the other hand, the UniFi controller is a Java-based tool (with all the potential security issues that brings with it) that must be left continually running to use some of the more powerful features—for example, it’s relatively easy to create a custom-skinned captive portal for guest Wi-Fi clients to land on, but that portal is served up from the UniFi Controller. Using it requires the controller to be up and running. This might be an issue if you don’t already have an always-on server you can stash the controller software on. You can do a lot of configuration and adjustment on the UniFi WAPs directly by connecting to them with ssh, assuming you're comfortable using the command line, but I found the UniFi Controller to be far and away the easiest way to do anything to the WAPs' configuration.
To see how well it worked with the rest of the UniFi world, I connected the 24-port 500W PoE switch Ubiquiti sent over. When plugged in, it will tell you the amount of current being drawn by the POE-compliant UAP-AC-PRO.
The "Devices" section of the UniFi Controller will give you some quick info about the current state of your access points, including channels, bandwidth, and connected clients.
You can see at a glance which WLANs and frequencies are in use by AP.
A grab bag of miscellaneous fun stuff
Though thoroughly testing most of the UniFi’s enterprise functionality (especially where it comes to payment portal integration) is beyond the scope of this review and indeed my ability to test in the first place, we’ll round out this piece by touching on a couple of advanced functions: SSID access control and guest portal voucher access.
SSID access control
The UniFi gear will allow you to configure up to four SSIDs per network, though as I discovered with my guest portal, there’s a speed penalty for running more than one SSID. However, it’s worth pointing out that I didn’t realize that speed penalty was even present until I actually started benchmarking with the iperf tool. I had been running the UniFi WAPs for more than a month with my guest portal active and hadn’t noticed any slowdowns at all. It certainly showed up in benchmarking, but it made no noticeable impact on actual day-to-day use.
One reason you might want to run multiple SSIDs is if you want to turn on some manner of time-based access control for your users (especially if "users" equals "kids"). There’s no way to impose time-based access restrictions directly on devices, but you can impose them on SSIDs, so the easiest way to keep kids’ Wi-Fi usage confined to certain hours is by setting up a SSID for them and then attaching an access policy to it.
Access times can be adjusted per day in fifteen minute increments. You can confine the new SSID to a specific VLAN or range of VLANs, and you can assign a user group to it so that only specific devices are allowed to connect (the user group functionality can also be used to keep devices off of other your other SSIDs if desired).
Enabling a timed-access SSID requires you to first add another SSID.
Once your timed access SSID is created, you can apply your desired policy to it.
For a home LAN, it’s likely that you won’t have multiple VLANs or network segments to deal with. If you elect to keep everything on the same network segment, devices that connect to any of your SSIDs can still communicate with devices on any other SSID (remember your OSI model—most of what you think of when you think of "Wi-Fi" lives in layers 1 and 2 and doesn’t care about the layer 3 stuff). This means, for example, that a smartphone connected to your timed access SSID can still use a Chromecast on your main SSID, or a streaming server, or whatever other things you might have on your LAN.
The timed access actually works by disabling the SSID when outside of the allowed band of time. Clients connected to the SSID are dumped, and if there’s no alternate WLAN available to join, the client is stuck offline. In practice, I found that test smartphones seamlessly jumped back from the disconnected SSID to the main one if I let them, keeping streaming video playing without any hiccups. When the timed access SSID was the only one available and cellular was disabled, my test smartphone was dropped offline as soon as the timed access SSID turned off, which seems to happen within two or three minutes after the access policy's start time ticks over.
On the other side of things, I had no trouble getting any of our devices to auto-join the timed access SSID as soon as it was available. So when morning rolls around—or after school, or whatever time you want the timed access curtain to lift—your devices will latch on and automatically be back online.
Because timed access is reliant on the controller sending commands to the UniFi WAPs—the activation and deactivation of the timed access SSIDs—making use of the feature requires the controller software to be constantly running.
Guest vouchers
The guest portal functionality on the UniFi gear is nicely complex and can do a lot of things. My own primary use case is in running a password-protected portal I can allow friends to log into without having to give them my main Wi-Fi password, but there are plenty of other things you can do with it—like setting up hotel-style vouchers for timed guest access.
To enable this feature, first you need a guest SSID for guests to use. Go into the UniFi Controller settings and create one, with "security" set to "open" and the "Guest Policy" box checked (you can also segregate the guest SSID on its own VLAN and/or apply a timed access policy to it). Then click the "Guest Control" tab and set the guest portal authentication policy to "hotspot." There are some additional settings you can fiddle with as well—including forcing guests to a specific post-authentication landing page, setting how long until their authentication times out, or even redirecting them to a different server to handle the guest authentication off-box. Once you’re configured to your satisfaction, you want to toggle on the "Enable voucher-based authorization" checkbox and then switch to the Hotspot Manager by clicking the link.
As with timed access, to create a guest portal you need to have a second SSID to apply the guest policy to.
Once the new SSID is created and designated as the guest SSID, you can adjust your guest policies, including turning on a captive portal with password, voucher, or payment-based authentication.
If using vouchers, like in this example, you can generate a bunch of single-or multi-use passphrases with time and bandwidth restrictions attached.
In the hotspot manager, click the "Vouchers" tab, then click "Create Vouchers." This will allow you to generate single- or multi-use Wi-Fi access codes, which will last for a customizable amount of time and which can optionally have either an upload/download quota or a bandwidth restriction attached to them.
Clients connecting to the guest network will be directed to a login page where they can punch in one of the voucher codes in order to get access to the WLAN. Once connected, they’ll show up in the UniFi console as guests rather than standard users, and you can revoke their access with a single click if desired.
As with the timed access feature, anything involving the guest portal requires the UniFi controller software to be running.
Worth the price?
Assessing the UniFi value proposition for home users is a complex task, and everyone is going to have a different set of requirements and conclusions. It’s likely that if you’ve stuck with me for this entire 8,000-word review, you’ve already made up your own mind on whether or not the kit is right for you. But some folks skip to the end to read the judgment before they read the meat of the story, so let’s do some summarizing.
The UniFi WAPs tested cover a range of prices: the Lite is $89, the LR is $109, and the Pro is $149. That’s in roughly the same price range as a good-enough consumer grade wireless router, but the UniFi gear doesn’t do the routing part, so any kind of value calculation has to include the cost of doing your own routing (whether that’s the monetary cost of buying a new router or however else you’re accounting for potential value lost to not having a single integrated solution). The $149 Pro can’t keep up in raw speed with an Apple Airport Extreme, but the Extreme also costs $50 more and doesn’t come with the same level of rich management features. If you’re just looking to build out a grid of home Wi-Fi devices to cover a large house and you don't care about the extra management features, it’s probably easier to stick with Apple gear, which frankly does easy Wi-Fi extension better than anything else I’ve ever used.
UAP-AC-Pro WAP in office, guarded by Rexy the 3D-printed T-rex. Credit: Lee Hutchinson
But Ubiquiti’s UniFi gear clobbers anyone else in the consumer space when it comes to extensibility and configurability. The amount of data available to fine tune your network’s frequency usage is extremely helpful (though you’re given more than enough configuration rope to hang yourself if you’re a data obsessed sysadmin who doesn’t necessarily understand the full implications of manual Wi-Fi frequency assignment). The easy logging features and clear interface to track exactly which clients are connecting and what they’re doing once connected is superior to any consumer-grade offering. And the fact that each WAP can be connected up and configured with a single wire that carries network and power is a very good thing when it comes to placing the WAPs in out-of-the-way areas or mounting them on your ceiling.
Once the initial setup was complete, I never had any kind of mysterious signal issues. None of the WAPs ever locked up or dropped offline or disabled themselves; no wireless client ever simply quit responding because a WAP had gone unstable or unreachable (at least, not when all the WAPs were connected via wired Ethernet). I never had to power cycle anything to fix any weird problems—and "power cycling to fix weird problems" is sadly a too-common thing for consumer-grade Wi-Fi.
Personally, I’m sold. After spending a month or so immersed in the UniFi wireless ecosystem, the idea of returning to how things used to be feels like being forced to go to an art museum with cotton gauze over my eyes. I’ve gotten very used to the high level of visibility and control that the UniFi gear affords me over my WLAN; I also like the fact that the devices mesh so seamlessly and that once in place, they fade into the background and just work. Once the review gear is on its way back to Ubiquiti, I’ll be buying some UAP-AC-Pros and jumping firmly on the UniFi bandwagon.
The Good
Configurability, configurability, configurability
Easy mesh configuration and scale-up, from one to lots and lots of WAPs
Solid performance, even when roaming
Excellent range and overall SNR/SIR, along with excellent tools to tweak and tune both 2.4GHz and 5GHz radio performance
Reasonably priced considering the enterprise-level functionality
Comprehensive logging and reporting makes data-driven admins happy
The Bad
No support for 802.11r/k roaming (due by end of year)
Band steering not yet enabled for updated UniFi gear
Not as fast in benchmarks as some consumer-grade WAPs, particularly Apple's Airport Extreme
Intermittent connectivity issues when operating in wireless bridge mode (may have just been my test set-up—impossible to really tell)
No routing, firewall, or stateful packet inspection means these are not drop-in replacements for a SOHO router
The Ugly
The best features require a computer (server or otherwise) to be constantly running the UniFi Controller application
Final verdict: For a reasonably skilled sysadmin sick of the race to the bottom in consumer grade Wi-Fi gear, Ubiquiti’s updated UniFi line of wireless access points gives you a huge amount of configurability and functionality at a price that’s incredibly reasonable. The devices are fun to tinker with, reasonably performant, and overall very solid. I plan on buying some for myself.
Comments