About to change to Unifi, looking for lessons learned

MichaelO · February 25, 2020, 5:26pm

I currently have two routers / WiFi setups in my home - Lynksis Velop and a Netgear Nighthawk R7850. I'm running two because I have about 50 clients in the home, and was getting terrible performance with anything over around 30 clients.

I'm about to pull the trigger on Unifi:
2 AC-Lite(s)
1 nanoHD
1 Cloud Key Gen 2 Plus
1 USG
1 UniFi Switch 8 60W

I have a couple of questions:

When I (move) my HE to the Unifi network, what all will be involved? I'm afraid of things breaking, and not being able to login to the hub.
With this change, I'll be physically moving my hub about 30 feet (within the same room), but more centrally located in the house. Is this going to destroy my zwave and zigbee mesh?
Any thoughts on my equipment list?
Any general thoughts/recommendations on the move? (looking for lessons learned)

TIA
Michael

mik3 · February 25, 2020, 5:44pm

Your best approach would be to make sure the subnets match what you have today.

Cut over your computer and make sure it grabs an IP address and you can ping the gateway.

Put in a reservation for your Hubitat so it comes up on the same ip.

Move over your isp and plug it in. Make sure you can ping out with the laptop.

Then start cutting everything over.

As for moving the hub 30 feet. You will notice after you move. Do a zwave repair and monitor your zigbee signal strength under zigbee logging.

MichaelO · February 25, 2020, 5:51pm

Yeah, so that's one of my major concerns. The HE is currently on the Velop, which uses 10.165.1.0 - my understanding from research is that Unifi uses 192.168.1.0 and can't be changed...

I've never worked with VLANs before, but my plan was to have a HE VLAN -- is it possible to make that VLAN in the 10.165.1.0 range?

zarthan · February 25, 2020, 6:01pm

You can set the IPs to what ever you want. Unifi is not restricted in any way. Most devices come with a 192.168 address but they can be changed.

MRobi · February 25, 2020, 6:08pm

Starting from scratch, I can't picture purchasing a cloud key ($199), usg ($139 or $344 for pro) and 8 port switch ($109) separately. They've launched the UDM Pro at $379 that has all 3 of the above integrated in. It also supports IDS/IPS at 1gb instead of 80mb like the USG so you could actually use the feature without killing your connection speeds.

EDIT
Apologies, just noticed it was a POE switch. The switch component of the UDM Pro is not POE. However if the POE is just to power the AP's, they each come with POE Injectors so you could still make due without one.

erktrek · February 25, 2020, 6:13pm

How many Velops do you have? - looks like a max of 32 per node (so 2-3 nodes). A very simple way to increase throughput is to hook them up in a wired backhaul configuration. If no cable runs you can use powerline adapters.

I dunno if I'd have 2 separate kinds of routers though - either the nighthawk with mesh extenders or the velop.

At any rate the Unifi stuff is much more flexible and fun..

MichaelO · February 25, 2020, 6:22pm

Had not looked at that... too bad they're sold out...

MichaelO · February 25, 2020, 6:24pm

That's what I initially thought (I have 3). I tried wired backhaul (temporarily - CAT laying on the floor), and it didn't help any. I know that Velops claim 32 per, but that was not my experience...

Plus, I've actually sold the wife on the Unifi route...

erktrek · February 25, 2020, 6:48pm

I'm sure you've already thought of this but how far away were the Velops? You can get into contention issues if too close. Also I try and hardwire TV's, Streaming devices where ever possible to reduce WiFi overhead. Again I assume you got that covered. Nice going on the WAF though!

I use 2 Orbis RBK/S50 with wired backhaul and they have been working well so far at least my wife is happy. I do have an AC Pro and an a spare PI (for the sw) but have not done anything with them yet.

I also own an EdgeSwitch 8 which I am working up the courage to maybe implement packetfence on my home subnet. Intrigued by the idea/illusion of controlled access especially with a soon to be teenager in the house.

MRobi · February 25, 2020, 7:15pm

I'm sure it will be back in stock soon enough, and possibly a distributor might have stock (check amazon, ebay, as well). The throughput difference when enabling IDS/IPS is well worth the wait.

ktd · February 26, 2020, 12:04am

I have just (1 day ago) switch over to a UniFi system from a Netgear Orbi system.
I went for the UDM (since that is also an AP and a FlexHD.
I have one US 8-60 which powers one US 8 from one of the for PoE ports and another US 8 that also use the PoE passthrough to the FlexHD.

I’m very happy with the setup and have gone from three APs to two but the speed and readability of our WiFi is so much better and I feel like the security in the UDM is way better than before.
I will dig into setting up a VLAN for all IoT devices when I get some more time.

As long as you have your Hubitat on DHCP (don’t think you can set a static IP and you computer (or other device) they will be on the same network and can easily be found after the switch.
I have a few, not many, devices that needs a known IP in the Hubitat app/device settings but it is really easy switching them over one by one.
ZibBee and Z-wave will work as before.

Good luck and have fun!

scottgu3 · February 26, 2020, 12:31am

For another viewpoint:

I'm running a Ubiquiti system with 3 APs (AC HD & Pro) a Gen 1 Cloud Key, and an Edgerouter lite (3 I think).

I'm using dumb switches and a POE Texas POE injector.

Overall a bit more costly than a UDM Pro, but all the core components fit into my in-wall structured wiring cabinets, and all the devices are individually replaceable.

You couldn't give me an all-in-one like the UDM pro. Been there, done that, with far too many devices over the years.

My only suggestion on the list of proposed hardware, is to look at where you are considering the UAP AC Lites and evaluating your device load/utilization against the throughput of the AP. I think the Lite models have lower sustained throughput numbers than the HD and Pro models. Probably not an issue given most uses of WiFi, but its worth considering.

S.

billbremer · February 26, 2020, 3:42am

Does the Unifi system require a computer running Java to set up?

billbremer · February 26, 2020, 3:44am

Coronavirus shortage?

srwhite · February 26, 2020, 5:09am

I like UniFi gear... A lot. I currently manage three seperate UniFi depoyments...

My current home environment consts of...

UniFi Dream Machine Pro
US-24 250W PoE Switch
US-24 Switch Non-PoE
Flex-5 PoE Switch (detached garage)
USW-Flex Mini (Not provisioned)
(3) AP-AC Pro
(1) AP-AC Mesh
(7) UVC-G3 Cameras
(8) UVC-G3 Flex Cameras

I also have a small deployment in my Datacenter (which is a Cisco plant) for the back-office side.. I chose this because it's easy on the budget, and the VPN is easy to configure and manage. I don't have to tie up my limited engineering resources servicing non-core functions.

UniFi Gateway Pro-4
US-24 250W PoE Switch
US-24 Switch Non-PoE
Cloud Key Gen2 Plus

And finally, at my friends campground campground I built and manage a system that covers about 1/8 of the 80 acre park. I'll be upgrading some of those components this year...

UniFi CloudKey Gen 2
US-8 60W PoE Switch
UniFi Gateway (non-pro)
(8) AP-AC Mesh APs

There are a lot of things that I really like about the ecosystem. First, the equipment is very, very reasonably priced. For example, I just took delivery on the new Flex-5, 5 port managed switch. I paid $29 plus tax and shipping.... Try going to Best Buy for a 5 port managed switch that can be powered by PoE. You can't.

For the most part everything plays very well together. My home deployment centers around two 24 port switches, one PoE, one without. This was considerably cheaper than a single 48 port PoE switch. I have a buried CAT-7 line to my detached garage connected to a Flex-5 switch and 2 UVC-G3 Flex cameras. All of that is powered off of the PoE switch in the attic of the house.

With the UDM Pro, I have most of the intrustion detection settings enabled. I'm shocked at the dozens of blocked threats that are reported daily. I have started to block some countries as a result of the concentration of these attacks.

The VPN server built into the UDM (and USG's) is a basic L2TP tunneling server. It's natively supported in Windows and Macs (including iOS devices) so no software is needed. You're not going to find the fine-grained policies available in a Cisco VPN server.. Nowhere near as close, but for a home office, or small business, it's perfect. It also makes it very easy to VPN in to manage my Hubitat hubs.

What I don't like, or issues I've encountered...

Really there's only one thing... The Dream Machine Pro... It's a disappointment that comes in a box. I have had it for almost 2 weeks and it's really beena blight on my normally positive view of Unifi. The product feels incomplete and rushed to market. There are numerous things that don't work, are limited, or glitchy. If you're comforatable with SSH logins, you can signup for early access and install the latest beta.. That improves things somewhat.

These are the issues I've run into so far...

Out of the box, on first power and subsequent power ups, the LCD displayed a "fatal error". I had to hard reset the unit following the instructions in the community, then load the latest firmware in order to provision the unit.
Restoring old backups fails when cloud connected. You must be connected locally.
Dynamic DNS is broken.
WAN 1 is a 1gbps RJ45. WAN 2 is a 10gbps SFP+.. Currently WAN 1 can only be used for primary internet. The 10G port is limited to a redundant ISP.
WAN2 is won't autonegotiate less than a 10G connection. If you install the beta that is fixed.
The 8 port switch does not support LACP. You're limited to a single 1gbps uplink, or provisioning multiple 1G ports for seperate VLANs.
Firewall port mapping ranges (which work fine on the USG's) are broke. Rules that use multiple ports have to be re-created as multiple rules using a single port each.
Protect randomly stops recording cameras for minutes at a time.
The UniFi mobile app continuously needs to be force-quit in order to connect to the UDM. This issue doesn't happen on my cloud-key deployments.

I would avoid the UDM-Pro for now.. It's really my only complaint..

The rest of the ecosystem is pretty cool and works well. I've had no interop issues with Hubitat (i.e. port negotiation issues). I've had no WiFi inteference issues with Zigbee, despite the desnity of access points. (I have the power dialed back on each so roaming is more effective).

I think it's a good choice over the standard consumer fare.. If you're willing to spend a little extra cash and commit the extra time to get it set up and dialed in correctly.

ktd · February 26, 2020, 12:33pm

Same here, all security settings turned on, but no one seems to be interested in me.

I havent had my system live for more than a day or two so Im guessing the intrusions will start coming in soon...

TechMedX · February 26, 2020, 1:24pm

I also have a some Unifi deployments at client sites. I just noticed that a site with UDM (not pro) can run both Geo and Threat with no errors/warning

UDM

But the same setting on the USG4 gives warning and turns off Geo

USG

Does the UDM support both, or is just a glitch and not properly reporting what is really happening?

MRobi · February 26, 2020, 1:42pm

These are certainly valid issues with the UDM Pro, most of which look to be fixable with future software updates. Your comment on "rushed to market" is common with Ubiquiti products. Their philosophy seems to be to get it working at 80%, release it, and then over time with software updates get it up to 98%.

From what I've read on the general feedback of the UDM Pro is that it's OK as-is for a standard home deployment but not ready for use yet in a commercial setting.

The WAN2 SFP+ port not being usable for primary internet is something I hope gets fixed soon. My plan was to completely get rid of my ISP's modem and plug the fiber line directly into the UDM Pro.

JasonJoel · February 26, 2020, 1:50pm

I'm a big unifi user, have had their products for many years, but am only luke warm on them as a company.

A few things that are an issue for me:

Usg product sucks. Slow, not very capable versus other perimeter firewall offerings. Ripped it out, threw it in the trash.
Buggy releases, over and over. For years. I always recommend users do NOT install the latest and greatest. Stick to the "stable" releases ONLY.
No multi-gig switch products. It is 1gb or super expensive 10gb. Would have preferred they came out with some 2.5/5gb multiport switches. Across the product line, not just 1 or 2 ports here and there.

srwhite · February 26, 2020, 3:00pm

I'm running both on my Pro. GEO blocking and IDM seem to be working together. I cannot speak for the UDM, but I would think they would have similar capabilities.

This is very true... However the Pro seems to have an unusally large number of issues... This is why I don't mind participating in early access.. The betas aren't usually any worse than production releases.

This is an annoyance for me as well. I really want a decently priced aggregation switch, but none exists. That's not to say the 16XG isn't overpriced.. It isn't, but it's overkill. This is where I feel the UDM Pro missed the mark by a wide mile. It could have served as an agg switch for smaller deployments like mine..