Full speed WiFi: Moving to UniFi

Finally, Internet speeds in Australia are outstripping the capability of 802.11n. We’ve been running an ISP issued router for some time, but I had been disappointed at the lack of security updates (for the Krack attack) by the vendor (my ISP’s now abandoned self-branded “Labs” hardware), and the limited speed 12 Mbit/s on WiFi was becoming annoying. Our local network houses various appliance on wired Ethernet, such as TVs, Set Top Boxes, Blue Ray Players, etc. But most of our online experience is via Laptop, phone, and iPads.

We’re in a modest building on a single level. The 802.11n footprint easily covered the entire property, and was housed in an cupboard towards the front door. The NBN FTTP Node is located in a tool shed behind the garage, along side a switch cabinet containing a 24 port patch panel and a Gigabit switch, reticulated to just six ports inside the building.

The existing topology patched NBN to that cupboard, where it went into the existing All-in-One Router; and from three it patched back to the tool shed, and onwards to the rest of the building.

We grabbed a UniFi 8 port managed switch with 4 of the ports able to do Power over Ethernet (to replace the 8 port unmanaged, non-PoE switch), along with the CloudKey for unified management, and the NanoHD Access point. The one missing device is the Security Gateway from this combo – only because the supplier was out of stock (for a month!).

We unboxed the equipment, and switching the switch in the tool shed was a trivial plug and play experience. The Cloud Key plugged to one of the ports, and within minutes we were able to log into the controller (The Cloud Key device), ‘adopt’ the switch, and ensure that all firmwares were updated.

The Cloud Key offers SSH as a service, and with authentication I was able to log in. I was very pleased to find myself at home on a Debian system (having been a Debian Linux developer for close to 2 decades). But that was very much poking under the hood — normal operations does not require this, and I would imaging the majority of customers need never know.

With the AP plugged in and configured with a temporary new SSID, we initially found intermittent connectivity issues, but after moving patch ports this stablised; I can only put this down to the age and quality of the Cat-5 based Ethernet and the patching we did a decade ago.

After a few days of testing, it was time to go ‘live’; the existing ISP router had its WiFi disabled, and was physically relocated to the Tool shed where it can terminate the NBN connection, and connect directly to the Unifi Switch. The Nano HD AP now sits patched via the patch panel inside where the old ISP router used to sit.

As there were a number of wired devices plugged into the back of the old router in the cupboard, and unmanaged switch that was previously outside has relocated in side.

The UniFi interface does give a nice visual topology of the devices it can see; and in this case, it cant see the unmanaged switch; hence two devices are on the Home Switch port 1.

Thus far I am pleased with the deployment. Its definitely not cheap equipment; so far we’re looking at over AU$500, and when the retailer has the Security Gateway in stock, we’ll look to get that too (another AU$150 or so).

So a random mid week test before midnight now shows:

Our next tests will be to run separate WiFi networks for visitors, and limit times of operation, and channel them to separate VLANs — after the Security Gateway is in place. It neatly ties together turning on the trunking of links from unencapsulated vanilla 802.3, to supporting multiple VLANs; across the various managed APs and the switch ports they are plugged in to, and between the switch and the Security Gateways.

We’ve also been playing with the UniFi app in android, and remotely viewing our network. There’s more experimentation to come, but thus far, its got approval from the team here.

Our thanks out to Troy Hunt for his excellent explanations.