I am now a contented Geek - My Unifi Network

Semper Fidelis

2 Timothy 2:24-25
Staff member
Finished wiring my home yesterday. I now have drops in key locations throughout the house. My main WifFi is the Unifi Dream Machine - Controller, Security Gateway, and Wireless Access Point all in one. I have three other UNIFI-AC_PRO wireless access points throughout my house. Instead of meshing them (which cuts bandwidth in half for each mesh) they are all wired into the Dream Machine and broadcast the same SSID. I can now get 400MBps test in the basement.

If you're tired of Netgear or other consumer brands that are flaky then check out Unifi. They are commercial grade and even if you use their access points in a wireless mesh and don't want to wire your house, they are way better than the consume brands.

unifi.JPG
 

Logan

Puritan Board Junior
Everything I've heard about Unifi has been phenomenal. I don't have significant network needs but I've been considering it anyway :)
 

Semper Fidelis

2 Timothy 2:24-25
Staff member
Everything I've heard about Unifi has been phenomenal. I don't have significant network needs but I've been considering it anyway :)
Even if you don't go nuts like I did, what sold me on the Unifi Dream Machine is that it has a good Firewall in it that performs packet inspection up to 1Gbps. It's not enterprise grade security but it's a lot better than most. They also don't constantly need to be reset but just work. As I said, even if used as Mesh AP's they're way better than the consumer brands.
 

ZackF

Puritan Board Graduate
Everything I've heard about Unifi has been phenomenal. I don't have significant network needs but I've been considering it anyway :)
As far as security as concerned I imagine a home user can get a lot of mileage from just a VPN. I can’t find the one I want.
 

Logan

Puritan Board Junior
I tried ExpressVPN for a short while but settled on Nord. Seems to do what I want. I experimented for a bit with having Nord running on OpenVPN (via DD-WRT) on my router but that was probably overkill and DD-WRT seemed a bit bloated and unstable to me. I imagine what I really need is a proxy since I don't really need to encrypt all traffic.

But everything has to be absolutely rock-stable because if I'm not there, the wife isn't going to be able to troubleshoot anything :)
 

VictorBravo

Administrator
Staff member
And here I though my MiFi with 2.95 mbps (on a good day at the south end of the house) was cool....
 

Semper Fidelis

2 Timothy 2:24-25
Staff member
As far as security as concerned I imagine a home user can get a lot of mileage from just a VPN. I can’t find the one I want.
I've got a lot on my network from iPads to Kindles to XBox's to Playstations (year we have a lot of stuff in a family of 7).

My original path that led me to Ubiquiti was setting up a pi-hole for the home network. It's running on a Raspberry Pi and filters not only ad traffic but malware, adult content, malicious sites, and malware sites. It's not foolproof but it provides a layer of defense.

I then started researching the fact that a device I had on my network (RATTrap) was not able to go faster than 300Mbps to provide packet inspection. That's when I started looking at firewalls like pfSense. I was thinking about buying a small device to build my own pfSense firewall when I was reading about vLANs for the IOT devices, gaming, etc. My Netgear wireless would not support vLANs but Ubiquiti would.

The Dream Machine was perfect but then it didn't provide coverage for my home and I couldn't use my old Netgear Extenders to extend the WiFi. I had previously placed one of the extenders on the East Side of my home overlooking the barn where I often work because I can smoke cigars there.

I solved the internet in the Barn issue by getting two Ubiquiti Nanostation M5's that provide a high speed Layer 2 bridge between my porch (just outside my home office) and the barn. I connected my old Netgear router to the distant end (SSID Cigar Barn) and I now had 60-80 Mbps in the barn with the doors closed (perfect for cold weather).

That left coverage inside the house. I initially had a second Ubiquiti AC-Por that was wirelessly meshing with the main unit (controller/access point) but with the wiring, I now have three spread out and so coverage is solid.

Circling back to security, the Ubiquiti Dream Machine does deep packet inspection at 1Gbps and has other firewall features. I can segment my IOT devices on their own vLAN (along with game consoles). I may end up still getting a pfSENSE firewall if, for no other reason that I've been bit by this bug to perfect my home network. It's a lot of fun.
 

fredtgreco

Vanilla Westminsterian
Staff member
That's really neat, Rich.
I've way too busy to take on a project like that. I've opted for plug and play. I got a Netgear Orbi Wifi 6 system (one router with two satellites) that gives me great coverage. With my 1GB Xfinity connection, I get about 800-900MB down/40MB up with a wired connection and about 400-500/30 on wireless. It comes with Bitdefender security, which I have used in the past as a standalone AV solution. It's a consumer product, but pretty good. I also have Malwarebytes on my PCs. The key for me is the speed (even more than the security) because I often download and upload sermon videos at home (2-3GB files).
 

Semper Fidelis

2 Timothy 2:24-25
Staff member
That's really neat, Rich.
I've way too busy to take on a project like that. I've opted for plug and play. I got a Netgear Orbi Wifi 6 system (one router with two satellites) that gives me great coverage. With my 1GB Xfinity connection, I get about 800-900MB down/40MB up with a wired connection and about 400-500/30 on wireless. It comes with Bitdefender security, which I have used in the past as a standalone AV solution. It's a consumer product, but pretty good. I also have Malwarebytes on my PCs. The key for me is the speed (even more than the security) because I often download and upload sermon videos at home (2-3GB files).
Good wireless mesh systems that use 5G backhaul can be pretty quick. What I like about the Ubiquiti over Netgear (even if one doesn't want to wire their home) is that it does the mesh thing but also supports their hardware for years. I liked Netgear but they spin out a lot of different models and don't always keep the firmware up to date. I also like that I can set up 2FA for my Ubiquiti. The Dream Machine and two AC-Pros are about the same price as the highest end Netgear routers these days and are way, way better.

I tested yesterday and had 400MBps in my basement. It would be faster expect that I have so many devices using the bandwidth.
 

Timmay

Puritan Board Freshman
I solved the internet in the Barn issue by getting two Ubiquiti Nanostation M5's that provide a high speed Layer 2 bridge between my porch (just outside my home office) and the barn. I connected my old Netgear router to the distant end (SSID Cigar Barn) and I now had 60-80 Mbps in the barn with the doors closed (perfect for cold weather).


I do the exact same thing with my nanostations for internet to my backyard office which is about 60ft away.


Sent from my iPhone using Tapatalk
 

SolaScriptura

Puritanboard Snowflake
You guys and your techie talk! :scratch: I'm so glad we have techies in the world - and especially in the church - but this whole "high speed layer 2 bridge" what the? And what's a "mesh" thing? It's like a foreign language!:wink:
 

Filter

Puritan Board Freshman
Unifi is great for home use, but for business use nothing beats Cisco Meraki >>>>>>>>>>. I manage by university's network and their Meraki equipment almost makes much of my CCNP training obsolete!
 

Semper Fidelis

2 Timothy 2:24-25
Staff member
Unifi is great for home use, but for business use nothing beats Cisco Meraki >>>>>>>>>>. I manage by university's network and their Meraki equipment almost makes much of my CCNP training obsolete!
Cool. I'm sure the Cisco stuff is pretty cool. I know a lot of businesses use Unifi because they work really well and don't keep adding more and more charges to add features.

BTW, it's not Cisco's WiFi stuff that will make your CCNP dated but Cloud. If you want a long future in IT then make sure you're starting to translate your skills to Infrastructure as Code. A lot of modern IT operations are shifting to code development practices and leaving a lot of traditional IT staff behind who don't make the shift.
 

Semper Fidelis

2 Timothy 2:24-25
Staff member
You guys and your techie talk! :scratch: I'm so glad we have techies in the world - and especially in the church - but this whole "high speed layer 2 bridge" what the? And what's a "mesh" thing? It's like a foreign language!:wink:
Sometimes it's just knowing the words and concepts. Layer 2 refers to just above the way the data physically travels (wire, radio, optical, etc). It's called the Data Link layer because it is the way that data is moved across a specific physical type. Above the Data Link (Layer 2) is the Network Laver (Layer 3). This is where IP addresses come in. It's the layer that defines location on the overall network. A Layer 2 bridge makes the distant end look to the network as if it's all part of the same network. All the other devices on the network can "see" the devices on the distant end.

I have my home network set up on 10.0.0.1-10.0.0.254, the Access Point in the bar is 10.0.0.79 and when I use my phone or computer to connect to that Wireless IP, they are given 10.0.0.x addresses. It's sort of like if I ran a really long ethernet cable from a port on my main wireless router down to the bar (about 100 yards away). As far as the main router is concerned, everything on the distant end is on the one port I'm using to wirelessly bridge from the porch to the barn.

I'm sure that made it very easy to understand. :)
 
Top