[kwlug-disc] Wi-fi questions
Cedric Puddy
cedric at ccj.host
Wed Feb 8 13:19:34 EST 2023
Hi All!
As someone who runs a *lot* of Unify devices, I feel compelled to comment, and hope folks find it interesting/useful.
The Simple Web Interface on the Device thing, IMHO, is a sword that cuts both ways. If you are small, dealing in one or two devices, then yes, just hop on the device, make some local changes, and *done* makes a lot of sense.
On the other hand, my perception is that the Unifi layup, from day one, was to give the Enterprise Guys (Aruba/HP/Rukus/Meraki/etc) a run for their money; that means you are almost never dealing with 1 or 2 devices.
When you are dealing with a fleet of devices, then having the ability to log in locally and make changes means that you *never* know what the configuration of devices is, unless you go and log in an check them individually, or you allow the complexity of some “multi-master” configuration system wherein you can make changes locally or on the central management controller. Anyone here keen to welcome the considerations of something like multi-master LDAP into their home network, just so they can have two access points and maybe a switch or router operating in concert? With over 100 APs and Switches on my controller, my answer would still be “heck no”.
From a management perspective, lets say you want to know what the settings are, eg: "what mac addresses are on the allowlist? on the denylist?”. If you use the central controller model, you just pop in there, look at the list. If you had individually configured APs, then you’d have to log into each of them, or you’d have to distribute your lists via a lookup (eg: do WPA2-Enterprise and have your Radius server do the filtering, and use Lets Encrypt for the SSL — but that is 1000x more complicated than deploying the Unfi controller, and while it would inarguably be far more secure than a WPA2-Passphrase protected network, is it complexity that you want?).
Essentially, my view is this: the more sites and devices you have to manage, the more appealing the Central Controller model is. It can be operated in very easy to manage containers. I only operate one central “L3” controller, and I’ve got lots of sites. It's one thing to monitor and backup, and means that we don’t have to use any of the Unifi Cloud authentication, and the devices will run just fine even if the controller goes offline for maintenance or recovery or whatever.
The controller also has the brains and storage to record up to a year of traffic stats (granted, the resolution drops off over time) for every MAC address it sees, you can go back and get trending-over-time on network performance (wifi quality, retransmits, RSSI figures, etc), and you can check that out whether or not the device is online now. I’m not aware of any consumer grade routers that can offer that deal. (And Yes, the enterprise big boys do it better, but not at this price point.)
There’s some other fun stuff that you can get with it; for example, I’ve been playing with Home Assistant lately; my house has a couple U6 APs and a couple Unifi Switches that everything wired goes though. So I popped into my Home site in the Unifi controller, added a read-only user, and then turned on the Home Assistant integration, and discovered that all my IOT devices on the network (ESPHome smart plugs, thermostat, etc, all got linked to the network traffic that they are doing, *all* devices on my network that the switches and APs could see where now generally visible through my smart home interface, along with traffic statistics, link statstics, etc.
Anyway, all that to say that there are situations where that central controller is a very sensible solution, and perhaps my perspective is helpful for figuring out if it’s for you or not.
Also, I have very minimal experience with MikroTik wireless (I use them for routing, but never buy their wireless), but they would be on my list if I didn’t like the Unifi Controller, as their bang-for-buck is similarly legendary, and they have a "certain amount of experience” with Wireless as well.
Warm Regards,
-Cedric
│ CCj/ClearLine - Hosting and TCP/IP Network Services since 1997
├──────────────────────────────
│ Cedric Puddy, IS Director, cedric at ccj.host, 519-489-0478x102
> On Feb 8, 2023, at 12:50, Jason <jasonpa at gmail.com> wrote:
>
> I wasn't going to talk about Ubiquiti but since you mentioned it...
>
> The problem with Ubiquiti is you need to set up a UniFi Controller to
> manage any of the hardware. You don't have a simple web interface to
> log into to change settings.
> You can either get a piece of hardware like a Cloud Key, buy a router
> that has one build in like a Dream Machine Pro, or host it yourself in
> a VM/Container.
>
> Now if you're willing to redo your entire network with Ubiquiti, we
> can talk... There are definitely a lot of good things about the
> switching/access point hardware.
> The routing hardware is a bit basic, so if you're more than a novice,
> you'd be better off with pfSense.
>
> I have quite a large Ubiquiti network at home, including two access
> points on different floors, which devices can switch between easily.
> I'll go over this in my homelab presentation next month, but if you
> are interested in switching to Ubiquiti, let me know.
>
> Jason
>
> On Wed, Feb 8, 2023 at 12:42 PM Paul Nijjar via kwlug-disc
> <kwlug-disc at kwlug.org> wrote:
>>
>>
>> Francisco posted this suggestion to the list, but it included a JPG so
>> got rejected. But it seems like a good suggestion.
>>
>> - Paul
>>
>> ----- Forwarded message from Francisco Dominguez <fxdoming at gmail.com> -----
>>
>> Date: Tue, 7 Feb 2023 22:20:56 -0500
>> From: Francisco Dominguez <fxdoming at gmail.com>
>> To: KWLUG discussion <kwlug-disc at kwlug.org>
>> Subject: Re: [kwlug-disc] Wi-fi questions
>>
>> I’d recommend a ubiquiti ap, especially if you’re able to run a cable
>>
>> Something like the U6 lite
>>
>> og-image.wi-fi.jpg
>> Ubiquiti | UniFi | WiFi Perfected
>> ui.com
>>
>>
>> Francisco
>> fxdoming at gmail.com
>>
>>
>> On Feb 7, 2023, at 9:06 PM, Jason <jasonpa at gmail.com> wrote:
>>
>>
>> As a quick solution I'd look at Wi-Fi Range Extenders. I'd suggest
>> getting one at Best Buy so if it doesn't work you can always return
>> it.
>>
>> Something like this:
>> https://www.bestbuy.ca/en-ca/product/
>> netgear-nighthawk-x4-ac2200-wi-fi-range-extender-ex7300-100cns/10460157
>>
>> You can run that cable if you want, and set it up as a separate Wi-Fi
>> Hotspot, or just use it to improve your existing Wi-Fi siqnal.
>>
>> On Tue, Feb 7, 2023 at 8:57 PM Chris Frey <cdfrey at foursquare.net> wrote:
>>
>>
>>
>> On Tue, Feb 07, 2023 at 08:45:43PM -0500, Jeff Smith wrote:
>>
>> My current wi-fi router is a Synology router. Twist my arm enough
>> and
>>
>> I could replace the router, if necessary. I’m open to all
>> suggestions.
>>
>>
>>
>> This is way out of my wheelhouse, but a friend of mine uses Covr.
>>
>>
>>
>> - Chris
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> kwlug-disc mailing list
>>
>> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
>>
>> with the subject "unsubscribe", or email
>>
>> kwlug-disc-owner at kwlug.org to contact a human being.
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
>> with the subject "unsubscribe", or email
>> kwlug-disc-owner at kwlug.org to contact a human being.
>>
>>
>>
>>
>> ----- End forwarded message -----
>>
>> --
>> Events: https://feeds.off-topic.kwlug.org
>> Housing: https://unionsd.coop
>> Blog: http://pnijjar.freeshell.org
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
>> with the subject "unsubscribe", or email
>> kwlug-disc-owner at kwlug.org to contact a human being.
>
> _______________________________________________
> kwlug-disc mailing list
> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
> with the subject "unsubscribe", or email
> kwlug-disc-owner at kwlug.org to contact a human being.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20230208/55d37e8c/attachment.htm>
More information about the kwlug-disc
mailing list