Moving to Ubiquiti Unifi

It’s no secret that I enjoy working with new technology and figuring out better ways to do things.  For the last couple of years I’ve been dissatisfied with how my internal network was configured; I was using a basic, off-the-shelf, all-in-one consumer-grade router/wireless access point, and while it normally worked okay, it didn’t always give me the insight or visibility into my network that I really wanted to have.  “If only there was a way to take a commercial-grade wireless networking system, and set it up in my apartment,” I complained to everyone would listen. “Then I could configure everything the way I want, isolate devices on specific networks, and conquer the world!”

I knew I didn’t need a solution as expensive in-depth as Cisco’s enterprise WiFi system, but wanted to graduate beyond the basic consumer networking solutions.  When I found the UniFi system in an Ars Technica review, I was hooked– but I was also still in college, and my meager budget was still too small to support a more advanced networking system.  It wasn’t long, however, before I graduated, moved to a new apartment, and suddenly had some disposable income I could throw at my home network.

I started my network with the smallest and most basic component: a UAP-AC-Lite, the cheapest wireless access point in the UniFi line.  I plugged it into my switch, installed the controller software on my computer, setup my wireless networks, and… it worked!  It was easier than I expected, which was almost disappointing.  I mean, here I was, with a fancy access point, and it didn’t even require hours of tinkering to get it to work the way I wanted?  Where’s the fun in that?

I left the WAP in place for a couple of weeks, and then decided I needed more.  I went out and bought the UniFi Security Gateway, or USG, so I could fully replace my all-in-one with some more advanced tech.  The USG required some more hand-holding to get up and running, but soon that wasn’t enough, either.  I bought a Cloud Key, and then a PoE Switch, and before I knew it I was running UniFi for basically everything on my network.

“That’s all very well and good,” I hear you say. “It’s always fun to read about somebody else spending money when they technically don’t need to. But what does UniFi actually do for you? What problem does it solve?” That’s a good question. UniFi gives me a couple of things I wanted to have; first, it gives me a network that I can expand as my needs shift. If I’m not getting WiFi in an area, I can just plug in a WAP, adopt it into the system, and voila! I have signal. Secondly, everything’s managed in one place, the UniFi Dashboard. All my equipment, and anything I add to the system, can be managed through the dashboard in real-time– and I can do it from anywhere, since I connected my Cloud Key to my Ubiquiti account.

The UniFi Dashboard

This means I don’t need to worry about remembering passwords for each of my devices, which is a major plus for anyone, even if you use a password manager.  UniFi also gives me some basic deep packet inspection, which lets me keep an eye on what’s talking out to the rest of the internet from my network.

It’s not as detailed as I would like, it’s true.  I haven’t found a way to select a specific device and view all traffic from it, for example, but it’s mostly adequate for my current needs. If something pops up that might be a problem, it’s easy enough to explore and inspect to see if anything is truly amiss. As an example, the traffic stats show that remote access terminals have transferred nearly 1.25TB of data to somewhere off-network. If you don’t know what that might be, that’s a problem– a remote access terminal moving lots of data could be an indication of a compromised computer being used as part of a botnet, or could be something spying on you.

Looking at the specific DPI card for that category shows that that entire amount of data has been through SSH, which again could be an indication that something on the network is infected and is phoning home.  UniFi lets us drill deeper, however, and I can see that almost all of the traffic is from one specific machine on my network, which is configured to perform incremental syncing to the cloud via rsync. But if this had actually been a compromised machine, the dashboard could have been my first indication that something was very wrong on my network.

UniFi also lets me setup and configure a guest wireless portal, so no more needing to give guests my WiFi password.  They can just connect to my open network (named Ankh-Morpork in honor of Sir Terry Pratchett), accept the terms and conditions which warn them that their connection may not be private and to not carry out illegal activities using my WiFi, enter the password I have posted in my apartment, and voila! they can access the web on whatever device they may choose.  If they start causing issues, adding bandwidth limits and filtering specific sites is easy, as is managing which devices are connected to the guest network.

Overall, I’m quite pleased with UniFi. I have more I’d like to do (like building out vlans for my various servers), but for now the network is stable, speeds are faster than they were, and my WiFi coverage is great. I’ve been talking up UniFi with everyone that I know, and I’m slowly building out a network at my parent’s house which will let me troubleshoot remotely while increasing their speeds and security.  It costs a bit more than my previous solution, but I’m glad I made the switch.

Listing image by Thomas Jensen on Unsplash