I'm done with Ubiquiti Unifi. Need help with alternatives.

BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
here's a somewhat interesting test of Aruba (wifi-6) vs older Unifi (wifi-5) stuff. It's obviously not apples to apples, but one interesting conclusion can be drawn: AP22 with Wifi 6 does MUCH better at 2.4ghz, but about the same at 5ghz
YMMV.
 
panteragstk

panteragstk

Audioholic Warlord
here's a somewhat interesting test of Aruba (wifi-6) vs older Unifi (wifi-5) stuff. It's obviously not apples to apples, but one interesting conclusion can be drawn: AP22 with Wifi 6 does MUCH better at 2.4ghz, but about the same at 5ghz
YMMV.
Interesting that you would bring up 2.4ghz performance. I really need 2.4ghz to be stronger in my house. Too many of my devices require it so it's very important. They're all cameras and things like that, but my Unifi stuff hasn't been doing that well on 2.4ghz the past few years. I've got a lot of congestion in my neighborhood. 5ghz where I am is actually quite good, but my Unifi stuff is still falling behind. The roaming between APs is my other big concern due to calls having issues in my current setup. Used to not be an issue, but for some reason is now.
 
highfigh

highfigh

Seriously, I have no life.
So I realize this may not be the place for this question, but since I trust you people and there are a bunch of us that are in the IT space, I thought I'd give it a try.

So, I'm going to attempt to detail out my current network install to see what you guys think. Bear with me as it's a bit complex.

I have a Sophos UTM box in front of everything in my network. The only reason it doesn't control everything is because it's a home license that is free so I'm limited to 50 IP addresses. I'm far over that sadly. If you know anything about their stuff it's supposed to be among the best at blocking threats. It's been in place for years and has never given me any trouble. If anything, I'm spoiled on how configurable everything is. The down side is that it's massively complex to configure requiring a lot of reading to resolve certain issues.

The rest of my network is all Unifi stuff. I've been using their stuff for years, but their recent antics have me looking elsewhere. Those that know are aware of their security issues around Unifi accounts, but more than that their UI direction is just idiotic. They change things, then roll back, then move to something else and it's all fluff and no substance. Couple that with the fact that my USG (router, security gateway) sucks. It's just not a good piece of equipment. Just getting it up and running had me seriously considering smashing it with a hammer. Before that, all my Unifi APs worked wonderfully when directly connect to the Sophos box.

They still work, but are older tech so no mesh, no fast AP roaming. It's becoming an issue since I'm constantly on conference calls. I can't have drops or garbled voice when doing a presentation. Used to not be an issue, but now it is and I'm done with this stuff.

I had considered upgrading to a better security gateway from Unifi as I'm almost positive most of my issues are with the USG just being underpowered. I had high hopes that their Dream Machine pro could replace my Sophos box, but I don't trust them anymore.

Having said all that, I've currently got two of their AP-LR models that are Wifi 5. One upstairs, one down. I've also got 5 of their flex mini switches that are 5 port managed switches. These are awesome. I have a USG too, but it's honestly not that great and it's only real job is DHCP and traffic monitoring. I just want to be able to see what my devices are doing and how much data they use. I've been able to stop some rouge things from happening so this is a must have feature. Their DPI is also good, but lately it's been resetting the data. Not a fan. I'm also not a fan of the limited configuration options.

As an example, I'm using the Sophos box to do everything firewall, NAT, DNS, webserver, etc. so it's doing 99% of the heavy lifting. The USG won't let me disable NAT since I've already got that set up on my Sophos box. Not cool, but not the end of the world. If the USG were better, I'd get rid of the Sophos box and simplify my setup to an extent. The USG doesn't have nearly the features that Sophos does when it comes to web serving and the like.

So, that leads me to today. I need help trying to figure out what product suite would replace what I currently have. I looked at TP-link Omada per @jinjuku suggestion and it looks very much like a Unifi clone, but more stable from what I've read. Slow to update firmware so that's a concern, but I don't necessarily update unless I need to so maybe not an issue. I installed the Omada controller and it's pretty similar in what their devices can and can't do. It's all pretty simple still, so I'd probably still use my Sophos box for the heavy lifting.

I know that @BoredSysAdmin has similar complaints about Unifi that I do so I'm curious to see what he plans to move to. I really like what I'm seeing about the TP-link stuff, but I feel it's a lateral move rather than an upgrade. Then I look at more advanced stuff and get sticker shock.

So, what do you guys think? I'd love to hear what you use or what you've done for customers. I think a fresh start would be good.
How many switches are you using and how are they connected? If you have the switches on the same/first layer (directly to the router) and they're parallel (for lack of a better word), you should be OK but if one switch connects to a LAN port on another and an additional switch is connected to that switch, you may be seeing the effects of the end points needing to pass through too many layers to the router. I have always heard that three layers is the recommended limit.

When did this start?
 
panteragstk

panteragstk

Audioholic Warlord
How many switches are you using and how are they connected? If you have the switches on the same/first layer (directly to the router) and they're parallel (for lack of a better word), you should be OK but if one switch connects to a LAN port on another and an additional switch is connected to that switch, you may be seeing the effects of the end points needing to pass through too many layers to the router. I have always heard that three layers is the recommended limit.

When did this start?
My APs are directly connected to my switch and the switch is directly connected to the router. Bottom line is my APs are getting old and don't support the newer standards so it's time to replace them. That and the vendor I'm using sort of sucks now even though their products are generally pretty good.

So, new APs for me. Just trying to narrow down which one.
 
panteragstk

panteragstk

Audioholic Warlord
This has a comparison of a lot of things I'm looking at. Good site.

So looking at this article, if I want to stick with Omada (I like the software so far, and it's got a docker) then the best looking solution is the EAP615- Wall and the EAP610 V2.

These charts show the performance at a given distance. For me, a combo of these devices placed in the right spots should make my network pretty much solid in-doors. It doesn't seem the EAP615-Wall supports mesh, but it seems mesh is only valuable when you need AP-AP connections and mine will all be wired. If there's more to it than that, I'm all ears.



 
jinjuku

jinjuku

Moderator
Remember that everytime you propagate out on a mesh you lose half your bandwidth
 
panteragstk

panteragstk

Audioholic Warlord
Remember that everytime you propagate out on a mesh you lose half your bandwidth
Thanks for that. If I have any APs that mesh, it'll just be the one I put outdoors, if I even do that.

Right now I think that 2 610 V2 APs to replace my current Unifi AP-LRs will be a good start. My office and bedroom have dead spots that the 615-Wall device can fix. I can also replace my current "dumb" TP-Link switch with a TL-SG3428X and be good to go. Plus I'll get 4 10g ports so I can finally connect my 2 servers using 10g so backups are quicker.

I'm going to order the 610 today and see how it is. I'll disable both Unifi APs and see how well one can do on it's own. One Unifi AP-LR did great for a long time...till I got too many neighbors.
 
panteragstk

panteragstk

Audioholic Warlord
Got my Omada 610 v2 AP today and so far set up is pretty much identical to my Unifi stuff. I'm annoyed that it didn't come with a POE injector like the Unifi stuff does. I'm hoping I can use my current injector.

So far so good. It's a VERY strong AP. I have it in my office now and am getting much higher download/upload than I ever did with my Unifi stuff, but this is brand new and supports higher speeds so that's expected. Plus, I'm 6 feet away. Even in my bedroom I got ~10mbps which is pretty good for going through 4 walls and being 100 feet away or so.

I'm impressed so far.
 
M

mccanntech

Audiophyte
I agree with most of the points here, I hope my reviews were helpful. Enjoy the new gear, cheers!
 
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
Looking at McCantech charts, I have mixed feelings - I am familiar with Unifi and it actually does perform well (after some tweaking) in my 3k+ sq house. with only 3 UAP-AC-Pros (2 wired and 1 wireless)
U6-Mesh seems to perform very well, especially through multiple walls. It's in stock and priced reasonably.
Form factor maybe not be for everyone.
 
panteragstk

panteragstk

Audioholic Warlord
Looking at McCantech charts, I have mixed feelings - I am familiar with Unifi and it actually does perform well (after some tweaking) in my 3k+ sq house. with only 3 UAP-AC-Pros (2 wired and 1 wireless)
U6-Mesh seems to perform very well, especially through multiple walls. It's in stock and priced reasonably.
Form factor maybe not be for everyone.
My Unifi stuff performance isn't really the issue, it's the fact that the APs I have don't support the roaming feature which has become an issue. It used to not be, not sure if my devices have become more picky or what, but it's a problem.

The only reason I didn't upgrade to newer Unifi APs is because of the issues I've had with Unifi stuff in the past. My USG seemed like it was going to crap out again on me today and made me feel better about switching everything up.
 
jinjuku

jinjuku

Moderator
Got my Omada 610 v2 AP today and so far set up is pretty much identical to my Unifi stuff. I'm annoyed that it didn't come with a POE injector like the Unifi stuff does. I'm hoping I can use my current injector.
Huh. I put in some EAP225's and they all came with injectors. If you need a couple just pm an address if your in the States and I'll ship them.
 
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
My Unifi stuff performance isn't really the issue, it's the fact that the APs I have don't support the roaming feature which has become an issue. It used to not be, not sure if my devices have become more picky or what, but it's a problem.
Hmm, My APs running latest firmware and my UniFi controller has Fast Roaming enabled (does say Beta).
Documentation of if Unifi stuff support 802.11r/k or not is murky at best, but someone found a way to confirm using Wireshark:
 
jinjuku

jinjuku

Moderator
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
Lol. I'll just take a solution that doesn't require a pcap to figure out if it's doing 802.11r/k frames.
I've recently done some packet captures to troubleshoot some Netflow issues. For a nearly complete newbie in Wireshark filtering logic, it didn't take me too long to figure it out. I know the approach is unusual and I agree I would love to see Unifi simply putting a checkmark in the specs PDF, but this isn't how they operate :(
 
jinjuku

jinjuku

Moderator
I've recently done some packet captures to troubleshoot some Netflow issues. For a nearly complete newbie in Wireshark filtering logic, it didn't take me too long to figure it out. I know the approach is unusual and I agree I would love to see Unifi simply putting a checkmark in the specs PDF, but this isn't how they operate :(
Once you master Wireshark it'll make you look like a rock star. I use it for ACL creation all the time. I was brought in for a T-Shoot issue that 20 man hours had been burned on T-shooting. Spun up WS and had RCA done in less than an hour.
 
panteragstk

panteragstk

Audioholic Warlord
Hmm, My APs running latest firmware and my UniFi controller has Fast Roaming enabled (does say Beta).
Documentation of if Unifi stuff support 802.11r/k or not is murky at best, but someone found a way to confirm using Wireshark:
I had it enabled on mine, but it doesn't seem to be working. I tested with multiple devices. As soon as I got close to a specific AP, things got weird. I'm almost positive one of my APs is going out. I get disconnection notices every once in awhile, but they're very short.
 
panteragstk

panteragstk

Audioholic Warlord
Once you master Wireshark it'll make you look like a rock star. I use it for ACL creation all the time. I was brought in for a T-Shoot issue that 20 man hours had been burned on T-shooting. Spun up WS and had RCA done in less than an hour.
Wireshark is great. I don't have to use if often, but it's a very nice tool to have for any network troubleshooting.
 

Latest posts

newsletter

  • RBHsound.com
  • BlueJeansCable.com
  • SVS Sound Subwoofers
  • Experience the Martin Logan Montis
Top