|At a Glance|
|Product||Ubiquiti UniFi 3.0 Enterprise Wi-Fi Platform [Website]|
|Summary||Business-grade Wi-Fi Management system for Ubiquiti access points|
|Pros||• No license or support fees
• Clean and simple user interface
• Map integration including Google Maps
|Cons||• Documentation could use more details and examples
• Can't output report data
Most WiFi access points (APs) have web configuration utilities enabling individual management of the device. For wireless networks with multiple APs, it can be efficient to deploy a wireless controller to manage and collect data from the APs. Adding a wireless controller to your network typically involves using a dedicated vendor-specific hardware appliance to communicate with the APs. For example, I reviewed the Zyxel NWA3560 APs awhile back. In a deployment of multiple NWA3560s, one of the NWA3560s can be converted to operate as a dedicated wireless controller.
Ubiquiti has a clever solution for wireless controllers with its UniFi product line. The UniFi line consists of several different APs (that I'll list at the end of this review) plus wireless controller software. While other companies' wireless controllers require a dedicated hardware controller, Ubiquiti's UniFi controller software is free and runs on a Windows, Mac or Linux, as well as on a virtual machine running Windows or Linux. The UniFi controller can be local to the APs or even in the cloud, as long as the controller and APs have two-way Layer 3 connectivity.
Ubiquiti's UniFi AP controller software allows for the control of one to "thousands" of UniFi APs and can be run from a simple PC. This review will focus on Ubiquiti's UniFi controller software, although I will reference different models of UniFi APs I used while testing the controller software. We also have hardware reviews of Ubiquiti's UniFi UAP-AC and UAP-LR.
The controller software is included on a disk that comes with each UniFi AP and is also available to download from Ubiquiti's website. The software includes both the controller application and a discovery utility. The current production version on Ubiquiti's website is v2.4.4. UniFi 3.0 is a newer version of the software, currently in beta. I used version 3.1.3, which is a beta version available here for this review. Release notes for version 3.1.3 are available here. Ubiquiti has recently released version 3.1.4.
I was able to install the UniFi controller software on a Windows 7 and Windows 8 PC, as well as a Mac. I used my Windows 7 PC as the controller PC. I used my Windows 8 PC for AP discovery (see screenshot of the discovery utility below) and to connect remote APs to the controller. Depending on the version of Java running on your PC, you may get prompted to do a Java update along with the software installation. The minimum requirement is JRE 1.6 or above.
I initially had some difficulty getting the APs to connect to the controller software and discovered I had to configure Windows Firewall to allow communication between the APs and the software. There is no manual for the UniFi controller software specifically, although the manuals for the UniFi APs include instructions on how to use the controller software.
A lot of information on how to use the UniFi software is available on line in Ubiquiti's knowledge base, such as this post that lists the network ports that must be open on a firewall for full connectivity between APs and the controller. Personally, I like to have a manual to reference instead of having to search for info. But I was able to either fumble my way through configurations or find what I needed via the knowledge base.
Installing and administering the UniFi controller software on the cloud is a bit DIY, but seems reasonable for a seasoned networking professional. If I were to run this controller in the cloud, I'd run it on a Linux Virtual Machine. Ubiquiti has a knowledge base entry describing how to create a virtual controller via Amazon Web Services.
APs get their IP address from a local DHCP server, which the UniFi controller does not have. However, once an AP is connected to the controller, you can change its IP.
I used Wireshark to observe the messages sent between the UniFi controller and the APs. Ubiquiti's UniFi APs send out broadcast messages every 10 seconds looking for a UniFi controller. The discovery utility and the controller software will listen for these broadcasts and provide the option to let the controller "adopt" the AP.
If the UniFi AP is on the same LAN / Layer 2 network as the controller PC, it can be discovered and connected to the controller software using the controller PC. If the AP is on a different LAN than the controller PC, you can run the discovery tool from a second PC connected to the AP's LAN. The discovery tool will find the AP and allow you to configure the AP with the IP address of the Controller PC, as shown in the Set Inform URL field below.
Once an AP is connected to the controller, either on the same Layer 2 network or from a remote Layer 3 network, it is fully manageable via the controller software. For example, software updates for the AP can be handled by simply clicking an upgrade button via the controller, shown below. There is also a button labeled "start rolling upgrade" which will upgrade APs one at a time.
Several of the APs I used for my tests of the UniFi software had been previously configured to work with a different controller. The discovery tool allows you to reset the AP so it can connect to a new controller. UniFi APs also have a physical reset button to restore the device to factory defaults if needed.
Once an AP is connected to a controller, it no longer sends out broadcast messages. Instead, communication between the APs and the controller software is maintained by a series of unicast messages. Traffic statistics and other network data are sent from the APs to the controller via HTTP messages every 15 seconds. STUN (Simple Traversal of UDP through NAT) messages are sent from the APs to the controller every 30 seconds to maintain the connection. Configuration data is sent from the controller to the AP via TCP based messages as changes are made to the AP's configuration.
The UniFi controller has a simple layout with counts of APs, users and guests across the top. Near the top of the GUI are tabs for Map, Statistics, Access Points, Users, Guests, and report ("Insight") configuration. At the bottom of the page are the menus for viewing events and alerts, as well as configuring site, guest/hotspot, controller, WiFi, users, and admin settings.
My first impression was the menu seemed a bit sparse for a wireless controller that reportedly can control thousands of APs. But after clicking through the menus, I found addtional menu options appear when various features are enabled. For example, enabling guest access opens up options for hotspot configuration and provides a link for a separate hotspot GUI. In another example, enabling WPA-Enterprise opens up options for configuring a RADIUS server. After using UniFi's controller software, I came to appreciate its basic uncluttered and layered design.
Each AP can be individually managed via the controller. In the config screen shown below, channel and Tx power are adjustable for both the 2.4 and 5 GHz radios. There are additonal options to name each AP, set WiFi options (that I'll discuss under WLAN Groups) and configure network settings.
Making a change to an AP via the controller takes a minute or two to go active. Once the configrations are applied, the AP state will change to a "Provisioning" state, shown below. I noticed that if I was wirelessly connected to that AP while it was "Provisioning," I temporarily lost access to the network. Thus, you might want to be careful making changes to an active AP during peak usage times.
A neat feature in UniFi is you can create maps of your network and place your APs in the map. The software has a default sample map of the floor plan of a single floor of a house. Addtional map files with a .jpg, .gif, or .png extension can be added. Further, the UniFi map options can integrate with Google Maps.
What's cool about the UniFi map feature is you can add maps for each of the locations that you've installed APs, set the scale on the maps, drag your APs onto the map, and then visually see which APs are located where, the number of users and guests by AP and the WiFi coverage zone by AP.
Below, I copied a first floor home plan from the Internet and uploaded it to the UniFi maps. I added the UniFi APs to this map and now I have a realistic display of the APs, their physical locations, and the number of users connected to the devices.
Integrated within UniFi is the ability to use Google Maps to create your topology map. Instead of opening a file to create your map, select the Use Google Maps option and it brings up a window running Google Maps. You can specify what you want to map in a search window on the top right, and then choose the map or satellite option and zoom in as much as desired. I used the Google Map feature to pretend I was building a WiFi network in Boston's Fenway Park below.
The key to making a map accurate is to enter an actual dimension. Once the picture is saved and uploaded to UniFi, you enter the scale by using its utility to draw a line on the map and enter the line's actual length. Fenway's famous left field foul pole is 310'. So I used UniFi's scale utility to draw a line from home plate to left field and entered the length as 310'. Now that UniFi had the dimensions of the image, it can approximate the coverage zone of each AP.
The image above shows the UniFi coverage zones with my four test APs installed at Fenway Park. The best connections to the APs will be in the lighter, more centralized region of each AP's coverage zone.
According to Ubuiquiti, UniFi can control thousands of APs as long as they have Layer 3 connectivity to the controller. You can organize your APs by sites, setup different maps for each site and place your APs onto each site and map as desired.
For example, I could set up my first floor map created above as ResidentialSite1 and Fenway Park as a second site. I could use Ubiquiti's UniFi software to set up WiFi networks at multiple customer sites and manage each of the sites independently, but all through the same controller.
WLAN and User Groups
WLAN Groups are a nice feature in the UniFi controller. WLAN Groups make it easy to configure wireless settings to a lot of APs quickly and easily. To provision one or more SSIDs on multiple APs, create a WLAN Group with the desired SSIDs and security values, then apply the Group to the desired APs.
As you configure a WLAN, you'll see the options for configuring each SSID. UniFi supports all typical forms of wireless security, including WEP, WPA/WPA2 (TKIP and AES), and WPA-Enterprise utilizing RADIUS authentication.
I tested WLAN Groups by creating Group1 with two SSIDs, one called Smallnet1 and the other called Guest1, shown below. I set up the SSID called Smallnet1 with WPA2 security and I set up the SSID called Guest1 with guest restrictions. I then selected one of my APs and set its WLAN Group to Group1. Once the controller pushed the configs to the AP, it started broadcasting both SSIDs.
Using WLAN Groups also makes it possible to apply more advanced SSID configurations. To associate individual SSIDs with different VLANs, click the VLAN checkbox as shown below and enter the VLAN ID to be associated with the SSID.
I successfully tested UniFi's VLAN functionality. I connected one of the UniFi APs to an 802.1q trunk from one of my network switches with VLAN1 as the untagged VLAN and VLAN3 as the tagged VLAN. Via the UniFI controller, I left the Smallnet1 SSID without VLANs enabled, meaning it should be on the untagged VLAN. I modified the Guest1 SSID to be on VLAN 3.
I then wirelessly connected to my two SSIDs, Smallnet1 and Guest1. Clients on Smallnet1 were given an IP address from VLAN1 and clients on Guest1 were given an IP address from VLAN3 as expected, thus successfully demonstrating the UniFi controller's VLAN option and the UniFi AP's support for 802.1q trunking.
Another group feature is the ability to create a bandwidth restriction to a specific SSID. I created a user group called GuestUsers and applied upload and download bandwidth limits as shown below. I configured the Guest1 SSID to use the GuestUsers bandwidth controls.
I verified this feature by connecting to the Guest1 SSID, browsing to and running a speed test on speedtest.net, and obseved my results closely matched the settings I applied in the GuestUsers group.
There are a few other controls buried in the Settings > WLAN Group screen that may come in handy for optimizing user experience. The Minimum RSSI is kind of interesting. When enabled, it issues a de-auth packet to a client when it falls below the set RSSI threshold. Ubiquiti describes this as a "soft" approach in that it doesn't force the client to another AP. If the client decides to connect back to the same AP, the AP will allow it. But then the client will get de-authed again after "a duration".
The Load Balancing control sets a per AP limit for clients so that APs don't get overloaded. Note that there is no auto channel selection or auto power adjustment. The Wiki says each AP finds "a best channel" on power up and that "background-scanning and automatic runtime channel change is on the road map".
UniFi guest configuration, shown below, does not create a guest SSID or WLAN, but instead activates the guest security policy that can be applied to an SSID. A device connected to a UniFi SSID is considered a "guest" if connected to a UniFi SSID configured with the guest option, otherwise the device is considered a "user."
Guest networks by default restrict guests from accessing all private IP addresses. Additional IP address ranges can be configured as blocked or permitted on guest networks. Guest networks can optionally require password authentication, be configured as a hotspot, or interact with an external portal server for which Ubiquiti provides an API (application program interface).
Enable Guest Network
In the previous discussion on WLAN Groups, the SSID Guest1 was created with guest restrictions. So when I connected to the Guest1 SSID, I was prompted to agree to the terms and conditions with the simple web page shown below. Once I clicked agree, I was able to surf the Internet but unable to ping or access any devices on the LAN, as would be expected. I configured my guest SSID with the default expiration of eight hours. But you can configure it so users have to re-authenticate on shorter or longer intervals.
Basic Guest Authorization
The hotspot and external portal server options allow creating addtional restrictions/controls to be placed on guest users. With the UniFi hotspot feature, you can customize portal login pages and bill user's PayPal account or credit card. Enabling the hotspot option provides options for voucher and payment configurations.
UniFi includes prebuilt payment options (shown below) for PayPal, plus credit card options including Stripe, Quickpay, Authorize.net, and Merchant Warrior. You need to set up your own account with one of these credit card payment providers, first. For example, if you select Authorize.net to create a credit card billed hotspot, additonal options become available to enter your Authorize.net API login ID and transaction key.
To further customize the guest portal and experience, UniFi can interact with an external server for managing guest customers. Ubiquiti provides an API to integrate the UniFi controller with applications such as billing software or other authentication programs.
"Wireless mesh" is listed as a feature of the UniFi controller software, but the term isn't referenced in a manual. But you will find the Wireless Uplink feature described. Ubiquiti says Wireless Uplink enables the installation of an AP in an area without access to a wired network (an "island") via a method easier to set up and change than WDS and more reliable than other "mesh" methods.
I took one of my test UniFi APs and disconected it from the wired network. Shortly after disconnecting, it went into an Isolated state. At that point, I had the option of connecting it to an AP within WiFi range. As shown in the screenshot below, the AP I labled as Rec Room is in a "Connected (wireless)" state. Once connected, the AP continued to broadcast the SSIDs it had provisioned.
Wireless Mesh / Wireless Uplink
Wireless Uplink might be more reliable than mesh or WDS, but it still uses a single radio. So clients connecting to the "uplinked" AP will get at best only half the throughput it receives from its hardwired link partner.
One of the challenges of multi-AP wireless networks is not all clients can seamlessly transition from a weak signal from one AP to a stronger signal from a closer AP. Sensitive devices, such as VoIP phones, could suffer performance problems such as call dropping while moving from one AP zone to another.
With UniFi's "Zero-Handoff" (ZH) roaming, multiple APs appear as a single virtual AP to the wireless client, thus the client doesn't have to switch APs as it roams. The UniFi system determines the optimal AP to provide the connection to the client. They can do this without the UniFi controller connected.
Utilizing this feature requires creating a WLAN group with ZH enabled (shown below), then creating one or more WLANs in that group and applying that group to multiple APs.
Note, not all of the UniFi APs appear to support ZH. I noticed the UniFi AP-Pro, AP-LR and AP-Outdoor allowed me to add them to a WLAN group with Zero-Handoff enabled, but the UniFi AP-AC did not.
When multiple APs are broadcasting the same SSID as they do in normal operation, each AP will show up in a wireless network utility, such as the recently reviewed Metageek inSSIDer, with a unique MAC address. Using inSSIDer, I noticed that once I enabled ZH on multiple UniFi APs, I saw only one MAC address for the ZH configured SSIDs instead of two MAC addresses. This meant my PC saw only a single AP and thus would not have to switch APs as I moved from one AP zone to the other.
I ran a simple test by running a continuous ping from a wireless laptop while connected and standing close to one AP configured in a ZH SSID. I then walked my laptop next to a second AP in the same ZH group. The pings continued uninterrupted, meaning I hadn't lost a connection. Yet, via the UniFi controller AP overview screen, I could see my connection changed from one physical AP to the other. Neat!
Events, Alerts, and Reports
The UniFi controller, if configured with SMTP credentials, will alert you with emails about network changes and conditions. The controller also maintains a running event log with time-stamped messages such as when a user or guest connected to and from an AP, when an AP was adopted by a controller and other activites on the WiFi network. Log events can also be sent to a remote syslog server.
Alerts, such as when an AP becomes disconnected from the system are also provided by the UniFi controller. An active alert is visually indicated by a blinking light on the bottom menu bar of the controller GUI. I found that a resolved alert needs to be "archived" in the controller software once the condition that triggered the alert is cleared.
Numerous status displays, statistics and reports provide "detailed analytics" on the UniFi system. Clicking on a access point or viewing its details on the map will show how many users and guests are connected to it. As shown in my discussion on maps, you can quickly see how many users and guests are connected to an AP. A quick count of total clients connected to an AP is also shown in the AP overview section, which you can see in the screen shot shown in the Wireless Mesh section above.
Clicking on an AP brings up multiple configuration options, in addition to a detail information page, shown below. This detail page is a nice quick view on the activity level of an AP. It shows uptime, download and upload traffic usage, dropped packet percentage, and number of users and guests.
The Statistics tab provides a graphical dashboard showing data on clients, AP usage, most active AP, most active client, and all-time top client. The Insight tab (shown below) provides data on wireless users and guests, rogue access points, past connections and past guest authorization.
With all this data available for a system that can support thousands of APs, I was surprised there wasn't an option to output data to a CSV or Excel file. But then again, you do get syslog support.
The UniFi controller software is free and only works with UniFi APs. So, how much do UniFi APs cost? Ubiquiti sells its UniFi products in the US directly or through distributors. (You can even buy them on Amazon.) Below are Ubiquiti's list prices for the UniFi APs, with links to Amazon for current prices.
|UniFi AP (UAP)||$69||N300||2.4|
|UniFi AP Long Range (UAP-LR) [review]||$89||N300||2.4|
|Unifi AP Outdoor (UAP-Outdoor)||$135||N300||2.4|
|UniFi AP Outdoor 5G (UAP-Outdoor5)||$135||N300||5|
|UniFi AP Pro (UAP-PRO)||$229||N750
(2.4 GHz N450)
|2.4 & 5|
|UniFi AP AC (UAP-AC) [review]||$299||AC1750||2.4 & 5|
Table 1: Ubiquiti UniFi APs
By comparison, Amazon shows the ZyXEL NWA3560 mentioned at the beginning of this article going for over $300. Cisco's entry level wireless controller is the 2500 series wireless controller (AIR-CT2504-5-K9) that is over $600. Cisco also has a virtual wireless controller costing around $50 less licensed for five access points. Entry-level Cisco APs that work with a controller are Cisco's Aironet 600 series APs (N300) starting at around $225.
Clearly, Ubiquiti's UniFi free controller software has met its objective of "disruptive pricing." Granted, even though the UniFi controller software is free, you'll still have to supply a PC. Since this PC is running your wireless network, you'll want a reliable computer, so there is some cost. Moreover, as you grow your UniFi wireless network, you'll have to monitor CPU, memory and storage utilization on the PC to ensure it is handling the load. You'll also want to back up your controller configurations (there is a simple option in the Admin menu to backup and restore configs).
As stated on Ubiquiti's support site, "UniFi APs can run by themselves without the controller unless features like guest portal is enabled (the UniFi controller also functions as a captive portal). Restarting the controller won't restart your APs." Thus, once the APs are configured, your wireless network isn't completely dependent on the controller.
I came away impressed with the UniFi controller software. This gallery below highlights some of the features I found most interesting. With the simplicity of the menu, I initially got the impression that Unifi's wireless controller software would be lacking features. But the more I poked around, the more I found it could do.
With the world moving to cloud based services, I think it is brilliant to eliminate unnecessary hardware as Ubiquiti has done with the UniFi wireless controller. The beauty of the UniFi solution is you can start out with a wireless controller solution for even small wireless deployments with a very small investment and grow it as your network dictates. Kudos to Ubiquiti for pushing the wireless industry to a more economical and flexible solution for wireless networks, both large and small!