There are quite a few good blog posts around on setting up enterprise-grade WiFi at home using Ubiquiti UniFi.

The thing about these posts is that they mainly focus on the planning and deploying process and basically infers that everything was great forever and ever after.

In my experience, all the interesting stuff happened after the setup processes were done. Maybe it's just because I suck at networking, but maybe you do to? Or maybe you just don't care enough to worry about different flavors of PoE, Channel widths, RSTP Priority.

As it turns out, to get a UniFi network running at home you actually do need to care about a few things. I aim to guide you through these.

Background

Today most of my "network encounters" mainly comes from setting up virtual networks in Azure. Configuring VLANs, Load balancers, Gateways, Clusters etc. In terms of network equipment and WLANs, my aim has been to know as little as possible.

One day, I was sitting on the balcony with my laptop and suddenly got fed up with my flaky WiFi. It was especially bad there since it was basically as far away from the AP could get without leaving the confines of my apartment.

I also noticed I was gathering quite a lot of network connected "stuff", with plans for getting even more of this "stuff". Being a software developer, I naturally wanted all of this to be built upon on a robust, solid and extensible backbone. My current LAN was simply not that.

Prior to my UniFi upgrade, my home network equipment was comprised of an 8 port dumb switch and an All-in-One Router/Switch/AP/Controller thingy you get from the service provider and put in a closet and forget about.

We got our fine specimen when we moved in 3 years ago. It's a bit embarrassing but it did not even have 5Ghz, it was placed in the worst location possible for 75% of our WiFi use.

But how could you live like this? Well, I had the luxury of having at least one network outlet in every single room. This has meant that I could use cables for most of my stationary devices, leaving WiFi dedicated to mobile devices. Which was pretty stable, at the magnificent speed of ~30 Mbps.

That said all my neighbors (up, down, left and right) all had their WiFi running and to make things worse I live close to a hotel with a HUGE amount of 2.4Ghz AP's all over.

Safe to say not ideal "WiFi land" but I managed to trundle along by changing channels when things got too bad.

As you can see below my WiFi was basically optimized for sitting on ye olde toilet. This is not necessarily the worst of priorities for your WiFi coverage, in fact, it's probably why I never really got around to fix my WiFi.

Network situation.

... Things could, however, be improved for the rest of the apartment.

Expectations

I knew that to get a real speed boost meant going 5Ghz and the latest 802.11ac Wifi standard. This also meant the signal doesn’t travel well through walls, henceforth I needed to have multiple AP's.

At work, our "go-to" network consultant had fairly recently deployed UniFi AP's all over the office and I really liked how easy they were to set up and manage, they were powered over the Ethernet cable (yay!) and they did not look terrible. The AP's are easy to place pretty much anywhere, in the ceiling, on walls or as we tend to do at the office leave them on the floor. Their stuff is also designed for enterprise use, which is quite a bonus.

The main other option I looked at was going the Apple route (Airport Extremes) it felt a bit too "consumer", not as extensible, and those power adapters (ughh!). Obviously, I went with UniFi. Ubiquiti gear is also pretty cheap, especially when thinking of it as enterprise grade. Now, in the end, I ended up spending a lot more than expected but that's another story.

After digging around a bit I basically had these expectations/goals of the upgrade:

Reaching close to my network pipe max in download speeds over WiFi (500Mbps download)

Easily get to above speeds as 802.11ac is advertised as much faster

A few hours of work to deploy

That I could power my AP's with any PoE switch

That my WiFi would be much more reliable with many clients

Purchase

Ubiquiti's UniFi range at the time offered 4 different AC APs, ordered by price low to high :

AP-AC-Lite,

AP-AC-LR (Long Range),

AP-AC-PRO,

AP-AC-HD.

I decided to go with the AP-AC-LR. LR means long range, which sounds good. To me, it certainly sounded a lot better than the cheaper "Lite" version.

A bit naively I thought, You don't want to get the cheapest version, do you.

Turns out I should probably have gone with the Lite.

The LR is a bit of a safe choice. It's aimed more towards large open spaces while still being very flexible and a good bet in most scenarios. For example, if the amount of AP's you can deploy is limited, coverage rather than speed (for both 5 and 2.4Ghz) is the focus then, by all means, get an LR.

When going strictly for 802.11ac at home or in the office and you have a lot of walls and smaller rooms you are better off having multiple less powerful radios with line-of-sight to your main usage area rather than fewer more powerful ones.

Thankfully as I later learned you can turn the radio transmit power down and that my AP placement wasn’t too shabby after all.

The choice of LR was by no means a deal breaker, however, the money I spent on a better AP would probably be better spent on an extra AP instead.

I ended up getting two of these AP's. To power them the plan was to put an 8-port switch in the closet where my service fiber comes in, then bridge the old crappy all-in-one and let the PoE switch handle the switching and power distribution to the network outlets that needed it, via the patch board.

Planned network topology and hardware placement.

So, I needed an 8-port switch, I needed a minimum of 2 PoE ports for the AP's. Turns out Ubiquiti has an 8-port switch where half of them can supply PoE. It's called the Switch 8 60W.

Great, so I got that as well. This also meant that I could manage my switch from the same interface, which is nice.

I could, of course, have used the bundled PoE injectors but that would mess up my closet a lot and plus it’s pretty cool to have a PoE switch at home, right?

In total, I ended up spending around 450€ for this.

Nice boxes! Please ignore the small one for now!

Installation

So ready to take on the world with my new networking purchases. This was as easy as can be, plug everything in, run the controller software and then adopt your stuff, create your SSID then "Next, Next, Next, Ok!" and voila you can now manage all your UniFi stuff from one very elegant interface.

Again, there are plenty of blogs about the setup of UniFi gear. Still, I like to stress how elegant this is... it is very elegant!

Within a few mins I had stuff like this in the UniFi controller:

Network topology, with clients.

Wifi signal strength map, OR could also be bungie.net heat map from the Pit, You choose.

In terms of hardware, Ubiquiti doesn't leave you disappointed either. The switches feel very solid and the AP's (even though they weigh next to nothing) also feels qualitative. The packaging of everything is also very good.

This is how it looked when "Deployed".

Result

So now that I had my new shiny WiFi up and running I, of course, started running some speed tests.

Instead of 500Mbps, I got around 80Mbps in download speeds on a/c.

Instead of a stable network, my clients lost their connection left and right and many times could not get a new IP lease.

.....Greeeeat, Had I just wasted around 450€ for a minimal throughput gain and instability?

Of course not, but it took a while for me to figure out how to get to Wifi Supremacy.

Troubleshooting throughput

In the quest to reach my expectations I had to leave one of them behind.

"A few hours of work to deploy"

... Yeah not so much. Bye Bye!

Below is basically an account of my thought process for troubleshooting this low throughput.

Channels

The first thing to check of my troubleshooting list was of course channel interference. My trusty tool for this is WiFi Analyzer.

As previously mentioned, I live in a fairly new building, we all moved in at the same time and we all got the same crappy 2.4Ghz all-in-ones and not many had bothered doing anything about that. This meant the 5Ghz spectrum was very clear.

This is generally the case compared to 2.4Ghz. Since we all remember our physics, the higher the frequency of radio waves the more it behaves like visible light. Visible light among other things does not pass through walls.

On behalf of all WiFi users living in condos I like to curse the person that decided that WiFi should use 2.4Ghz, the situation would likely be a lot better if we had gone the 5Ghz route straight away.

Channel analyzing was a continuous process during the whole troubleshooting phase of course and most likely will be forever and ever.

I think this is pretty good!

Get your expectations right

The perception of 802.11ac is that it's very fast, and it is (...for WiFi). Even on the box of the AP-AC-LR, it says up to 1300Mbps, so I should easily be able to get 500Mbps out of this right?

Reading up a bit more on WiFi speeds I quickly found out that someone back in the day must have realized that WiFi speeds suck and decided to pretend WiFi is Ethernet.

The somewhat Ethernet comparable 5.5Mbps WiFi speed now became 11Mbps WiFi which sounded a lot better. One of the many differences between a 100Mbps WiFi connection and a 100Mbps Ethernet connection is that the Ethernet connection is Full-Duplex, that means you can both send and receive 100Mbps at any point in time. Since WiFi is Half-Duplex you can only send or only receive 100Mbps at any point in time. Or if you will send and receive at half that bitrate (50Mbps). Now, it would convert gigabit Ethernet to WiFi speed notations, we would have 2000Mbps. In short, WiFi is not Ethernet without a cable.

This does not mean that you should cut your expected speeds in half, but it shows there is more to WiFi throughput numbers than meets the eye.

The worst offense in WiFi throughput notations though is to actually combine the different radios bandwidth to give you the number on your WiFi device box. This is why we have wireless equipment boxes saying, "UP TO {someHugeNumber} Mbps" on them.

There are multiple different speed "rates" for 802.11ac, these are advertised as AC1200, AC1300, AC1700 all the way up to AC5300. One would think they are meant to be indicative of throughput you can expect from an AC AP. This is not the case, they are exaggerated as hell. Can you expect to get 1300Mbps download speeds out of AC1300? Not even close.

Start by removing the 2.4Ghz radio, now your down to 867Mbps. Then add the fact that these speeds are under VERY optimal conditions (Very close and no RIF) and then that WiFi frames are a lot "chattier" than Ethernet frames and you are probably in good shape if you can reach download speeds of 500Mbps on an AC1300 AP.

Then, of course, the client’s needs to support multiple streams to reach these higher speeds. Which is not a given.

on top of THAT everyone on the UniFi forums kept saying this:

"... Ubiquiti gear has never been about performance".

It did not help explain my sucking throughput but at least I realized getting download speeds nearing my pipe max (500Mbps) is not going to be as easy as I thought.

Ubiquiti does a great job at explaining this on their website, but retailers often do not.

Here is a good video on the subject: https://www.youtube.com/watch?v=Zna7UhFo97w

PoE, Point of Error?

Forgive my ignorance, but Power over Ethernet never excited me much.

I basically thought it was one standard. Therefore my next thought was my problems might have something to do with PoE, maybe the AP's where not getting enough power. 2-3W per AP seemed kind of low (another great bonus of having a

UniFi PoE switch is that you see this stuff, although it did eventually lead me down the wrong path).



Watt is going on here? The UniFi port configuration for PoE switches is watts going on!

After digging around a bit on PoE I found out that all PoE is not created equal. There are actually two IEEE standards 802.3at and 802.3af, then there are also a few non-standards the biggest one heavily used by Ubiquiti is 24V Passive PoE.

The switch I got only supported the newer PoE+ (802.3at) standard, whereas the AP AC LR, where listed as using the 24V Passive PoE.

My thought was first that I screwed up and might have broken these AP's or that it might have something to do with the bad speeds. It did not, by pure chance I was lucky enough to have purchased the newly released version of the AP-AC-LR which had a big blue sticker on the box saying it supported 802.3at. Great, so that was not the problem, and I've also learned about PoE, double "win".

Just be careful when buying PoE stuff, there are different standards and your switch might not support them all, especially from Ubiquiti it also seems to be very common with camera equipment using PoE.

This is of course also only relevant if you’re buying a PoE switch, included with your Ubiquiti AP purchase is always a PoE injector that turns your regular Ethernet into PoE by plugging the injector into a power outlet. Hopefully that PoE injector will produce the type of PoE you actually need.

It seems the industry is standardizing around the standards though (hah!) so hopefully all of this will be easier going forward.

Controller software

My next thought was that my AP's maybe got confused by me turning on and off the controller software on my laptop all the time. Some people on the UniFi community had reported some weird stuff when not having the controller software continuously running so maybe this was the problem. I also got fed up by having to start and stop the controller all the time. But I did not want to set up a server just to run the UniFi Controller software.

Thankfully by reading Troy Hunt's excellent blog post I then learned that Ubiquiti makes this thing called a Cloud Key. It's a little Compute stick powered by PoE that runs the UniFi Controller software. It also makes it possible to use the UniFi controller remotely as well as with a mobile app. This thing is awesome if your planning to get any UniFi products at all, get the Cloud Key, it makes your life so much more enjoyable.

I then did a factory reset of all my stuff and plugged in the UniFi Key, and now adopted them to the Cloud Key instead of my laptop controller. This was also EXTREMELY easy and pain-free.

Did it solve my problem? No still same speeds (which I kind of expected) but never the less I could now do faster config changes, use the mobile app remotely and use the built-in mobile throughput test in the app (which is also a great tool for diagnosing WiFi issues), the feedback loop had lowered.

A cloudy key!

Guest mode

Another thing that I activated when setting up the AP's and WiFi network for the first time was that I turned the Guest network and portal on. Hey, I have guests, and it's pretty nice to have a guest network for them with a shitty password that I remember.

As it turns out this comes at a price, running the guest portal puts some strain on the AP's CPU which is basically cutting your throughput in half. Thankfully it's easy to turn the guest portal off from your UniFi Controller.

With guest off, I saw the first real bump in performance and I was now seeing download speeds at around 150Mbps.

Think long and hard about really needing this feature.

TX Power

Another thing that I found by just casually browsing the UniFi community forums was a lot of mentions of turning the transmit power mode to low, especially when talking about the AP AC LR.

By default UniFi AP's are shipped with the TX Power mode Auto, auto, in this case, does not mean: "I'll figure out what my best TX Mode is". It means FULL POWER! Maybe they have future plans for the Auto mode, who knows. Your WiFi with an AP set to max transmit power is a bit like having a meeting with a very loud person. If anyone is shouting his/her words out the rest of the attendees will have a hard time getting their say, and will probably feel a bit uncomfortable as well. This is kind of what happens when your AP is screaming at your clients. They will have a hard time getting their say and your throughput will go down. Turning my TX Power down made things a lot better. I settled on putting 2.4Ghz on low and 5Ghz radios on Medium which gave me the best results, don't forget to experiment with this.

I was now starting to get pretty stable downloads at around 200Mbps on ac...



Stay away from Auto here!

Band Steering

... If I could stay on 802.11ac that is, which my clients often did not. Especially with both radio TX powers on low. They often picked the 2.4Ghz network and it was a bit frustrating.

Thing is UniFi has this concept called "advanced mode" in your controller software. Activate this and you get some more configuration options on your devices. For example, for your AP's this allows "Band Steering". Band Steering basically tells your clients to prefer 5Ghz or whatever band you want them to prefer, but 5Ghz is what I want. This is an advanced feature, probably for good reasons and results may vary here, for me with mostly quite modern clients it seems to have helped a lot. No, they almost never pick the 2.4Ghz network.

Later on, I ended up turning off 2.4Ghz completely since it was only needed by Sonos and that was a problem in itself. It is a pretty nifty little feature if your clients are sticking to 2.4Ghz.



Band steering options for an AP, after advanced mode was activated.

Channel width

Normally WiFi channels are around 20Mhz wide but to reach the really high speeds of ac you need wider channels to cope with the throughput. Sadly, as your channel width goes up, your chances of radio interference also goes up. If you increase the channel width you'll need more free spectrum/channels around your channel.

Thankfully my 5Ghz spectrum was pretty clear and for my main AP I had pretty much line of sight all the time so cranking up to 80Mhz wide was not a problem. Most of the recommendations I've seen on Unifi's forum where to go with 20Mhz wide channels, though keep in mind that these were mainly for business applications.

The rule of thumb I gathered for 5Ghz was :

Few Clients, optimized for speed => 80Mhz Channels.

Shitloads of Clients, optimized stability => 20Mhz Channels.

Anything in between => 40Mhz.



The UniFi controller makes it easy to change channel width.

More switching power

Up to this point, I had only one UniFi switch and one crappy old Linksys switch in the living room. In all this madness I decided to go buy a Switch 8-150W, I thought to have only UniFi switches might help solve the not yet satisfying throughput and the vanity in me wanted to be able to manage everything from the same interface.

Turned out throwing money on the problem did not solve it completely but I got one hell of a switch, this thing is a beast, looks extremely professional it even has SFP ports which are pretty darn cool. But mainly it supports all different kinds of PoE and I now had up to 8 PoE ports which meant I was in this for the long run. My plan is to get one or two AP-AC-IW to cover the weak spots, for this I’m going to need more PoE ports. The 60W switch now felt like any other consumer switch but this thing is on a whole different level. It's huge, solid, heavy and awesome.



The switch was now switched!

Network Loops

Thinking that I've done most that I could with the wireless configuration, my focus now shifted more towards the instability of the network. As mentioned one of the things I got for free when setting up the UniFi stuff was an unstable network. Sometimes connection would just disappear, pages fail to load, download stop etc. Again, by fluke reading the UniFi Forums it turns out Sonos and UniFi switches are not the best of friends.

Sonos is basically great at creating network loops, network loops are the not surprisingly the bane of network stability and throughput, especially WiFi throughput.

The problem lies is that Sonos creates its own mesh network between the speakers (SonosNet), this means every Sonos speaker has the potential to communicate with your network in many ways, via the ethernet port (if connected), via the WiFi connection to your AP (if enabled), via SonosNet to another Sonos speakers that might have ethernet or WiFi connection to your local LAN and so on. All my Sonos Speakers had wired connections to my network. For Sonos relies on STP switching priority get its packages across. Now since I went and got a fancy managed switch with STP support and a priority that by default matches Sonos priority things got a bit confused in the switches.

My understanding is that this meant Sonos tried other routes around the network which in turn created loops, which in turn created flooding of multicast and broadcast packets, which killed my throughput. This is called a broadcast storm. Broadcast storms are especially detrimental to your WiFi throughput, more limited bandwidth is one of the reasons but also broadcast packets are sent to every client and some clients are slower than others, this means a lot of airtime is dedicated to broadcast traffic. At first, I thought this was a DCHP issue and invested a lot of time trying to solve it there, I actually ordered a new all-in-one (free though) from the ISP.

The way I solved it was to increase the STP priority of the main switch and the second switch to a lower number than the default (and Sonos priority), I also removed the Ethernet connection and WiFi connection to all Sonos devices but one. This meant that all Sonos data went through the one Ethernet connected Sonos devices. This seemed to fix the throughput problem, that is until I started watching IPTV.

More info here :

https://community.ubnt.com/t5/UniFi-Routing-Switching/UniFi-STP-and-Sonos/td-p/1799812

and here :

https://community.ubnt.com/t5/UniFi-Routing-Switching/Unifi-switch-STP-and-Sonos/td-p/1508612

Switch priority setting

IGMP & IPTV sitting in a tree

This was another case of a broadcast storm caused by consumer electronics. This is something that everyone with an IPTV set-top-box on their network should know.

The way it works is that your STB's subscribe to a multicast group. The IGMP (Internet Group Management Protocol) is used to control multicast groups. What your All-In-One does is utilize IGMP Snooping to make sure the IPTV stream only goes out the ports that have subscribed to it. When I put a UniFi switch between my STB and All-In-One the streams went out to all ports. Flooding my network with the UDP IPTV stream. Enabling IGMP Snooping is just a checkbox and it's done from the networks tab in the UniFi controller.

This was also the tipping point which leads me to achieve the set-out goals. The throughput just soared up and I was now reaching stable ~450 Mbps speeds all across the apartment.

WiFi Creaminess!!

In the end, it was a combination of all of the above that caused my problems so I can’t pinpoint one thing, but at least I hope it gives you some ideas if you're ever in a similar situation.

TL;DR

Ubiquiti gear is awesome

Plan and Research more than I did before buying

Advertised WiFi network speeds are very exaggerated

Not all PoE are created equal

Remove guest portal

Beware of network loops and broadcast storms

Wider channels means more throughput, but a greater risk for RIF.

Managed Network Switches might need some managing

Network connected consumer electronics that are trying to be smart, are trying!

Don't blindly trust everything the WiFi gurus on the UniFi community recommends. Often their best practices are aimed to solve different scenarios than what you have at home.

Ones you get into these Ubiquiti devices, it’s easy to spend a bit more than you expected

Future

In my next post, I'm installing an AP-AC-IW (In-wall) to cover at least one of my WiFi blind spots. Let's hope that is more straightforward.

Almost all measurements were taken with my iPhone 7 Plus using the throughput test in the UniFi App and/or using my Surface Book and bredbandskollen.se (a Swedish network testing site).