01/11/2018
UniFi'd my Home
Reason for Installation
I went all in on UniFi to replace failed Airport Extreme
Used Products
×1
×3
×1
×1
×1
Location
Howick, Auckland, New Zealand
Description

Recently my Apple Airport Extreme died, so I decided to go ahead and do something I have been thinking about for a while now, and redid my home network with UniFi gear.

 

I live in a 3 year old house, which had a single Cat6 outlet in each of the 5 bedrooms and 2 living spaces, wired back to a small in-wall cabinet in the garage. Running additional Cat6 to ceiling mounted APs was not really an option, so I decided to use 3 of the AC In-Wall APs, which gives me good 5GHz coverage throughout the house and small section. I have the 2.4GHz power set to minimum, which gives me plenty of coverage for non 5GHz devices.

Screen Shot 2018-01-12 at 8.54.05 AM.png

 

Screen Shot 2018-01-12 at 8.53.10 AM.png

 

 I got a USG, Switch 8-50W, and CloudKey, mounted in the cabinet, along with the Mac Mini which is running ESXi 6.5. This hosts a couple of VMs including an Untangle NGF which I use for content filtering. The cabling has changed slightly since I took this photo. The USG LAN port now connects to the Thunderbolt ethernet adapter on the Mac Mini, which is the external interface for the Untangle VM. 

 

I was able to do away with the ISP provided router. The USG connects directly to the Fibre ONT. 

 

IMG_333139.jpg

 

Untangle web filtering gives me much more comprehensive information and control over what is happening on the network than what can be achieved with UniFi alone. I wish Ubiquity would build something like this into the USG, but the Untangle Home subscription is only US$50 a year.

 

Screen Shot 2018-01-12 at 9.01.02 AM.png

 

Untangle runs in transparent bridge mode between the USG and Garage Switch. Lets just say that Untangle has shown that my children (13, and 17) aren't as sweet and inocent as I would have liked to believe (but never really did.)

 

Screen Shot 2018-01-12 at 8.56.18 AM.png

 

A couple of issues that I have encountered with my setup:

  1. The WiFi adapter on my ducted heat pump system requires WPS to connect. I have seen reports of people using a WPS enabled AP to program the WiFi adapter, and then turning it off and it connecting to a UniFi network with the same SSID and password, but I have been unable to get this to work. As a workaround I enabled WiFi on my old Apple Time Capsule, and connected the heat pump to that. (I intended to keep the Time Capsule on the network as a backup target for my daughters MacBook, but with WiFi disabled.)
  2. If I set the Guest network purpose to Guest (as opposed to Corporate) clients cannot connect to the internet, and get "to many redirects" errors. If I remove Untangle, or setup the network as corporate the problem doesn't occur, so it is something about how those 2 interact. Disabling ICMP redirects on Untangle has no effect. I haven't worked it out yet, so have the network set as corporate for now.

I still have some work to do to lock down IOT devices etc, but it is all running smoothly, and I am much happier with the security of the network now.

 

My next project is improving my video surveillance, which after my good experience with the WiFi, UniFi is on the short list for. I'm very interested in the UVC-G3-Micro when stock becomes available in NZ. Most of the consumer grade products seem to be created for the purpose of selling over priced cloud storage subscriptions to users!

 

 

 

UniFi'd my Home

by ‎01-11-2018 01:32 PM - edited ‎01-11-2018 01:43 PM

Recently my Apple Airport Extreme died, so I decided to go ahead and do something I have been thinking about for a while now, and redid my home network with UniFi gear.

 

I live in a 3 year old house, which had a single Cat6 outlet in each of the 5 bedrooms and 2 living spaces, wired back to a small in-wall cabinet in the garage. Running additional Cat6 to ceiling mounted APs was not really an option, so I decided to use 3 of the AC In-Wall APs, which gives me good 5GHz coverage throughout the house and small section. I have the 2.4GHz power set to minimum, which gives me plenty of coverage for non 5GHz devices.

Screen Shot 2018-01-12 at 8.54.05 AM.png

 

Screen Shot 2018-01-12 at 8.53.10 AM.png

 

 I got a USG, Switch 8-50W, and CloudKey, mounted in the cabinet, along with the Mac Mini which is running ESXi 6.5. This hosts a couple of VMs including an Untangle NGF which I use for content filtering. The cabling has changed slightly since I took this photo. The USG LAN port now connects to the Thunderbolt ethernet adapter on the Mac Mini, which is the external interface for the Untangle VM. 

 

I was able to do away with the ISP provided router. The USG connects directly to the Fibre ONT. 

 

IMG_333139.jpg

 

Untangle web filtering gives me much more comprehensive information and control over what is happening on the network than what can be achieved with UniFi alone. I wish Ubiquity would build something like this into the USG, but the Untangle Home subscription is only US$50 a year.

 

Screen Shot 2018-01-12 at 9.01.02 AM.png

 

Untangle runs in transparent bridge mode between the USG and Garage Switch. Lets just say that Untangle has shown that my children (13, and 17) aren't as sweet and inocent as I would have liked to believe (but never really did.)

 

Screen Shot 2018-01-12 at 8.56.18 AM.png

 

A couple of issues that I have encountered with my setup:

  1. The WiFi adapter on my ducted heat pump system requires WPS to connect. I have seen reports of people using a WPS enabled AP to program the WiFi adapter, and then turning it off and it connecting to a UniFi network with the same SSID and password, but I have been unable to get this to work. As a workaround I enabled WiFi on my old Apple Time Capsule, and connected the heat pump to that. (I intended to keep the Time Capsule on the network as a backup target for my daughters MacBook, but with WiFi disabled.)
  2. If I set the Guest network purpose to Guest (as opposed to Corporate) clients cannot connect to the internet, and get "to many redirects" errors. If I remove Untangle, or setup the network as corporate the problem doesn't occur, so it is something about how those 2 interact. Disabling ICMP redirects on Untangle has no effect. I haven't worked it out yet, so have the network set as corporate for now.

I still have some work to do to lock down IOT devices etc, but it is all running smoothly, and I am much happier with the security of the network now.

 

My next project is improving my video surveillance, which after my good experience with the WiFi, UniFi is on the short list for. I'm very interested in the UVC-G3-Micro when stock becomes available in NZ. Most of the consumer grade products seem to be created for the purpose of selling over priced cloud storage subscriptions to users!

 

 

 

{"location":{"title":"Howick, Auckland, New Zealand","placeId":"ChIJYbqZByNLDW0RgM6iQ2HvAAU"},"addedProducts":[{"id":"unifi-security-gateway","count":1},{"id":"inwall-ap","count":3},{"id":"unifi-switch-8-60w-b","count":1},{"id":"unifi-switch-8-beta","count":1},{"id":"unifi-cloud-key","count":1}],"solved":"","numbers":"","description":"I went all in on UniFi to replace failed Airport Extreme","mainImage":"138210iB4F87E73B8019313"}

UniFi USG3, S8-60W, S8, 3x AP AC-IW, CK
Comments
by
on ‎01-12-2018 09:14 AM

What software did you use for you two mapping pictures? It looks like it's calculating signal levels based on windows and doors, is that right?

by
on ‎01-12-2018 10:36 AM

@Obideuce in the Unfi controller there is a map view, which you can import the floor plan into, then overlay it with walls etc specifying different construction materials, and input measurements so it can calculate the scale. You then place the APs etc on the map, and it generates that approximate coverage from that. I believe there is a beta version of the software that will allow you to place APs that aren't currently on the controller, so that you can plan a deployment before you buy any APs, but in the current version it is only the APs adopted by the controller.

by
on ‎01-12-2018 10:41 AM

Hmm... Last time I used the ubnt mapping stuff in the controller it didn't look anything like what you've done. It just drew a color gradient approximation of coverage, so I just ignored it at that point, was worthless.

 

I'll have to import my floorplan and give it a try on the current RC. If it looks like what you've attached now it might be worthwhile.

by
‎01-12-2018 10:46 AM - edited ‎01-12-2018 10:48 AM

@Obideuce That's part of the UniFi Controller now - in, I think, 5.6. You can see it in action here: https://youtu.be/_ytJb_SMlr0?t=2m55s

 

Edit: Oops, too slow again! But yeah, what @scotttnz said! It's quite powerful now.

by
on ‎01-12-2018 10:50 AM

I don't know how I missed that, I've been using the betas for a while and yet somehow just overlooked it. 

 

Thanks guys.

by
on ‎01-12-2018 11:49 AM

Any comments on the wall APs? I am thinking about getting them.

by
on ‎01-12-2018 02:43 PM

@marcelokurtz They are good. They cover much more than 1 room. 3 of them cover my 210m house (sorry I don’t know what that is in feet) and small garden with 5GHz no problem, in fact I could probably get away with 2 of them, but they are inexpensive, and having 3 gives me more flexibility with placement. The coverage is actually better than the maps show, because the map for each level does not take into account the coverage from APs on other levels. The garage is covered by the AP directly above in bedroom 4 for example.

by
on ‎01-12-2018 03:38 PM

Cool! Awesome post!

 

How did you get untangle to work? Care to share some instructions or how to?

 

I always want to do this for my kids. How much did it cost you.

 

per device? Per month? for the untangle.

by
‎01-12-2018 06:24 PM - edited ‎01-12-2018 06:33 PM

@cardins2u Untangle have a home use license for US$50 per year, which I think is quite reasonable for the functionality it provides.

https://www.untangle.com/untangle-ng-firewall/untangle-at-home/

There is also a free version with restricted apps which may do everything you need, so have a look into that. They main reason I paid for the Home Pro license was to get the ability for multiple user profiles, so that I can have different web filter rules for different users.

 

You can deploy Untangle on your own pc, buy an appliance from them, or as a virtual appliance on VMware, which is what I did. Deploying on VMware is pretty straight forward, as you can download it as an OVA and import that into VMware, but there are a couple of gotchas.

 

  1. Obviously you need 2 NICs, 1 configured  on each of 2 vSwitches, one as the external network, and the other internal.
  2. Both vSwitches must be configured to Allow promiscuous mode
  3. If you arer using multiple VLANs then the port groups for the internal and external networks need to be configured as VLAN 4095 to allow all VLANs.

This is how my networks are configured:

 

 Screen Shot 2018-01-13 at 3.15.48 PM.jpg

So the nework is connected: ISP Fibre ONT>USG WAN>USG LAN>ESXi Host Ext>vSwitch1>Untangle Ext>Untangle Int>vSwitch0>ESXi Host Int>UniFi Switch

 

I followed this guide to configure the VLANs, as I have Untangle in transparent bridge mode (You can set it up as router.)

 

https://wiki.untangle.com/index.php/Network_Configuration#Configuring_VLAN_on_Untangle_in_Bridge_Mod...

 

Hope that helps.

by
on ‎01-12-2018 08:16 PM

thank you. I'm trying that right now. Spinning up my VM.