McCann Tech

View Original

UniFi Switches Explained

Originally Posted: June 2nd, 2020
Last Edited: September 25th, 2023


UniFi Switches Explained

Making Sense of the UniFi Switch Lineup

UniFi is a software-defined networking ecosystem with multiple product lines, generations, and a variety of models to pick from. I’ve covered the options for UniFi routers and UniFi wireless access points, now lets talk about UniFi switches.

This post attempts to explain what UniFi switches are, what they are good for, and what they are not. If you want to compare all current UniFi switch models and their specs, refer to my UniFi switch comparison and buyers guide. If you’re not familiar with UniFi, you may want to read my explanation of the UniFi ecosystem or see the other posts in my Ubiquiti Guide. Most product links in this post are Amazon Affiliate links.

Table of Contents


UniFi vs. EdgeSwitch and UISP

For Ubiquiti switching, there are two separate options: UniFi and EdgeSwitch/UISP.

EdgeSwitches are older, more traditional managed switches, with command line (CLI) and individual web interfaces for configuration. EdgeSwitches also have optional integration with the UISP software controller. The newer UISP-branded switches are tied closely to the UISP software, have no web interface, but still offer a CLI for manual configuration. I cover EdgeSwitch and UISP hardware briefly below, but I cover them in more detail in my UISP Switch review.

UniFi devices are software-defined, so you need to use the UniFi Network application rather than a CLI or individual web interface. SSH’ing into a UniFi switch allows you to point it to your UniFi controller with a set-inform command, and not much else. UniFi switches do have a limited CLI you can drop into (by issuing a “cli” or “telnet localhost” command), but they are designed to be fully controlled by the UniFi Network software. Network admins and operators who prefer a CLI should look at UISP or EdgeSwitches, or find another vendor that matches their needs.

UniFi Switch Tiers and Layer 3 Asterisks

UniFi Switches are cost-effective managed L2 switches, with optional L3 features

Generally speaking, UniFi switches are well-built and cost-effective. There are a wide range of form factors, port types, and amounts of PoE. They are easy to setup and operate, but lack some of the advanced features you see on command-line driven managed switches like an EdgeSwitch or MikroTik switch. UniFi switches cover the basics like VLANs and PoE, but aren’t always the best fit in more advanced networks with higher feature requirements.

Most UniFi switches operate at layer 2, meaning they can handle VLANs but cannot act as a router. The 2nd generation pro and enterprise UniFi switches have some layer 3 features such as static inter-VLAN routing and DHCP, but they require a separate router or firewall for everything else. UniFi L3 switches can’t compete with a true enterprise product from a vendor like Cisco or Juniper. UniFi switches are a fraction of the price and don’t require licensing, so they compete in different markets. As with all network design and purchasing decisions, what matters most is your budget and your use case.

The main point I’m trying to make here is that if you expect a UniFi switch to be your only layer 3 device, you’re going to be disappointed. Adding layer 3 at the switch level usually doesn’t make sense in small to medium sized networks, and I wouldn’t recommend relying on UniFi layer 3 switches in general. If you’re working on a large multi-building network with high requirements, UniFi may not be the best fit. I’ll cover this in more detail if I ever get around to finishing my USW-Enterprise-8-PoE review.

Putting the L2/L3 differences aside, the 2nd generation pro models also have some other advantages over the non-pro UniFi switches.

2nd Gen Pro models add

  • Higher PoE budgets. The 2nd generation non-pro models are fanless and have very limited PoE budgets

  • Faster fiber uplinks: SFP+ (10 Gbps) vs. SFP (1 Gbps) on the non-pro models

  • 802.3bt PoE++ (60W) ports vs. 802.3at PoE+ (30W) on the non-pro models

  • Support the UniFi RPS for redundant power

2nd Gen Enterprise and XG models add

  • More 10 Gbps SFP+ interfaces

  • Faster interfaces: 2.5/5/10 Gbps RJ45 Ethernet and 25 Gbps SFP28

Due to their limited layer 3 feature set, UniFi switches require a UniFi USG, UDM, UXG or some other router or firewall for L3 connectivity. Without a layer 3 device, you won’t be able to route between VLANs or subnets and reach the Internet, and without a true firewall the security of your network is limited. If you want more detail about the network layers and how routers and switches work together, see my Intro to VLANs and Network Layers.

EdgeSwitches and UISP Switches

EdgeSwitches are more focused on CLI management and advanced features.

Ubiquiti has an older line of switches called EdgeSwitch, which is part of the EdgeMAX line. EdgeMAX devices are more focused on network operators and advanced features. There are routers, switches, fiber terminals, and a wide variety of point-to-point and point-to-multi-point wireless radios to pick from. These all can tie into the UISP software, but they are fully controllable on their own.

EdgeSwitches are more flexible and capable, and are a better fit for network operators, WISPs, managed service providers, and other more advanced networks. If you need features like link aggregation, TACACS+, RADIUS, 802.1X, MAC filtering, ACLs, or static routing, you’re better off with an EdgeSwitch than a UniFi switch. UniFi switches support many of these features, but are often less configurable, poorly documented, and less reliable.

EdgeMAX products are managed with a per-device web interface, or via SSH. These web interfaces are not as polished or pretty as UniFi, but they expose more advanced features than UniFi does. EdgeSwitches also have the full EdgeOS CLI for configuration. If you’re familiar with JunOS or IOS, you’ll be able to figure out your way around. See Ubiquiti’s CLI Command Reference user guide for more details.

EdgeSwitches have an optional web interface overlay called UISP, which is similar to the UniFi controller. UISP is limited when it comes to EdgeSwitch configuration, and it doesn’t have every option that the device’s individual web GUI or CLI has. Think of UISP as an easy way to monitor all of your AirMAX, LTU and EdgeMAX devices, rather than a single interface for configuring everything like the UniFi controller.

In late 2022, the biggest issue with EdgeMAX is the lack of hardware availability, and investment from Ubiquiti. There are clear signs that UISP hardware is the way forward, and EdgeMAX is the past. I covered this in a lot of detail in my UISP Switch review, so I won’t repeat myself here.

UniFi Vs EdgeMAX vs Other Brands

Deciding between UniFi, EdgeMAX, UISP, or some other brand depends on your needs. The right solution varies with what kind of network you are trying to build, and what features you need to accomplish that. If you are comfortable with command line configuration and have complex needs, another vendor is probably a better option. This guide focuses on UniFi switches, but it’s worth noting some EdgeSwitch models are the same hardware as the first generation UniFi switches, with an EdgeOS CLI and UISP instead of the UniFi controller. The newer UISP switches are not as mature, but are worth considering if you want your switch to tie into the UISP NMS and UCRM software.

UniFi switches have less advanced features, but they have the advantage of being part of an easier-to-use and expandable ecosystem. UniFi is usually the better option if you’re not confident in your networking skills, or don’t need advanced switching features. If you’re considering a UniFi switch, the first thing to understand is the differences between the 1st generation and the 2nd generation models.


Return to Table of Contents

UniFi Switch Generations

UniFi switches start at the $29 USW-Flex-Mini, and go up to the $1,599 USW-Enterprise-48-PoE. UniFi has a lot of options in between, and it is a crowded and confusing lineup. If you want to see a full comparison of all UniFi switch models and their specs, see my UniFi Comparison Charts and UniFi Switch Comparison and Buyers Guide.

To break the dozens of models into understandable chunks, the first thing to cover is the 1st vs. 2nd generation. An easy way to identify which generation they belong to is what their model name begins with:

  • 1st generation models begin with “US-” such as the US-8-150W.

  • 2nd generation models begin with “USW-” such as the USW-24-PoE.


1st Generation UniFi Switches

The first generation UniFi switches have been around for a while. Despite their age they are still cost-effective managed layer 2 switches, with optional power over Ethernet support. There are an array of models ranging from the 8-port desktop models, up to the rackmount US-48-500W, and two XG models which have 10 Gbps interfaces.

Despite all the options, picking the right 1st generation switch is easy. Find the one with enough ports, speed, and PoE support, and you’re done. The bigger question now is how long they are going to be supported for, and how many more years of software and firmware updates they will get. So far there is no indication the 1st generation models are going to be discontinued, but Ubiquiti doesn’t generally announce those things ahead of time.

1st Generation UniFi Switches

  • Switch 8 Gen1 (US-8)

  • Switch 8 PoE Gen1 (US-8-60W)

  • Switch 8 PoE, SFP Gen1 (US-8-150W)

  • Switch Standard 16 PoE Gen1 (US-16-150W)

  • Switch Standard 24 Gen1 (US-24) — No longer listed in US store

  • Switch Standard 24 PoE Gen1 (US-24-250W)

  • Switch Standard 48 Gen1 (US-48) — No longer listed in US store

  • Switch Standard 48 PoE Gen1 (US-48-500W)

  • Switch XG 6 PoE / 6X 10 GbE PoE, SFP+ Gen1 (US-XG-6PoE)

  • Switch 16 XG / 16X 10GbE Gen1 (US-16-XG)

All 1st Generation UniFi Switches

A common complaint with the first generation models are their loud fans. It is possible to replace them with quieter Noctua fans, or you can throw it in a network closet and forget about it. If you just need basic L2 switching and PoE, the first generation models are still worth considering, especially if budget and availability are more important than future software support.

Also worth noting — if serial console out-of-band management port is something you need, the first generation switches have it, and the second generation models do not.

XG UniFi Switches

If you want 10 Gbps ports for clients, or need a distribution switch to aggregate other switches, the XG series has a few options. Some are in the 1st generation, some are in the 2nd:

  • The US-XG-6-PoE has four 1/2.5/5/10 Gbps RJ45 Ethernet ports with PoE++. It also has two 10 Gbps SFP+ interfaces.

  • The US-XG-16 has twelve SFP+ interfaces, and four 1/2.5/5/10 Gbps RJ45 Ethernet ports. No PoE.

  • The USW-Flex-XG is a 2nd gen model, with one 1 Gbps and four 1/2.5/5/10 Gbps RJ45 Ethernet ports. No PoE.

  • The USW-EnterpriseXG-24 is a 2nd gen model, with twenty-four 1/2.5/5/10 Gbps RJ45 and two 25 Gbps SFP28 interfaces. No PoE.

The XG UniFi switches are meant for larger or high-performance networks, where 1 Gbps links would be bottlenecks. If you are a home user, you might have the need for 10 Gbps links, but these are intended for aggregating multiple access switches and forming the core of a campus network. Of course, if you have the need for speed at home or in your lab, you may want an XG model.


Return to Table of Contents

2nd Generation UniFi Switches

Ubiquiti calls them “Gen2” but I am going to call them 2nd generation. Whatever you call them, Ubiquiti’s newer UniFi switches split things into a few tiers. There are models which replace the 1st generation switches, and the higher pro and enterprise tiers.

The non-pro 2nd Generation UniFi rackmount switches:

  • Are smaller and lighter than the models they replace.

  • Have lower fan noise — the non-pro models are fanless. The pros have fans, but are quieter than the 1st generation models.

  • Have a small touchscreen on the left side of the device, like the UDM-Pro. This screen shows stats and info about the device, and the network it is on. They also integrate with the UniFi AR feature, which lets you use a phone to virtually see what is connected to each port.

  • Do not have a serial console port. All management has to be done over Ethernet in-band. (EdgeSwitches still have console ports!)

The 2nd Generation Pro models have:

  • Basic layer 3 features like static routing (supported as of firmware version 4.3.13.11253) and inter-VLAN routing.

  • Redundant power support via the USP-RPS.

  • SFP+ fiber uplinks (10 Gbps)

  • 802.3bt PoE++ support

The 2nd Generation Enterprise models have:

  • All of the pro tier features

  • 2.5 Gbps multi-gigabit RJ45 Ethernet with PoE+ on some models

  • 25 Gbps SFP28 ports on some models

2nd Generation UniFi Switches (Non-Pro, Non-Enterprise)

All (non-pro, non-enterprise) 2nd Generation UniFi Switches

2nd Generation Pro UniFi Switches

The 2nd generation Pro models feature L3 support, higher PoE budgets, and 10 Gbps SFP+ or 25 Gbps SFP28 interfaces. The USP-RPS can be used for redundant power on all models that support it.

All 2nd Generation Pro UniFi Switches

2nd Generation XG and Enterprise UniFi Switches

Enterprise is a level above pro, featuring 2.5 or 10 Gbps RJ45 Ethernet ports,, and 10 Gbps SFP+ or 25 Gbps SFP28 interfaces.The USW-Flex-XG does not support L3 operation, but offers multiple 10 Gbps RJ45 ports in a small desktop enclosure.

All 2nd Generation Enterprise UniFi Switches

For more detail and comparisons, see my UniFi Comparisons Charts.


Return to Table of Contents

PoE and Power Injectors

There’s a lot to cover when it comes to PoE, so I’ll try to keep it as simple as possible. There are 4 main types of PoE to know about:

  • Passive 24V and 48V PoE — Ubiquiti’s standard, mostly used on EdgeMAX, AirMAX, and older UniFi devices

  • Standard 802.3af PoE — up to 15W

  • Standard 802.3at PoE+ — up to 30W

  • Standard 802.3bt PoE++ — up to 60W

I’ll use the PoE, PoE+, PoE++ names as shorthand. It is important to consider the type of PoE you need for your devices, and to make sure that you have enough PoE budget on your switch to power all your devices. Otherwise, you will need to rely on separate power injectors.

PoE Passthrough

PoE passthrough is when a PoE device can receive power and also pass PoE to another downstream device. A common example would be a 24 port PoE switch, feeding an In-Wall-HD access point, with a video camera connected to the In-Wall-HD. The key part is that all three devices are drawing their power from the 24-port PoE switch. In situations like that, you need to be especially careful about what PoE support your switch or voltage and amperage of your PoE injector.

If you are planning on using PoE passthrough on switches like the USW-Flex, or access points like the In-Wall-HD, you should supply them with the higher-wattage PoE+ or PoE++. Devices with PoE passthrough will usually function when fed with standard 15W PoE, but will not reliably power downstream devices unless they receive their maximum rated power input. For example, the USW-Flex can provide 8W with PoE in, 20W with PoE+ in, and 46W with PoE++ in.

If you want more details, refer to this Ubiquiti help page on supported PoE protocols.

UniFi Switches With 60W 802.3bt PoE++

UniFi Switches With 30W 802.3at PoE+

UniFi Switches With 15W 802.af PoE

UniFi Switches With 24V Passive PoE

UniFi Switches With 48V Passive PoE

  • US-8 — When using PoE passthrough

Power Injectors

Another option is to use power injectors, which can be sometimes be a point of failure or speed limitation. Make sure to get a gigabit-capable injector, since Ubiquiti still sells 100 Mbps injectors and it can be hard to tell them apart. Double check the model number and verify gigabit support (“G” in the model name) before purchasing. The safest option is to go with the U-POE-AF, U-POE-AT, or POE-50-60W.

Most single pack UniFi access points or cameras will come with the needed power injector, which allow them to be used with a non-PoE switch. Most of the new Wi-Fi 6 wireless access points don’t come with a power injector, so be careful if you’re planning to get a U6-Lite or U6-LR, or a U6-Mesh or U6-Pro.


Return to Table of Contents

PoE Budget Considerations

One limitation of the regular second generation switches is their limited PoE budget. PoE budget refers to the total amount of power available for all PoE devices. Since the non-pro 2nd generation models are fanless, they also have smaller power supplies, and a smaller PoE budget.

This is most obvious when comparing the older $299 US-16-150W to the new $299 USW-16-PoE. The 2nd generation model is the same price, but the power supply is 60W vs. the 1st generation’s 150W. Even though the new one has 8 PoE+ ports, you can technically use your full PoE budget with 2 or 3 devices. If you are using lower-power devices you can stretch it further, but 42W of PoE budget isn’t a lot to work with. It’s easy to surpass that if you’re planning on maxing out all of the available ports with wireless access points or cameras.

It’s also worth pointing out that PoE devices don’t always consume their maximum rated power draw. The spec sheet will specify the maximum amount the device can use, but during normal operation they won’t use that much. For example, the U6-Pro requires 802.at PoE+ or 48V passive, and maxes out at 13W. During normal use it usually consumes around 5 to 7 watts of power.

PoE+ devices like the U6-Pro will usually operate with 802.3af input, but they will be unreliable. It’s never a good idea to push past your budget, feed a PoE+ or PoE++ device with a lower tier of PoE, or supply the wrong voltage. Always follow the recommended input power, and never provide less the required power or a different voltage.

If you’re in the middle ground or want to leave room for expansion, it can be hard to decide which to get. For most home users the non-pro 2nd generation models should be enough, and you’ll appreciate the lack of noise. For those planning to use the extra features and a lot PoE devices, the 2nd generation pro models are probably a better fit. If you only need lots of ports and lots of PoE, the first generation switches are still around.

PoE Budget Examples

For a more detailed comparisons of PoE budgets, refer to my UniFi Comparison Charts.


Return to Table of Contents

Zooming Out

It’s easy to get lost in the details

If you take a larger view, there are a lot of available options for switching in the UniFi ecosystem. If you don’t need multiple VLANs and a segmented network, there’s nothing wrong with grabbing a budget unmanaged gigabit switch and using it in your network. If you want to be able to use multiple VLANS and need segmentation and inter-VLAN routing, there’s enough variety in the UniFi switch lineup that you should be able to find something that fits your network. There’s also a lot of other brands out there if UniFi isn’t for you.

Refer to my UniFi Switch Comparison and Buyer's Guide for a full breakdown of all available UniFi switches.

See this gallery in the original post