Q&A: Ubiquiti Edition

Originally Posted: October 31st, 2021


Table of Contents

  • What hardware do I need? ↩︎
  • What is a UniFi OS Console? ↩︎
  • Do I need the Network application? ↩︎
  • How can I run the Network application? ↩︎
  • What about Protect and other applications? ↩︎
  • What is the benefit of using a UniFi router or switch? ↩︎
  • How can I manage my UniFi network remotely? ↩︎
  • What PoE Injector do I need for a U6-Lite/U6-LR? ↩︎
  • Can I damage equipment by using the wrong injector? ↩︎
  • Do I need a UniFi mesh AP to use wireless backhaul? ↩︎
  • Can I use the Ethernet port on a UniFi AP to connect to a wired device? ↩︎
  • Which Wi-Fi access point should I buy? ↩︎
  • What parental control options does UniFi give you? ↩︎
  • How do I setup a Point-to-Point radio like the NanoBeam 5AC? ↩︎

A handful of UniFi access points


What hardware do I need for a UniFi network?

A UniFi network can be made up of:

  • UniFi router/firewalls
  • UniFi switches
  • UniFi Wi-Fi access points

UniFi networks are modular, so you can pick and choose which parts you want. Ethernet, PoE, VLANs, and most networking features are based on industry standards. This means they will work between vendors, and it is OK to mix and match. You can use a UniFi switch with other access points, or setup a UniFi network with a different vendor's firewall or router. The main downside to mixing equipment is that you will have to manage them separately.

See my UniFi comparison charts to compare the different models of UniFi hardware.


Return to Table of Contents

What is a UniFi OS Console?

All UniFi network hardware is configured and monitored by the UniFi Network Application. This software can either run on your Ubiquiti equipment, or be self-hosted.

A UniFi OS Console is a Ubiquiti hardware device that runs UniFi software. Some only run the network application, and some support the other UniFi applications like Protect, Access, Talk, LED or Connect.

Network Only

  • Dream Machine
  • Cloud Key Gen 1
  • Cloud Key Gen 2

Protect Only

  • Network Video Recorder
  • Network Video Recorder Pro

Network + Protect

  • Dream Router

Network + Protect + Access + Talk + LED + Connect

  • Cloud Key Gen 2+
  • Dream Machine Pro
  • Dream Machine Pro SE

Return to Table of Contents

Do I need the UniFi Network Controller/Application to use UniFi?

You can setup UniFi APs and switches in “standalone mode“ with the mobile app, but with limited settings features. I would recommend running the UniFi Network software for any permanent setup.


Return to Table of Contents

How can I run the UniFi Network Controller/Application?

You have two main options: self-host the software or use a UniFi OS Console. For a single UniFi site, the easiest option is to use a UniFi OS Console to run the software. This would be a UniFi Cloud Key or Dream Machine.

If you use a Dream Machine or Dream Machine Pro for your router, those have the UniFi Network Application built-in. Dream Machines cannot be managed by external or self-hosted controllers, making them a bad fit for service providers with multiple sites. If you need to manage multiple Dream Machines, you can manage them individually through the free unifi.ui.com cloud portal.

You can also install the UniFi Network application on a PC, server, cloud service, or use a service like HostiFi. Hosting the software yourself is more flexible and scalable, but self-hosted controllers cannot run the other UniFi applications like Protect or Access. They also cannot manage Dream Machine based networks.


Return to Table of Contents

What about Protect and other UniFi applications?

UniFi also offers other applications and hardware which integrate with the network devices. These are optional add-ons to your UniFi network.

  • UniFi Protect for DVRs and security cameras
  • UniFi Access and UID for door locks and access control
  • UniFi Talk for VoIP phones
  • UniFi LED (LED hardware no longer sold)
  • UniFi Connect (Early access only, link only works when logged into a Ubiquiti account with EA access)

To run these other programs, you'll need one of these UniFi OS Consoles:

  • Cloud Key Gen2+
  • Dream Machine Pro
  • NVR (Protect only)
  • NVR Pro (Protect only)

In Early Access:

  • Dream Machine Pro SE
  • Dream Router (Protect only)

Return to Table of Contents

What is the benefit of using a UniFi router or switch?

The main benefit of a complete UniFi network is centralized management. All configuration and monitoring will rely on the UniFi Network Application. There are also some software features which require certain components. For example, if you don't have a UniFi router, you'll miss out on traffic statistics and guest Wi-Fi portals. Routing and firewall features would need to be controlled by whatever other equipment you're using rather than in the UniFi controller.

A common situation is to use UniFi for Wi-Fi and PoE switches, but a different router/firewall. UniFi routers integrate well into the software, but they are limited when it comes to features and flexibility. A more advanced firewall can be used instead, or you can use a basic ISP router to get your UniFi Network started. In those situations, the UniFi Network application would only be used to manage the wireless and switches.


Return to Table of Contents

How can I manage my UniFi network remotely?

One option is to run the UniFi Network controller software locally on the network. It can be run on a PC, server, Raspberry Pi, or UniFi Cloud Key at the site. With any of these options you can use a VPN to remotely connect, or lean on Ubiquiti's free cloud service to gain remote access. If you sign into the controller with your Ubiquiti account, you can make the controller available remotely at unifi.ui.com.

You can also host or build your own UniFi controller in the cloud, or use a service like HostiFi. With a hosted controller you can remotely access the network the same way, either through a VPN or Ubiquiti's cloud service. You can also make the controller publicly available on your own domain. This is usually the best method if you have multiple UniFi sites, because you can use a single controller and layer 3 adoption to manage them in one place.

Things are a little different with UniFi Dream Machine networks. Dream Machines cannot be adopted to an external controller, so you have to use the built-in one. You can still use a VPN for remote access, or rely on Ubiquiti’s free cloud portal. You cannot adopt or manage them in a hosted controller though. If you have multiple Dream Machines sites, the easiest way is to use Ubiquiti's cloud portal to manage them individually.


Return to Table of Contents

What PoE Injector do I need for a U6-Lite/U6-LR?

You need a 48V injector like the U-POE-at.

With other devices, make sure that the voltages match, and the injector can supply enough amps. Read Recommended Injectors for UniFi PoE Devices for more details.


Return to Table of Contents

Can I damage equipment by using the wrong injector?

Damage usually occurs when plugging a non-PoE device into an injector, or a device that requires a different voltage. Power injectors constantly send power, meaning they supply passive PoE. Passive PoE from an injector can damage a device that requires a different voltage.

A PoE switch that supports standard 802.3 PoE safely negotiates the power level with the device. This is known as active PoE, and it should never damage a device in normal use. 802.3af (PoE) and 802.3at (PoE+) devices typically operate at 48V, and can be powered by a 48V injector. Always check the supported voltage range of the device before plugging it in if you're not sure.

You need to be more careful with Ubiquiti's 24V passive PoE devices like the NanoBeam 5AC. 24V devices only accept 24V in, and their internal circuitry can be overloaded if you use a higher voltage injector. Older UniFi equipment and most of Ubiquiti’s PtP and PtMP radios use passive 24V, but most current UniFi models are either 802.3-based or 48V.


Return to Table of Contents

Some of the many models of Ubiquiti PoE injectors

Do I need a UniFi mesh AP to use wireless backhaul?

No. All 2nd generation (AC Wave 1) or newer APs can do mesh, meaning they can operate with wireless backhaul. That includes every currently sold UniFi AP including the AC-Lite, AC-Pro, AC-HD, nanoHD, etc. Only very old models supporting 802.11n (which are no longer sold) can't work this way.


Return to Table of Contents

Can I use the Ethernet port on a UniFi AP to connect to a wired device?

Yes, but I would recommend an AP that has two Ethernet ports for a situation like this. This allows for more flexibility, and a wired connection to the network as well as the device. If you have an AP with a single Ethernet port you’ll need to use wireless backhaul to connect to the network, which limits performance.

List of APs with two ports, one of which can bridge a connection to a wired device:

  • AC-Pro
  • AC-Mesh-Pro
  • AC-HD
  • AC-SHD
  • UAP-XG
  • UWB-XG

In-Wall Models

  • AC In-Wall (2 LAN ports, 1 48V Passive PoE passthrough)
  • AC In-Wall Pro (Discontinued)
  • In-Wall HD (4 LAN ports, 1 48V Passive PoE passthrough)

Return to Table of Contents

Which Wi-Fi access point should I buy?

The right choice depends on the kind of network you're trying to make and what your budget is. These days, it also matters which models are in stock and available at their MSRP.

General Recommendations for New Installs:

Indoor coverage:

  • U6-Lite
  • U6-LR
  • NanoHD

Outdoor coverage:

  • FlexHD
  • AC-Mesh-Pro
  • AC-Mesh

High-density networks with a lot of devices:

  • AC-HD
  • UAP-XG

If you have Ethernet run to a wall plate and want some Ethernet ports:

  • In-Wall-HD

If Ethernet isn't possible:

  • BeaconHD

See my UniFi Comparison Charts for more details and a comparison of all AP models.


Return to Table of Contents

What parental control options does UniFi give you?

The parental control settings available in UniFi used to be pretty limited, but they have improved with the latest software. They are available under the security/threat management settings. There are all the basic firewall and security settings you’d expect, and some more network-wide things like blocking access to certain bad things. You can also specify which domains, ports, and applications can be accessed, how often, and even limit the bandwidth dedicated to specific traffic.

You can make broad rules which apply to the entire network, or make rules that apply to certain devices or groups of devices. This would allow you to setup something like "don't allow access to Facebook after 9 PM" or "never allow access to online gaming".

I haven't fully tested these newer features, but in general, anything you do on the network side is going to have some holes and limits. I don’t usually recommend going down the “parental control via the network” route. I think it makes more sense to put these kind of restrictions in at the device level. If they have iOS devices, Apple has a good set of features, and I believe Android does as well.


Return to Table of Contents

How do I setup a Point-to-Point radio like the NanoBeam 5AC?

I’d recommend giving the NanoBeam Datasheet and AirOS 8 User Guide a look. Those should get you familiar enough with the GUI to be dangerous. I also tried to explain the basics in my Intro to Ubiquiti PtP and PtMP Radios.

First, you'll need a way to power both of the NanoBeams with 24V Passive PoE. That is usually handled by the included power injector, but you could use a 1st Gen UniFi switch or an EdgeSwitch which supports 24V output.

Configuration is fairly straightforward. Make one an “AP” which means it dictates the SSID and password. The other should have AP mode off, and will find the other radio and link to it. Pick a clean channel and a complex password. Keep your channel width low (20 MHz or so) unless you need max throughput, and you have enough clean 5 GHz spectrum around you.

Networking wise, by default it acts as a wireless cable. The radios will pass all traffic and VLAN tags. If you’re trying to do more advanced things like hand off untagged access to a tagged VLAN, you want to switch to “advanced” configuration mode under network settings. Otherwise it’s fairly plug and play.

My number one tip for when you're doing this for the first time is to configure them on the ground, before you try to mount them. Also, get a paper clip to hit the reset button. You’ll thank me later.

The NanoBeam 5AC Gen 2 makes for a good mirror

Evan McCann

Nerd writing about Wi-Fi, Networking, Ubiquiti, and Apple.

Previous
Previous

Q&A: Wi-Fi Edition

Next
Next

Zen and the Art of Home Networking