My first entry into the Ubiquiti ecosystem...now what?

[kosymodo]

I have FTTP, and have been running a Netgear RAX20, with only a few issues to date. Those being varying WiFi signal throughout my property.

The thing with my property is that the ONT is hidden away under the stairs, meaning that any router I have is consigned to being situated under the stairs too. This is (I believe) the root cause of the problems with the WiFi coverage.

From the understairs cupboard, the developers ran a run of Cat6 cable up to the main bedroom, which I have extended to run up to the loft. In the loft I have a patch panel linking to dropped Cat6 cables to the other bedrooms. I also have a dumb switch alongside the patch panel.

I treated myself to a UAP-AC-Lite over Christmas, and have hooked it up today (not yet ceiling mounted though). When mounted, this will be located on the upstairs ceiling, pretty much dead centre of the whole house. The initial tests have been very positive - I've switched off the wireless radios on the RAX20, and WiFi coverage from the UAP-AC-Lite seems very good throughout the house.

Now that the RAX20 is serving as only a router, I'm left thinking that I could replace this with something else, possibly another Ubiquiti product. I've read through others' accounts of Ubiquiti products being the best prosumer devices on the market, and may well take this opportunity to start my journey to (slowly) kitting myself out with Ubiquiti products.

The question is, what should I be looking to purchase next? Am I correct in thinking that the USG route is the logical way to go, or am I best opting for a different product?

I've sketched a very quick network diagram for ease of understanding what I'm currently working with.

Any help offered would be very gratefully received!

 

[kosymodo]

If anyone can help me with my image posting (tried using ImgBB), it would also be appreciated!

 

[jaf2212]

What speed do you get with your FTTP?

The USG with all settings on can limit speed, the USG Pro not as much but then there is the UXG due which is better

Avoid the UDM Pro, the UDM is an all in one and a good bit of jit

 

[kosymodo]

What speed do you get with your FTTP?

The USG with all settings on can limit speed, the USG Pro not as much but then there is the UXG due which is better

Avoid the UDM Pro, the UDM is an all in one and a good bit of jit

150/26 for now...may well increase in the short/medium-term

 

[jaf2212]

150/26 for now...may well increase in the short/medium-term

In which case the USG would limit that

Are you looking to rack mount?

 

[kosymodo]

In which case the USG would limit that

Are you looking to rack mount?

Nope, it'll have to be located in the understairs cupboard, whereas my rack (patch panel and switch) is in the loft...not looking for pros and cons of lofts in this thread though

What would the USG limit to? Also, in simple(ish) speak, what would be the cause of the limit?

I tried adding an image of my rough network diagram in my OP, but it failed...

 

[jaf2212]

Not going to debate lofts, so you're fine there

I was told the USG will limit to 80 ish when looking at one so I went with the UDM which is over 800 but unable to test as my fibre is 250/25

 

[WJA96]

One option (and you don’t have to have it turned on) on the USG is a Beta feature called Intrusion Prevention System or Intrusion Detection System (IPS/IDS). In reality, unless you regularly surf dodgy websites or open e-mails promising to show you pictures of Anna Kournikova then you probably don’t need it. If you turn it on then the USG-3P will route roughly 130Mbps up/down. The USG-4P (Pro) will route 350-ish Mbps but you can upgrade the RAM to get that to almost 500Mbps. If you don’t turn it on then they’ll both happily route 1Gbps.

 

[Avalon]

It always starts with the AP's and that nice gap where you could have switch/router data if you buy into the Unifi system

First up lets be realistic here, is the RAX20 doing/not doing anything that you want/need it to do? If so, what? No harm in just wanting something new, but if that something new doesn't do what you want/need, it's not so great. Next as pointed out above in numerical form, the USG line has potential future limitations, in residential terms basic IPS/IDS is likely of limited value, but if you're buying a shiny new router with extra features, you would hope they work well enough now and in the future, so the question becomes how fast would you like to go and how quickly do you anticipate upgrading? I mean if you pick up a used USG for £50ish now and it does you a year or two or you're happy to run without IDS etc, you aren't going to loose much when you come to upgrade. But if you buy a new £250 USG-4 Pro and want to run symmetrical gigabit with all the bells and whistles asap, that's going to be a problem. You could look at the UDM, it's a combined router/AP/switch/controller, but as the main Ubiquiti thread will tell you, it's not a finished product on the software side in the same way the USG is now, but it is the future of Unifi.

You also have other options, the negate devices are quite reasonable, but pfsense is more feature rich and GUI poor than Ubiquiti kit, something like Untangle gives similar functionality and is more GUI friendly, but you end up running a PC as a router, while a lot more capable and cheaper up front, the ongoing costs can be higher.

 

[kosymodo]

One option (and you don’t have to have it turned on) on the USG is a Beta feature called Intrusion Prevention System or Intrusion Detection System (IPS/IDS). In reality, unless you regularly surf dodgy websites or open e-mails promising to show you pictures of Anna Kournikova then you probably don’t need it. If you turn it on then the USG-3P will route roughly 130Mbps up/down. The USG-4P (Pro) will route 350-ish Mbps but you can upgrade the RAM to get that to almost 500Mbps. If you don’t turn it on then they’ll both happily route 1Gbps.

OK, you’ve explained IDS/IPS well, and I can see I wouldn’t need it. Therefore, the USG seems to be a possible choice.

Might be a silly question, but does the 3P suffix denote 3 ports? My understanding is that all ports on the USG can be configured to be either WAN or LAN. Is that right? So I’d have the WAN to connect to the ONT, then 2 LAN ports, right?

 

[kosymodo]

It always starts with the AP's and that nice gap where you could have switch/router data if you buy into the Unifi system

First up lets be realistic here, is the RAX20 doing/not doing anything that you want/need it to do? If so, what? No harm in just wanting something new, but if that something new doesn't do what you want/need, it's not so great. Next as pointed out above in numerical form, the USG line has potential future limitations, in residential terms basic IPS/IDS is likely of limited value, but if you're buying a shiny new router with extra features, you would hope they work well enough now and in the future, so the question becomes how fast would you like to go and how quickly do you anticipate upgrading? I mean if you pick up a used USG for £50ish now and it does you a year or two or you're happy to run without IDS etc, you aren't going to loose much when you come to upgrade. But if you buy a new £250 USG-4 Pro and want to run symmetrical gigabit with all the bells and whistles asap, that's going to be a problem. You could look at the UDM, it's a combined router/AP/switch/controller, but as the main Ubiquiti thread will tell you, it's not a finished product on the software side in the same way the USG is now, but it is the future of Unifi.

You also have other options, the negate devices are quite reasonable, but pfsense is more feature rich and GUI poor than Ubiquiti kit, something like Untangle gives similar functionality and is more GUI friendly, but you end up running a PC as a router, while a lot more capable and cheaper up front, the ongoing costs can be higher.

Haha, yeah, slippery slope, like many of my other hobbies!

The RAX20 isn’t performing well in terms of WiFi coverage. More than likely due to its enforced location. All other functions are OK. However, now that I’ve got the Ubiquiti AP, and the RAX20 is effectively overkill in terms of just acting as a router, I thought maybe a good idea to sell it and use proceeds towards a Ubiquiti product as a replacement.

Seems the USG could be OK for my use, now that I realise I don’t need the IDS/IPS.

I’m more than happy with Aquiss, and their max FTTP speed is 150/26, so reasonably safe to use that as my max requirement in the short/medium term.

UDM looks interesting, I’ve heard some good things, but out of my budget. I reckon I’m looking max £150.

 

[WJA96]

OK, you’ve explained IDS/IPS well, and I can see I wouldn’t need it. Therefore, the USG seems to be a possible choice.

Might be a silly question, but does the 3P suffix denote 3 ports? My understanding is that all ports on the USG can be configured to be either WAN or LAN. Is that right? So I’d have the WAN to connect to the ONT, then 2 LAN ports, right?

I don’t know what the -3P and -4P stand for. One the very early USG-3P the ports were labelled WAN, LAN and VOIP whereas now it’s WAN, LAN and LAN2 but in truth they are all mappable so if you want the WAN port on LAN2 for some reason, you can set that. Similarly, the USG-4P or Pro has fully mappable ports including the SFP port if you want to use that for WAN or LAN.

One thing I would point out is that although technically UBNT haven’t stopped supporting the USG line, they have stopped development on it and they’ve only released one firmware update in 7 months which fixed a security bug. It’s certainly not EoL (UBNT say it’s ‘feature complete’) but it’s the old UniFi system as opposed to the new Gen2 stuff which is very much featured around the UBiOS platform and powers the UDM line of routers as well as the Gen2 Level3 switches and some of the newer EdgeMax kit.

So I’m not sure I’d buy a new one. The market in used UniFi kit is very healthy so you won’t save a massive amount by buying used but you should be able to get a USG-3P for £50-65 if you’re not in a hurry.

I generally install Untangle appliances or Mikrotik routers now but for what you want the USG will be a good way to experiment with UniFi.

 

[WJA96]

And be aware that the LAN ports are not switched, they are routed, so anything you plug in either needs to be on a separate subnet or you will need to setup a routing rule to send the traffic from the main routed subnet to a fixed IP address (or range of IP addresses) within that subnet to LAN2.

 

[kosymodo]

I don’t know what the -3P and -4P stand for. One the very early USG-3P the ports were labelled WAN, LAN and VOIP whereas now it’s WAN, LAN and LAN2 but in truth they are all mappable so if you want the WAN port on LAN2 for some reason, you can set that. Similarly, the USG-4P or Pro has fully mappable ports including the SFP port if you want to use that for WAN or LAN.

One thing I would point out is that although technically UBNT haven’t stopped supporting the USG line, they have stopped development on it and they’ve only released one firmware update in 7 months which fixed a security bug. It’s certainly not EoL (UBNT say it’s ‘feature complete’) but it’s the old UniFi system as opposed to the new Gen2 stuff which is very much featured around the UBiOS platform and powers the UDM line of routers as well as the Gen2 Level3 switches and some of the newer EdgeMax kit.

So I’m not sure I’d buy a new one. The market in used UniFi kit is very healthy so you won’t save a massive amount by buying used but you should be able to get a USG-3P for £50-65 if you’re not in a hurry.

I generally install Untangle appliances or Mikrotik routers now but for what you want the USG will be a good way to experiment with UniFi.

A bit of extra Googling led me to another page where someone confirmed the 3P and 4P suffixes do relate to the number of ports...thanks for your confirmation too!

As for buying, I wouldn’t buy new, it would be used. I’ve seen a USG for £85, which would definitely be in my price range.

Is there likely to be a Gen2 version of the USG? Is this perhaps where the UXG comes in?

As for your second post, that doesn’t mean too much to me until I get going (or don’t get going!) so I’ll no doubt be back to ask questions at that point!

 

[WJA96]

You asked about the 2 LAN ports. On a switch, the switch is only working on one subnet - so 192.168.x.y eg. 192.168.1.1 is your router and all the other devices will be on the 192.168.1.x subnet. And a switch knows that all the ports will be connected to something on the 192.168.1.x subnet so anything you plug in will be seen by the other devices on the network and it will work the way you would expect it to.

But LAN 1 and LAN 2 on the USG aren’t switched (bridged) so they don’t work like that. The router will route all traffic in LAN 1 on one subnet eg. 192.168.1.x by default and it will completely ignore anything you plug into LAN 2. What you can do is add a completely separate subnet network on LAN 2 and the USG will route the two networks independently or, you can add a bridging rule in the router and it will see LAN 2 as if it was part of the LAN 1 network. As I said earlier, it was originally designed to have a computer network on one LAN port and a phone VOIP network on the other. And it shows!

I wouldn’t want you to buy a USG thinking you could plug something into LAN 2 eg. a computer or printer and it would just work. It won’t unless you configure it in software. Which is easy enough once you know how.

 

[kosymodo]

You asked about the 2 LAN ports. On a switch, the switch is only working on one subnet - so 192.168.x.y eg. 192.168.1.1 is your router and all the other devices will be on the 192.168.1.x subnet. And a switch knows that all the ports will be connected to something on the 192.168.1.x subnet so anything you plug in will be seen by the other devices on the network and it will work the way you would expect it to.

But LAN 1 and LAN 2 on the USG aren’t switched (bridged) so they don’t work like that. The router will route all traffic in LAN 1 on one subnet eg. 192.168.1.x by default and it will completely ignore anything you plug into LAN 2. What you can do is add a completely separate subnet network on LAN 2 and the USG will route the two networks independently or, you can add a bridging rule in the router and it will see LAN 2 as if it was part of the LAN 1 network. As I said earlier, it was originally designed to have a computer network on one LAN port and a phone VOIP network on the other. And it shows!

I wouldn’t want you to buy a USG thinking you could plug something into LAN 2 eg. a computer or printer and it would just work. It won’t unless you configure it in software. Which is easy enough once you know how.

Ah OK, that makes sense now, thanks!

 

[WJA96]

And yes, UXG-Pro is the UBiOS version of the USG-Pro and its a MONSTER of a router. It will route over 2Gbps with IPS/IDS switched on. But it’s not out yet and it’s £500 theoretically. There should be a UXG Lite (like the 3P version of the USG) but that’s not even in Beta yet so it’s at least a year away. UBNTs official line is if you want a small standalone router, buy the USG line.

 

[kosymodo]

And yes, UXG-Pro is the UBiOS version of the USG-Pro and its a MONSTER of a router. It will route over 2Gbps with IPS/IDS switched on. But it’s not out yet and it’s £500 theoretically. There should be a UXG Lite (like the 3P version of the USG) but that’s not even in Beta yet so it’s at least a year away. UBNTs official line is if you want a small standalone router, but the USG line.

OK, think I’ll take the plunge on a USG-3P, then may upgrade once there are UXG-Lites on the used market

 

[kosymodo]

@WJA96 - I've been having a play with my USG as I've had a few days off work. I've been experimenting with the LAN2 port. In the controller I have set up a new LAN2 network (Purpose: Corporate, Network Group: LAN2) with Gateway IP/Subnet: 192.168.10.1/24 and a DHCP range of 192.168.10.6 to 192.168.10.254. My LAN1 network is 192.168.1.1/24 with a DHCP range of 192.168.1.6 to 192.168.1.254. However, the clients I have connected to the LAN2 port (via a switch) still have IP addresses of 192.168.1.x, despite me clearing the DHCP leases and rebooting the USG. What am I doing wrong? I haven't set any bridging rule, so it can't be that it's seeing LAN2 as part of LAN1, can it?

 

[WJA96]

Let me have a look at my controller.