Ok, I’m Giving Ubiquiti Networks Another Chance

After quite a few discussions resulting from my Epic Evaluation: Ubiquiti ERPro-8 vs Play-Doh where (spoiler alert!) the Play-Doh™ won hands down after an exhaustive six-month test, I’ve been persuaded to give Ubiqiuti Networks (aka UBNT) another chance. Another two chances, in fact.

Ubiquiti Networks Logo

Ubiqitui Networks Products

As I said in the evaluation post, I was hesitant about recommending against UBNT products not least because I owned four other UBNT devices (three wireless access points and a 48-port switch). Despite being persuaded to try UBNT again, I strongly maintain my previous recommendation to avoid the ERPro-8 like a wedding invitation from Walder Frey. For the rest of the product range I’ve decided to suspend my previous “NO BUY” verdict and reserve my final judgement while I try out some new additions to my home network and see if they can restore balance to the nerd universe.

I would also like to add that while Ubiquiti’s official Support and RMA channels were no help to me whatsoever when my ERPro-8 was behaving badly, I did appreciate one employee reaching out privately and trying to help. The conclusion for now is that flash itself has indeed become irrecoverably corrupted and the device would need to be replaced (although UBNT won’t replace it, and I refuse to buy another one). However, the fact that this person was willing to spend their own time to work with me at all is a large part of the reason why I’m willing to consider trying again and why I am willing to do so publicly.

The purely technical reason I care about this is that Ubiquiti networking products are typically quite well built; they feel solid, and offer features that belie the list price for the products. With the Unifi range there’s always a slight conflict between the convenience of managing and monitoring devices using a centralized controller (software, not an appliance) and the fact that the device may be capable of more than can be configured using the controller’s web interface, but the fact that so many enterprise-level features are there in the devices is a huge win compared to typical home gateway devices. This is definitely the case for the first new product I have added, the Unifi Secure Gateway (USG).

Unifi Secure Gateway

Ubiquiti Networks Unify Security Gateway (USG). Image courtesy of ubnt.com

The USG  is similar in some ways to the EdgeRouter-Lite, the baby brother of the ERPro-8 which I previously posted about. While I would normally have purchased the rackmounted USG-Pro-4 because I much prefer having my devices racked than stacked, I was a little hesitant to invest too much money at this point. The USG’s list price is $119 compared to $299 for the USG-Pro-4.

Early signs are good, as they were for the ERPro-8; performance seems good, and the design of the controller software provides a compelling reason to purchase a Unifi Secure Gateway product, by offering tempting reporting options which are only supported by the Unifi gateway products. That’s a little odd when you think about it, because both the USG and ERPro-8 run software with the same name, EdgeOS. Why can the ERPro-8 not report back traffic statistics to the controller in the same way that the USG does, even if configuration of the device is not managed by the controller? I know I’m not the only one asking for this feature, but I guess since I have a USG now I should be quiet and drink the Unifi KoolAid.

The lack of ports on the USG (and even the USG-PRO-4) is interesting too. I am going to assume that especially with the smaller USG model the feeling was that most people just needed INSIDE and OUTSIDE (LAN and WAN). The third port which originally was WAN2 is now configurable as either a LAN or WAN port. I really wanted to be able to run some LACP (i.e. link aggregation) to and from the USG so that I could run a little bit more than 1Gbps of data between attached networks, but I do not fall into the default use case for the USG. This fact is evident from the configuration options available in the controller, which do not at this time include the ability to configure subinterfaces with 802.1q tagging for the LAN interface, as well as VRRP on each network.

Thankfully, 802.1q, subinterface and VRRP capabilities do exist within EdgeOS and can be configured using the CLI. The issue turns out to be that if you make another configuration change to the USG in the controller, the updated configuration is provisioned to the USG by the controller and wipes out the changes made in the CLI. There is a workaround for that – for which I am truly grateful – but it’s a little fiddly and requires the user to understand and work with a JSON version of the configuration. To be fair, I suppose if I’m enough of a nerd to need an 802.1q trunk port with subinterfaces and VRRP I probably ought to be able to handle it. While note ideal, it’s way better than being able to configure only what’s in the controller UI and it’s the only reason the USG is active in my network now. There’s another story I could tell here about adopting the USG on an existing network, but that one can wait for another day.

Two days ago I made the USG the active gateway in my home network. Using VRRP meant it was a simple case of changing the VRRP priorities in order to fail traffic over, and so far I have nothing bad to report. I’ll update when I’ve had a more time to see how it performs.

Unifi Switch 8 (US-8)

Ubiquiti Networks Unify Switch-8 (US-8). Image courtesy of ubnt.com

My other test purchase was the Ubiquiti US-8, an 8-port gigabit switch managed by the same controller as all the other Unifi hardware. I already have the US-48 (48-port gigabit with 10G SFP+ uplinks). The main reason I wanted this was that a friend mentioned it recently and pointed out that it can be powered by PoE, but also has a PoE passthrough port which can then power another device.

This rather handily solved a problem for me: I have a location with both an AppleTV and a Unifi AP, as well as a few other connected devices. I’ve been thinking that I would have to purchase a UPS so that if the power failed, the AP (and the switch through which it currently connects) would still be powered. The US-8, however, allows me to plug it into the wall jack (which in turn connects to a switch providing PoE), and then plug the AP into the US-8’s passthrough port. The PoE-providing switch is already on a UPS in my basement, so if the power goes out, that switch stays up, and thus so does the US-8 and the AP attached to it. Problem solved! I also get to dispose of a couple of power supplies which were powering the current ethernet switch and the AP until now.

My initial reaction is that this is a solid device (made from metal, feels surprisingly heavy). It was discovered immediately by the controller, and once adopted, it was a breeze to extend the existing VLANs and trunk groups to that switch. I don’t expect issues with the US-8, as it’s not a very complex device, but again, I’ll keep you posted.

PlayDoh™ At The Ready

I’m hopeful that this will work out well. I’ve been pretty happy with my three UBNT APs and switch, and were it not for the huge disappointment with the ERPro-8 I’d probably be far more positive about the brand. However, if it all goes south, well, I still have that tub of PlayDoh™ to make me feel better. Fingers crossed!

Be the first to comment

Leave a Reply

Your email address will not be published.


*