Home Network Advice - Starting Fresh (UniFi)

Hello All,

I am looking for advice/recommendations on the upgrade I just made to my home network. I’m not sure if I selected the right equipment for my home, or if there is something different I should get.

Roughly two weeks ago I was speaking with someone about what was my current home network setup and they had recommended the UniFi Dream Machine and the flex mini switch.

Before I made the upgrade a few days ago, I had a Nighthawk R7800 and a Linksys Wireless Range Extender. To be frank, they suck! I’ve had problems after problems. The wireless was weak and would drop my devices all the time. The wired worked better than the wireless, but still caused multiple connection issues. Both wireless and wired have caused issues over the past couple years. It seems every couple of years I buy a new wireless router that is top of the line, then after a year I have issues.

This is the difficult part - I plan on moving within a year. I currently don’t have a basement, but when I move, I will have a basement and planned to have a rack mount with the equipment. I have about 8-10 wired devices now and about 20 Wireless devices. I have no PoE right now, but will start using them in the new house, especially for APs.

Here is my current state and home layout. The Netgear router was in a bedroom closet on one side of the house. The wireless/wired extender is in the office (which is a converted Florida room that has aluminum top and sides) on the other side of the house. I ran CAT 5E from the router into and thru the attic, out the side of the house down to the ground (hidden in the siding), along the side of the house enclosed, into the office, and then plugged into the wire/wireless extender. The wireless extender and ports would feed all the equipment in the office.

Layout1309×873 13.2 KB

I replaced the Netgear router with the UniFi Dream Machine and the Linksys wired/wireless extender with the USW Flex Mini 5-Port managed Gigabit Ethernet switch.

On the surface, the UDM seems great! Wireless appears to be much more stable. However, It is still not strong enough to have good signal in the office. I turned off "auto optimization, “band steering”, and manually set the 2.4GHz power to medium, and 5GHz power to High. I did try low on 2.4 and 5 on medium, but it didn’t seem to make a difference.

In the dash board, the status is hardly ever “Excellent”, it’s mainly “Good”. I have a ton of anomalies: Here is a list of what I copied from the dashboard:

Anomalies over 12 devices

8:00pm Low signal strength for Client for last 24 hours
8:00pm High TCP latency for Client
8:00pm Low signal strength for Client for last 2 hours
8:00pm Low signal strength for Client for last 2 hours
7:00pm Low signal strength for Client
7:00pm Low signal strength for Client for last 6 hours
7:00pm High TCP latency for Client for last 2 hours
7:00pm High TCP latency for Client
7:00pm High TCP latency for Client for last 11 hours
7:00pm Low signal strength for Client for last 23 hours
6:00pm High WiFi retries for Client for last 2 hours
6:00pm Low signal strength for Client for last 2 hours
6:00pm Low signal strength for Client
6:00pm High TCP latency for Client
5:00pm Low signal strength for Client for last 8 hours
5:00pm Low signal strength for Client for last 2 hours
5:00pm Low signal strength for Client for last 2 hours
5:00pm High TCP latency for Client for last 2 hours
4:00pm High WiFi retries for Client
4:00pm High TCP latency for Client
4:00pm High TCP latency for Client for last 3 hours
4:00pm High TCP latency for Client
3:00pm High WiFi retries for Client
3:00pm Low signal strength for Client for last 2 hours
3:00pm High TCP latency for Client
1:00pm High WiFi retries for Client for last 2 hours
12:00pm High TCP latency for Client for last 3 hours
12:00pm High TCP latency for Client
11:00am High WiFi retries for Client
11:00am Low signal strength for Client
11:00am Low signal strength for Client for last 3 hours
11:00am High TCP latency for Client
10:00am High TCP latency for Client
10:00am High TCP latency for Client
10:00am High TCP latency for Client
9:00am High TCP latency for Client
9:00am Low signal strength for Client
9:00am High TCP latency for Client for last 2 hours
8:00am High WiFi retries for Client
8:00am High TCP latency for Client
7:00am Low signal strength for Client
7:00am High TCP latency for Client
7:00am High TCP latency for Client for last 6 hours
7:00am High WiFi retries for Client
7:00am High TCP latency for Client
6:00am High TCP latency for Client for last 5 hours
5:00am Low signal strength for Client for last 2 hours
3:00am High TCP latency for Client
2:00am Low signal strength for Client for last 6 hours
2:00am High TCP latency for Client
12:00am High TCP latency for Client
11:00pm High TCP latency for Client
11:00pm High TCP latency for Client for last 3 hours
11:00pm High TCP latency for Client
10:00pm Low signal strength for Client for last 2 hours
9:00pm Low signal strength for Client
9:00pm High TCP latency for Client
9:00pm High TCP latency for Client

My question is, did I end up going with the wrong device by selecting the all in one UniFi Dream Machine? Could it it be too much going on with the device that some of the applications should be separated? Should I have gone with the UniFi Dream Machine Pro and buy a couple access points?

I’m not really sure what is the best route/option and would it be better to spend extra money in a year to upgrade from the UDM to UDM PRO or just get it now to save?

I am open to any and all advice, recommendations (even if it is different equipment).

Thank you all in advance for taking the time to read this. Have a safe and Merry Christmas.

Could the aluminum top/sides act as a Faraday cage blocking wi-fi ?

I honestly don’t know. I would like to say no, because when I had the linksys wireless/wired extender in the office, before replacing it with the USW Flex Mini, the SSID I broadcasted had full signal. However, the crappy extender kept disconnecting, etc.

Changing the WiFi power settings in UniFi isn’t recommended. Just leave the settings on automatic.

I’m not a fan of all-in-one. I have a rock solid network with these components, and it’s been working like this for about 4 years running…

Cable Modem (supplied by Spectrum)
Protectli pfSense gateway
UniFi PoE switch
5 UniFi AP AC Pros (overkill, as I could probably get away with 2)

The nice thing about having component networking is that you can swap out pieces if they have issues.

pfSense is superior to UniFi routers with way more options for configuration.

Good luck,
Sean

Hi Sean, thank you for the advice.

I will return the power back to auto. I read a few posts on the UBI forums and folks their said to “never” use auto!

This more “advance” networking is new to me. Apologize in advance for all the questions I may ask! I just checked out Protectli’s website. From what I gathered, it is an open source gateway that allows the user to install and configure their software of choice.

How is the setup, maintenance, and security compared to using one from a major company, i.e., UniFI, Meraki, etc.?

Which Protectli Vault would you recommend, the 2, 4, or 6 port?

If you are stuck with Unifi then probably continue to use them and try to tweak it, I don’t have any unifi kit but I have the impression they have defaults that make it easier to setup.

If you do get a Protecli box get a barebones with 6 ports add your own ram and hdd, a bit cheaper. If you install pfsense then you only need a WAN, LAN and Switch port so three I’d say are the minimum, the remaining ports you can put in a LAGG to the switch.

If you want to tweak your setup continuously pfsense will meet your needs but it requires a lot of effort if you are new to this.

Just depends on what you want to do, do you need to dial home ? need to setup a VPN for your network ? need to connect different sites ? want network wide adblocking ?

If you basically want internet access then stick with Unifi if you want to tinker and learn some networking go for pfsense.

WHy Not add a wired ap to the office?

Hi @neogrid, I am not stuck with UniFi. I am able to return it, especially since I am experiencing all these anomalies. Since I am starting fresh and plan on moving within the year, I want to make sure I am making the right decision.

Which ram and hdd would you recommend for the 6 port Protectli? I don’t mind tinkering with it, but will it require constant changes every single day? If so, I won’t have the time every day.

Yes, I would like to have network wide adblocking and I planned on setting up a VPN.

I could, but that doesn’t solve the anomalies I am having every hour. Most of the anomalies are for devices that are not in the office. The AP will only help the issue of low signal in the office, which is fine, but as stated, I want to make sure I am choosing the “best” devices for my current situation that can be utilized when I move within the year.

Well pfSense gives you many options so I’d say it’s safe to go with that but it’s a steep learning curve.

If you have a 2.5" hdd or ssd lying around it will do, probably at least 4GB ram if you have it or 8GB if you are buying.

It just takes time to configure it properly, however, it sorta works out of the box for basic internet access. You don’t need to change it everyday once you have set it up it’s good to go.

@neogrid Thanks. Is there a specific brand of RAM and SSD you would recommend?

Based on the current house layout, where would you place AP’s?

Personally I buy my memory from Crucial and prefer Seagate drives, as long it’s compatible should be ok.

@neogrid thank you. Does drive size matter? Would there be any need for me to go above 8GB of RAM?

I suppose it depends on the logs mainly, right now I’m using 10% of 176GB after 18 months of running and 30% of 8GB, I’ve noticed OpenVPN uses a bit of ram.

It’s just cost, use what you have or buy something reasonable.

The best thing with pfSense is if you take a backup, you can do a complete restore if your hdd fails. Priceless.

neogrid gives great advice and answers most of your questions.

I will add that pfSense running on a Netgate or Protectli box is going to be better than the UniFi routers because pfSense is just so customizable. pfSense runs on FreeBSD UNIX which has a better network stack, from what I have read. If you think you’ll ever want to set up a VPN back to your place while you are away, or set up a VPN between two locations, it’s great for that. Also, pfBlocker-NG is a great network-wide ad blocker, as well as geo-IP blocker and more! It’s a free package that many install.

@neogrid Awesome, thanks for the recommendation.

You mentioned you are using 10% of 176GB after 18 months. Do you store the logs and not delete them? Basically, the HDD is for logs mainly?

@SKTC_Sean Thanks Sean. Looks like I will look into this.

What are you thoughts on the AP AC PRO? I know you like them since you have 5! I read that if you have more 2.4GHz devices AP AC PRO is the better, otherwise you want to get the nanoHD. Is that true from your experience?

@Curlyp
UniFi has been solid for me for the last two years. I have 6APs, all set to fully manual signal strength. I also have a bunch of anomalies like you have, but I have zero complaints from users.
pfSense is a great piece of software, but there is so much to learn it could eat your spare time. If this is what you want then by all means go for it. But based on your needs I’d say a even USG 3P would do fine. It can do easy s2s VPN (has a nice wizard) and you can deploy dns based ad blocking (see their forums member unifimynet made a good package).
I would be interested if your anomalies go away if in fact you would set all signal strength to auto.
Regards, Pete

The AP AC pro is a workhorse. Works great.

At this point in time I would probably go with the
UniFi 6 Lite Access Point because it has the new WiFi 6 technology.

@CableDude what is causing all the anomalies. I find that odd that we both have anomalies and nothing seems to make them go away.

I did set the signal strength back to auto yesterday after @SKTC_Sean recommended it. It’s bee about 24 hrs now and still have a ton of anomalies. See screenshot.

I know it will be more of a money sink, but maybe I keep the UDM so we have a stable network connection and then I also purchase the Protectli vault with pfsense and build it up on the side. Once it is tweaked and ready to go, then I can swap equipment and sell the UDM.

I would have to find the post I read about 15 minutes ago, but @LTS_Tom mentioned that he does not recommend USG for anyone that wants more than basic routing/network setup.

db2538×897 15.2 KB

db11722×1166 115 KB