Comment by amluto
2 days ago
My general impression is that it “Just Works” if you don’t do anything remotely interesting with it.
Want to create a VLAN with no Internet connectivity? Better test that it actually has no Internet connectivity because the setting doesn’t actually work.
Want to use the firewall? Better test all the rules — it’s amazingly buggy.
Want to change a WiFi setting without WiFi going down for a minute or two? Good luck — UniFi doesn’t seem to care about making it work.
Want to find information (MAC, switch port, DHCP reservation, etc) about a device that uses the same MAC address on multiple VLANs? Good luck — it looks like UniFi utterly flubbed either their database schema or whatever interface their front end uses to talk to their backend about it, and it’s very, very broken.
Want to find basically any setting based on online docs? Too bad — they keep moving the settings and not updating the docs.
Just to reiterate for those that missed it:
If you change the schedule of a WiFi network your entire network (wired and everything) goes down for two minutes.
Just a simple admin policy change… full network outage.
Clown. College.
Constantly tweaking settings is not a use-case they have optimized for. Most of their customers are small IT shops that support small/medium sized businesses. They set up a network for a few doctors offices, law firms, etc. by clicking a few buttons in the controller's GUI once, and then remotely keep an eye on the networks with the controller software's remote management features.
If you set the thing to automatically optimize WiFi (the default!) it goes completely down for several minutes every day.
I would not want to have to carefully optimize settings to get that third nine of uptime for a small business.
Eh, in my experience, if you disable the uplink monitor features aggressively enough (which is in a different place in different firmwares and currently seems to also require disabling all wireless uplink/“mesh” capability), then sometime more of the network will stay up. Maybe even the gateway will keep working too if you don’t touch any gateway settings. Of course, if the gateway does decide to reboot, you’re down for many minutes.
It’s real classy.
The thing that made me move off of it was issues connecting to devices on mesh'd APs if the ARP entry for that device timed out on the main AP.
Literally couldn't connect to my mobile phone, and after a lot of troubleshooting (which Unifi does pretty much nothing to help you with) I found that when the phone had roamed to the mesh'd AP, ARPs for it wouldn't get answered. If I forced it back to a wired AP or manually added it to the table... all worked fine. Went unfixed for years, heck, I still don't know if it is...
And all the "alerts" about malicious traffic that a bunch of prosumers seem to love? It's not very actionable for figuring out if it's really a problem nor digging deeper...
Oh, and when they had a firmware update that changed the SSID maximum length from 32 (the spec) to 31. My SSID is 32 characters and after that I could no longer edit the network without a UI error. That sucked.
I'm now on OPNsense and Ruckus APs and while it's not as integrated, I couldn't be happier.
If you can spring for Ruckus (I just buy used off ebay), it's worth it. The controller is integrated into the AP - for me that was worth it over unifi alone.
This. They make excellent access points and their lite beam/air fibre products are great.
But UniFi has serious limitations when it comes to anything beyond the basics. An off the self Asus all in one home router actually has more features and capabilities.
> An off the self Asus all in one home router actually has more features and capabilities.
This is just not true at all. I agree unifi can be buggy at times, and their super clean interface means they need to hide stuff all over the place, but I havent found any network configuration I couldnt do on Unifi yet.
Care to elaborate on exactly which functions standard asus routers have over Ubiquiti gear?
VLAN with an id of 0 isn't possible on the new interface last I checked. Which, granted is a weird thing to do, but...
7 replies →
Idk about you but I’m rocking a site to site link to my parents house, I have vlans for each segment in my home network (iot, priv etc) with full ipv6 routing and custom filtered dns over https with full network name resolution for all dhcp clients by their hostname on my local subnet domain…
I have complete control over my kids network access, can block specific types of traffic by app type or time based rules. I have high visibility into my WiFi setup and everything is on prem and self hosted and integrated with home assistant…
I took a hybrid approach -- Unifi for everything except the firewall, and a Firewalla for that. I'm overall quite happy with it, although you won't get a single pane of glass for management.
This. I don't use their gateways/ security devices anymore. I run ONSense at every edge which allows me to so some really nice things with respect to remote access for non-home sites.
Most people don't want to do anything 'interesting'. If you stray too far from the beaten path, I'd argue that you no longer need or something that "Just Works". You need something very configurable, which, by definition, will let you shoot yourself in the foot.
My current setup is Mikrotik for wired and Ubiquity APs for wifi. Their wifi devices have great specs and are difficult to beat. Mikrotik has decent wifi devices but not only they have a footgun minefield - not exactly their fault since Wifi is difficult to get right, so the more settings you expose, the worse it gets. Mikrotik also logs behind in features (they are still at wifi 6). It's an odd combination of philosophies but seems to work, all the vlan logic is offloaded to Mikrotik. And so are firewalls, etc. Then the voodoo Wifi stuff gets handled by Ubiquiti.
> Want to change a WiFi setting without WiFi going down for a minute or two? Good luck — UniFi doesn’t seem to care about making it work.
I am with you on that. It's things like that that prevent adoption by larger businesses and contribute to the perception that they aren't a serious contender. I previously had an Aruba InstantOn setup(which is focused on SMB), and got really accustomed to being able to tweak (most) settings without any interruptions at all. I could even do things like change channel widths (in one direction) without losing connectivity. What was really surprising on Unifi is that I lost connection when I changed settings for a _different_ SSID, for like a minute. That isn't really acceptable.
They still do a lot of things right though, and it shouldn't be too difficult to get their act together. The devices are pretty decent and at a surprisingly low price point.
But unifi is trying to position at the prosumer segment.
And we have things like indeed no WiFi (all networks down) if you dare to change WiFi settings, or mdns having a hard limit of five networks because the underlying Perl script is 10 or 15 years old.
This was absolutely my experience. I ended up tearing it all out and selling it on eBay.
I run OPNsense now with a Ruckus standalone AP, and it has been bulletproof.
Funny, I did the same... Never looked back at Unifi. That was a constant fight with problems.
OPNsense, a cheap fanless Brocade switch, and two Ruckus enterprise-grade APs from eBay and boom. Stuff Just Works, and when I want to do anything fancy (I did a /lot/ of weird network setup to troubleshoot users' WFH scenarios during COVID times) I just could.