COMPLETE Ubiquiti Guide to Secure IoT Networking: Part One, Hardware Selection

June 5, 2019

Today on the hookup I’m going to start a project that I’ve been putting off because it’s actually really overwhelming. I’m going to take down my entire network and rebuild it form the ground up. Over the next few videos I’m going to tackle the different aspects of building the home network and I’m going to show you exactly how to setup a powerful, flexible and secure environment for your smart home. This series will be broken down into 3 different videos: Hardware selection, installation and migration from your old network, and advanced functionality. This is part one, hardware selection, here we go!

At any given time I have between 65 and 70 devices connected to my network and the vast majority of those are wifi smart home devices. I’ve been using Google WiFi for over two years and in all honesty it has been really solid. If you want an insanely easy to use product that gives very acceptable results, google wifi is probably the answer. BUT if you are like me, and you want complete control over every aspect of your network, google wifi cannot provide you with that, you kinda just plug it in and leave everything in google’s admittedly very capable hands. To give you an idea of how hands off it is, there isn’t even a way to log into the google wifi router, everything is configured and controlled through their cloud based phone app, which has almost no advanced functionality.

In this video I’m going to focus on equipment selection, and due to countless suggestions from subscribers and commenters I’ve decided to go “Full Unifi”. I contacted Ubiquiti about doing this video and they did send me some of the equipment you’ll see in this video, but it hasn’t changed any of my opinions of these products.

Building a network with Unifi equipment is a lot different than going to best buy and picking up their most expensive “gaming router”. A high end router like the Asus Rapture does a little bit of everything. It’s a firewall which controls what traffic is allowed in and out of your network, a router, which coordinates traffic on your network, a 4 port switch which allows your router to send messages down different paths, and a wifi access point. Unifi takes each of these jobs and breaks them up into different pieces of equipment, very similar if not exactly what you would find in a commercial network deployment. Doing this not only allows for each piece to be more powerful, but it also allows them to be deployed into different areas of your network.

Before you buy anything, your first step should be to diagram out your network and determine exactly which products you’ll need. The first piece of equipment we’re going to look at are switches. Anywhere you have multiple wired connections that need to be connected together you’ll need a switch. For your network you’ll need to decide how many ports you’ll need In order to accommodate the physically wired devices in your house, and how many power over ethernet devices you plan on using.

Power over ethernet is a method for providing power to your devices without needing to connect them to an outlet, and it comes in 3 common flavors: Passive 24V, 802.3af, and 802.3at. The cliffsnotes version of the differences are that passive 24V PoE constantly sends voltage through the ethernet cable, regardless of what device is connected to the other side. You need to be careful when configuring a port on your switch to be a passive PoE port because if you plug a non-PoE device into the other end it will likely destroy it, or at least damage the network port. The other two common standards, 802.3af and 802.3at involve a handshake process between the PoE device and router. In this handshake process the device requests PoE and determines if the router will be able to supply the correct voltage before any current actually travels down the cable. This handshake prevents you from accidentally cooking your devices, and it also removes a step of the configuration process because each device will regulate its own PoE. The Ubiquiti Unifi switches support all three of these common PoE types, so unless you’re using a device with extreme power requirements the Unifi switches will be able to provide PoE whatever flavor of PoE your devices need. As a rule of thumb you should allow 6 watts of power for each PoE security camera on your network and ________ watts for each wireless access point. PoE can also be accomplished without a PoE switch by using a PoE injector. Most Unifi wireless access points come with a PoE injector in the box, so if you’re okay with plugging in extra AC adapters and you won’t have any other PoE devices on your network, you can probably skip PoE all together.

When my house was built in 2012 I had the builder pre-wire the house for security cameras, and thankfully I insisted on using CAT6 drops for those drops instead of the standard analog security camera cabling that the installer recommended. I told him where I wanted each camera placed, and where I wanted all the drops to terminate. I assumed since he knew where I wanted the security camera prewires terminated he would know that I wanted ALL the CAT6 drops terminated to the same place, but you know what they say about assuming. When I came by to take pictures of the wiring before the drywall went up I discovered that my security camera prewire was terminated in the correct location, but that the rest of the cat6 was terminated in the garage. Normally, I would have insisted that these drops be fixed, but it happened to also be the day that my wife went into labor, so I had some other things on my mind.

Moral of the story, I know in my network I need two switches, one for my security cameras and cable modem, and one to distribute the network throughout all of the ethernet ports in my house. For my main switch opted for a Ubiquiti Unifi US16 150 watt because I want to change my 9 analog cameras over to PoE IP cameras. A second smaller switch, a Unifi US 8 60 watt will connect my other ethernet drops and distribute the network out to wireless access points. Both of the switches I selected have power over ethernet, but the US16 150 watt has PoE on every port, while the US 8 60 watt only has PoE on the last 4 ports, and both come in well under their maximum power rating for the connected devices.

Once you’ve determined how all of your wired devices will connect you’ll need to decide which wireless access points you’re going to use. In my google wifi setup I had 3 different access points, so to do a fair comparison I also wanted 3 access points for my unifi system. There are many different options for unifi access points, but three of them are much more common than the rest, and their biggest difference is varying levels of a technology called multiple input, multiple output, or MIMO which is part of the 802.11AC wifi standard. MIMO comes in two main types, single user MIMO or SU-MIMO and multi user MIMO or MU-MIMO, and to understand the difference, you need to know a little about how Wifi communication works.

In a normal wifi connection only one device can communicate with the access point at a time, so all the other devices have to wait in line. Imagine a queue of people at city hall waiting to apply for different permits, but there is only one clerk. This means that every person has to wait in the queue in order communicate with that clerk. Thankfully the clerk is really fast, but since each permit application process takes some minimum amount of time, the more people that are in the line, the longer it will take for each person to get what they need. SU-MIMO is like adding a second clerk to the equation, but there is still only a single queue. If a single person needs more than one permit they will ask each clerk for one permit until all their permits are finished, theoretically doubling the speed of the queue. Unfortunately, if the person only needs one permit they still hold the first position in the line and occupy both clerks, even though one clerk will do all the work for that single permit. Hiring more and more clerks is nice if people have a bunch of permits to apply for, but if each person only has one there won’t be any increase in speed.

In MU-MIMO some devices can allow another device to use the unoccupied clerks, which sounds like a huge deal and a must have technology, but the problem is that MU-MIMO only applies to the 5ghz band, and devices that will be sharing their spot in line both have to be MU-MIMO compatible, so while it is certainly an awesome technology it will see very limited use in current smart homes since most wifi smart devices are only able to use the 2.4ghz band. Here’s how MIMO is implemented in the three most popular Unifi wireless access points:

The cheapest option is the Unifi UAP-AC-LITE which will run you about $80 on amazon. The AP lite has 2 lanes available for 2.4ghz MIMO and 2 lanes of 5ghz SU-MIMO for a maximum theoretical speed of 300 Mbps on 2.4ghz and 867 Mbps on 5ghz.

The second, and most popular option is the UAP-AC-PRO which you can pick up on amazon for $134. The UAP-AC-PRO has 3 lanes available for 2.4ghz MIMO and 3 lanes of 5ghz SU-MIMO for a maximum theoretical speed of 450 Mbps on 2.4ghz and 1300 Mbps on 5ghz.

The third and newest option is the UAP-NanoHD will cost you $158 on amazon which has 2 lanes available for 2.4ghz MIMO and 4 lanes of that MU or multiuser MIMO for the 5ghz band. This means it will perform the same as the AC-Lite for 2.4ghz traffic at 300 Mbps, and an unmatched maximum speed of 1733 Mbps on the 5ghz channel, assuming of course that all the 5ghz clients were capable of MU-MIMO.

All these access points can powered by 802.3af PoE and all come with injectors if you don’t have a PoE switch.

Since the idea of this video series was to build the ultimate smart home network, and at the suggestion of Ubiquiti I decided to go with the NANO-HD for my indoor access points and a UAP-AC-Pro for outdoors since it’s the only one of these that is rated for outdoor use. I firmly believe however that for smart home usage the UAC-AP-Lite would give you very similar performance to the AC-Pro or Nano-HD since the vast majority of smart devices utilize only the 2.4ghz band, and you’ll save quite a bit of money going with the lite.

So now that you’ve got a plan for how all of your devices will connect to your network, you need to decide which router you’re going to use to coordinate all that traffic. A popular choice for many smart home enthusiasts is the ubiquiti edgeMAX router series. The edge router lite is a very powerful and capable router, but it isn’t technically in the unifi family of products, so it won’t interface directly with the unifi controller software. I’m not opposed to lengthy configurations, but I am a sucker for products that work well together, and for that reason alone I opted for to get the unifi security gateway over the edge router. You would save $10 by getting an edge router lite, but for me the integration into the unifi controller was well worth the extra $10.

Speaking of the unifi controller, one of the products that I probably wouldn’t have purchased myself if Ubiquiti hadn’t provided it to me is the Unifi Cloud Key Gen Two Plus. Unifi networks require the installation of “controller software” that handles all the settings, configuration, and monitoring of the network. These controllers can be standalone devices like the cloud key, or the software can be installed on other hardware like a raspberry pi, or on your mac or PC. In fact, there’s even a unifi controller addon for Hassio, so you’ve got lots of options. The one aspect of the cloudkey gen two plus that isn’t replicated by these other controllers is the integration of the relatively new unifi protect software, which is ubiquiti’s integrated NVR. The cloud key gen two plus comes with a 1 terabyte hard drive for recording video from unifi compatible security cameras. I’ll be testing those cameras against other popular PoE camera brands in an upcoming video, so make sure you’re subscribed if you’re interested in that.

So you’ve got your hardware all planned out and it’s time to address the elephant in the room: Price. This system as configured costs $1140, which is maybe acceptable if you’ve set out to build the ultimate smart home network, but it’s a lot more than the $300 you’d spend for a google wifi 3 access point setup and a cheap 8 port switch. So what are you getting for that increase in cost? First, the unifi system has 20 power over ethernet ports available for security cameras and other PoE devices. Second, the theoretical maximum speed will be greater with the access points I have chosen, and third, and most importantly the unifi system has a tremendous amount of advanced control options. If you are never going to touch any of these options I’d probably recommend the google wifi system to you, it’s plug and play and google handles things like firmware updates and security patches literally without even telling you about them. But if you want to take control of your network and dive into things like customized local dns, VLANs, and advanced traffic monitoring you’re going to want a unifi system. If you’re feeling discouraged by the price of the system that I’ve built, don’t. A very capable Unifi system can be built for a under $500 by combining a US8-60W, 3 AP Lites and a USG.

In my next video I’m going to cover the initial setup of the unifi system and how to make the transition from your old network as painless as possible. In a a third installment of this series I’ll walk you through all of the advanced features and how to use them to set up the most functional and secure IoT network possible.

If you’re interested in purchasing any of the equipment I talked about in this video I’ve got amazon affiliate links down in the description, buying from those links doesn’t cost you anything extra, but I do get a small percentage of the profit. If you’ve got a question, or I got something wrong make sure to leave a comment.

Thank you to all of my patrons over at patreon for your continued support of my channel, if you’re interested in supporting my channel please check out the links in the description. If you enjoyed this video please consider subscribing, and as always, thanks for watching the hookup.

🔥Amazon US Links🔥

UniFi PoE Switches:

16 Port 150W PoE: https://amzn.to/2WizmUp
8 Port 150W PoE: https://amzn.to/2WNhs05
8 Port 60W PoE: https://amzn.to/2WbNBKA

UniFi Access Points:

AC-Lite: https://amzn.to/2EStWt7
AC-Pro: https://amzn.to/2Im0OLH
HD-Nano: https://amzn.to/2WOcDn6

USG: https://amzn.to/2WIzgJH

Unifi Cloud Key Gen2+: https://amzn.to/2WlKx3o

Google WiFi: https://amzn.to/2IkSPP5

🔥Amazon UK Links🔥

UniFi PoE Switches:

16 Port 150W PoE: https://amzn.to/2Ksk1hF
8 Port 150W PoE: https://amzn.to/2KqXcuJ
8 Port 60W PoE: https://amzn.to/2EUKxwm

UniFi Access Points: