My New Acquisition - Ubiquti UAP-AC-PRO

[LoneWolf]

@LoneWolf

 

Seeing that you're the most experienced guy here with Ubiquiti products, having deployed them both at work and home, do you think that the AC-LR would be as reliable as the AC-PRO?

 

It should be.  I have several friends running a single LR for a whole house who are happy with it.

 

The main differences are that the LR is 3 x 3 802.11n, but only 2 x 2 802.11ac (the UAP-AC-PRO is 3 x 3 on both), the LR uses Ubiquiti's PoE standard (you use the injector that is included rather than a PoE switch), and the LR has technology that is supposed to increase range through some sort of magic mojo, even if your client network card isn't perfect.

 

The UAP-AC-PRO uses the 802.3af PoE standard, and adds a basic weather resistance (e.g., mount it on its side under a roof overhang externally).  I wanted to run PoE off my switches, and I've found the range to be very good in a modest sized house that uses lathe-and-plaster wall construction (drywall should actually improve performance).

 

Of course, I've used the cheapie UAP model (not AC, very basic) and for light deployments, it works better than some of the other cheap gear out there.  But I probably wouldn't go down to the level of the UAP-AC Lite; the lowest end models don't have as powerful of a CPU, and this can affect throughput, and therefore performance.  I'd use the LR or the Pro.

[LoneWolf]

I do understand all of that, The test I did yesterday with pings at 8ms was using wireless and when tested using wired I was getting 6ms. His numbers seemed high to me, I must also point out my WAP is going threw 2 switches in my house first. If I ping any given device on my network its 0ms or rather 1<ms My test where performed on both a desktop computer with wireless & a mobile device. I still think there maybe something going on with his network that he may want to look into. I have OCD when it comes to this kind of stuff and even though it seems like everything is running OK I like to keep my network as tight as possible.

 

Ping time is relative.  It's a balancing act; think of it as a scale.  Pings and throughput are both important.  Low ping is nothing if you have miserable throughput, and high throughput doesn't help if you have enough latency that you can't do VoIP, for example.  It's good to have a balance of both.

 

8ms is a great ping time.  That said, honestly 12-16ms is a reasonable ping time.  And I'm sure it varies by which SpeedTest provider I'm using (Comcast's, Ookla, SpeakEasy, etc.), and which endpoint server is being picked to run the test.

 

Remember that people have managed to play pro-level Quake 3 Arena deathmatches on 60-80ms ping times without a problem.  It's just that things have gotten so good, we're a little spoiled.  And I'm willing to sacrifice 1-2ms if it means my firewall is inspecting my traffic, providing gateway antivirus, intrusion prevention, reputation-enabled defense, and advanced persistent threat detection.  I've also had clients who have twice the ping time I do, and it doesn't hurt them from running a 100-employee business.  One doesn't live and die by the ping time --it's only one measurement in an entire toolkit.

Edited April 28, 2016 by LoneWolf

[oj88]

Thanks for the insight, LoneWolf. Incidentally, the two additional UAP-AC-LRs arrived in the mail today. I'm like a kid with a new toy.

[itGeeks]

Ping time is relative.  It's a balancing act; think of it as a scale.  Pings and throughput are both important.  Low ping is nothing if you have miserable throughput, and high throughput doesn't help if you have enough latency that you can't do VoIP, for example.  It's good to have a balance of both.

 

8ms is a great ping time.  That said, honestly 12-16ms is a reasonable ping time.  And I'm sure it varies by which SpeedTest provider I'm using (Comcast's, Ookla, SpeakEasy, etc.), and which endpoint server is being picked to run the test.

 

Remember that people have managed to play pro-level Quake 3 Arena deathmatches on 60-80ms ping times without a problem.  It's just that things have gotten so good, we're a little spoiled.  And I'm willing to sacrifice 1-2ms if it means my firewall is inspecting my traffic, providing gateway antivirus, intrusion prevention, reputation-enabled defense, and advanced persistent threat detection.  I've also had clients who have twice the ping time I do, and it doesn't hurt them from running a 100-employee business.  One doesn't live and die by the ping time --it's only one measurement in an entire toolkit.

Thanks for the info. What kind of firewall you running?

[LoneWolf]

Thanks for the info. What kind of firewall you running?

 

I'm running a Watchguard Firebox T 30-W (the w is the wireless version, which I have turned off).  It's a small business firewall designed for probably 20-50 users.  Max throughput (if you had the link speed) is probably 800-850Mbps.

 

Since I'm Watchguard certified, they have a special deal for certified techs that gets a huge discount on the unit and a full three-year UTM subscription with every feature available rolled in (they reason if you use it at home, you'll be versed in it as one of their partners).  I'm using dynamic DNS to tie to the SSLVPN so I can access my network through it remotely.  It also has one PoE port.  The competition is usually Dell/Sonicwall (which I've also worked with), Fortinet, Zyxel, Palo Alto, Cyberoam, and a few others.  They can also be clustered for failover, though that would be kind of silly in a home environment, and can support mutliple WAN connections for ISP failover or load balancing.

 

Edited April 30, 2016 by LoneWolf

[ImTheTypeOfGuy]

I just bought one and was disappointed to learn I must install their software, which requires Java, to set it up. That sucks as I don't allow Java on my network and would rather hit an IP address to set of up. Do you know of there is a easy around this requirement.

[snapper]

I just bought one and was disappointed to learn I must install their software, which requires Java, to set it up. That sucks as I don't allow Java on my network and would rather hit an IP address to set of up. Do you know of there is a easy around this requirement.

 

 

You can use the Ubiquiti iOS program on your iPad - its in the app store... 

[LoneWolf]

I just bought one and was disappointed to learn I must install their software, which requires Java, to set it up. That sucks as I don't allow Java on my network and would rather hit an IP address to set of up. Do you know of there is a easy around this requirement.

 

Remember that the Java Runtime Environment isn't the same thing as the Java web browser plugins for Internet Explorer and Firefox.  You can run Java, and not run the plugins at all.

 

Java as a runtime environment is fine.  It's the plugin that's where your vulnerability lies, and Java has purposely deprecated the web plugin this year.  If you ensure Java isn't an enabled extension or plugin in any of your browsers, it's not an issue.

 

http://arstechnica.com/information-technology/2016/01/oracle-deprecates-the-java-browser-plugin-prepares-for-its-demise/

Edited May 22, 2016 by LoneWolf

[oj88]

I just realized that I made a rookie mistake when I ordered the UAP-AC-LR's. What I got were US versions (I'm in Manila). What that means is, for the US-version to comply with the FCC, some channels on the 5GHz band are locked out and cannot be used. This is confirmed by Ubiquiti to be hardware-locked so nothing I can do will allow me to use the extra channels.

 

Bummer.

 

Totally my fault as I now noticed that there are actually two SKUs for each of their UAP models. The AC-LR for example has the following: UAP-AC-LR and UAP-AC-LR-US. The latter is for the US (which I mistakenly ordered) while the former is the international or world version which should only be shipped to an international address.

 

But all's well. I ordered a world version of the UAP-AC-PRO this time and plan to replace/sell one of the UAP-AC-LR-US. I might then gradually do the same for the remaining two LRs later.

 

Oh well... Live and learn.

[awraynor]

I just realized that I made a rookie mistake when I ordered the UAP-AC-LR's. What I got were US versions (I'm in Manila). What that means is, for the US-version to comply with the FCC, some channels on the 5GHz band are locked out and cannot be used. This is confirmed by Ubiquiti to be hardware-locked so nothing I can do will allow me to use the extra channels.

 

Bummer.

 

Totally my fault as I now noticed that there are actually two SKUs for each of their UAP models. The AC-LR for example has the following: UAP-AC-LR and UAP-AC-LR-US. The latter is for the US (which I mistakenly ordered) while the former is the international or world version which should only be shipped to an international address.

 

But all's well. I ordered a world version of the UAP-AC-PRO this time and plan to replace/sell one of the UAP-AC-LR-US. I might then gradually do the same for the remaining two LRs later.

 

Oh well... Live and learn.

 

I immediately thought of  you when I found the travelbydrone.com website.