net: A day spent fixing three (subtle) UniFi network bugs

OK, I spent a very profitable Saturday finally figuring out some things about the Ubiquiti UniFi network that we have. As UniFi has become more focused on enterprise deployments, the interface has become more powerful and also harder to figure out how to use for simple cases, but here are the three lessons I’ve learned. There is not much on the Internet about this kind of stuff, it’s too nerdy! But, TL;dr here’s the summary:

  1. Make sure that when you add an AP, make sure that you have all Wifi networks set to the default use “All APs”.
  2. Use a little aluminum pan if you have omnidirectional APs and need them to point just to the outdoors
  3. Adjusting minimum RSSI and power is complicated, but eventually, the network settles down.

The dreaded AP Groups and All is Not All, you want “All APs”

OK, here’s an interesting problem. I’ve never had this before, but I set this AP Group thing and forgot about it and that means that the new APs I added were not using any of the WiFi networks. In Unifi.ui.com > Your UDM > Network > Settings > Wifi > Broadcasting APs, you will see a default All if you’ve not changed anything.

I stupidly thought that All meant well, “all”, but it doesn’t. I detected this when I looked at two Long Range APs that never had any clients no matter how close I got to them. This was so strange that they wouldn’t pick up anything. As an aside, you can only figure this out by looking at each AP in `Network > UniFi Devices > A particular AP

What happened is that at some point in the distant past I had created a Group in called All which is actually not the system default called All APs so I was fooled. That meant that when I saw All that I thought it was the default. Argh

So the solution is that you have to go to each WiFi network in Network > Settings > WiFi > The network > Broadcasting APs > All and do not select Groups. Then after you do this, you can delete the errant group. It’s a little more complicated than that actually, you can’t delete a group when Groups are selected, so you have to create a dummy group move to that, and then delete it. I’ve not yet figured out how to get rid of the dummy group 🙂

So my bad, I was playing with Groups and the naming confused me

Directional APs without buying new hardware with Aluminum pans

Another problem I have is that I want some UniFi APs to be directional because they need to radiate to a house. The non-Rube Goldberg solution is to buy a directional system and mount it on the wall outside of the house, but of course that means drilling and more hardware. But this is inspired by the warblogging we used to do and using Pringle cans as antenna guide. You can even build a reflector model to your exact needs with a 3D printer. This idea is simpler, just put a reflector behind the AP to reduce the signal strength.

The cheap solution is to just shield the back of the normal “UFO-shaped APs” and point them out to the desired location. This actually looks stupid, but works well. And yes, the “normal APs” are dome-shaped and omnidirectional. They will radiate a huge distance out the back. They are designed really to mount on the ceilings in an office and radiate downwards (and presumably all the concrete and metal in the ceilings keep them from radiating upwards).

In a home, this isn’t as practical, so I normally get a cheap plastic stand and point them in a given direction which works pretty well, particularly with the aluminum pan trick. The pan is nice because it shields the sides as well, we have a bunch with the lip that is 75mm high, so it works pretty well. And is a good conversation pieces.

The actual effect of these things I tested. I stood 1 meter from an AP and got 44 dBm (see below for what that means) and on the other side behind the foild I got 54 dBm, that means this simple piece of foil lowered the radio signal by 10dBm or 10x less, so that’s something.

Tuning RSSI minimums and other parameters

This is something that takes some time. I’ve tried WiFi optimization, but it doesn’t seem to do much. The basic problem is that most installations use one or two APs and they work fine. The modern APs like say the UniFi U6 Enterprise or U6 LR are amazingly powerful, I can still get a 2.4GHz signal through a bunch of walls at 20Mbps.

But if you are tuning your house up and like us have a bunch of problems like concrete walls, then you need to think about filling in spots. So here is the tuning I ended up with, it’s not pretty but it works to essentially get a nice dense network where the clients are on 5GHz all the time and switch between APs quickly. So for the APs that are internal to a house where you want to limit coverage to a local area like maybe the bedroom area and another for the living room, etc, here is what I do, I set each individual AP by figuring out their “class” and then tuning individual parameters:

I find that I have three classes of APs:

  1. Primary indoor APs. These are the ones where most of the traffic goes. The standard U6-E or AC Pro is good for this. these things support hundreds of clients, but for our purposes, that’s a great thing compared with consumer gear. You want these well spread apart so they take about equal loads. A common thing might be say an AP on the first floor of the house and then another on the second floor. The main issue to deal with is that you want a clean switch from the first floor to the second. The default settings in UniFi usually lead to a client hanging on for too long, so it is stuck on the first-floor AP when it is upstairs.
  2. Fill in indoor APs. Usually, with this kind of layout, you are going to get some dead spots. That is rooms where you don’t have coverage. There might be a wall of plumbing or electrical in the way. The way to deal with this is, if you have money, to buy their in-wall APs, but I use the nano-HD or similar small ones and just put them into the room. Again, you want their signal to be low so they don’t grab a client and hang on for too long.
  3. Boomer APs for outdoors. The biggest problem is covering things like a patio or maybe a WiFi camera in the garage, then you need something that puts a bunch of signal out in a single direction. The pie pan trick helps so that you can have high gain in the direction you want. If you don’t do this then the boomer will actually latch onto all the devices indoors

The solution to all this is what the cellular operators do, the first is to reduce the size of the cells and then manage the frequencies. In 2.4 GHz for instance, only channels 1, 6, and 11 are non-overlapping, so you basically are doing a “coloring problem” you don’t want any “adjacent APs” (eg those that are physically close) to use the same frequency. So you for instance might run the first floor on channel 1, the second on channel 11, and your little “in-fill” APs on channel 6 at low power.

Implementing this on UniFi, I found isn’t straightforward, but here are the key parameters I’ve set on each AP in `Network > UniFi Devices > “an AP” >

Do not set Prefer 5GHz

I had this set and it is supposed just to be a suggestion to the clients, but in practice I’ve found that at least for iPhones and Macs, what it does is that the devices try to get to 5GHz only, they never are actually get to 2.4GHz.

Prefer 5GHz should not be set. This is something I used turn on when I want most of the traffic to go 5GHz. This is important because if you are dense, you want clients to hand off nicely, and you don’t want a low-power signal from across the house to be preferred over the AP sitting right next to you. Preferring 5G means that the APs will kick off clients that are 2.4GHz and force them 5GHz and this can mean in effect, these clients will never see any 2.4GHz signals at all, so it sounds good but leave it off. I could sometime get an iPhone to move to 2.4GHz, but it is very hard with this preference set. What I think happens is the client move to 5GHz, then the minimum RSSI kicks in and it gets shoved off and we are in a doom loop.

The original purpose of this by the way was in dense environments to push everyone to cleaner spectrum, but remember that all the selection logic happens at the client level, so the AP can do send a packet to do something, but ultimately the client decides what to do.

    Setting each APs Radio power

    Turning down the Radio to Low for 2.4GHz and Medium for 5GHz seems to work well for indoor cells. Note that Auto actually is higher than high, so set these for boomer sites. Lowering the radio power is ironically good, it reduces the cell sizes again so that you don’t have much interference. You can also custom tune these values, but I normally just use the preset levels for them.

    What’s all this then about RSSI

    Turning on Minimum RSSI. This means that if the Relative Signal Strength Index is less than -77, then the AP will kick the client off, it forces a handoff. The way to tune this is to let the network settle down (which takes usually a day or so as clients are always polling all the APs they see and picking the one with the best signal) and look at which clients are on what APs. The default is that there is no minimum RSSI, so you end up with a network that has clients holding on to remote APs, it’s a bit of tuning. You set this in the Unifi Device Gear icon. It’s sort of the last thing you should work on, but its important because by default the APs will hang on basically forever.

    What RSSI means is that if the signal gets too low, the AP sends a de-authentication packet to the client and this will, for well-behaved clients, cause them to reselect to another AP. If you set this too high and there is only one AP that it can see, you end up with this strange the network is there, and then a few minutes later it is gone (I’ve been there I know), so this is best used when you have lots of APs with signal in one place.

    The unit value is a little weird too, but what it is measuring is the Signal Strength P_1 of the wireless client in dBm. The numbers are negative because the zero point for the math is 1mW of Signal Strength which is a lot. With today’s systems as little as 0.01 microWatt is enough to get a good signal at -50 dBm. As an aside logarithms are so fun, so basically if you double the signal strength, you get 3dB of gain and to get 10dB, you need to increase the signal by 10x!

      RSSI(P_1) = 10 * log(P_1)\div1mW\\
      RSSI(1mW) = 0\ dBm\\
      RSS(0.1mW) = -10\ dBm \\
      RSS(0.01mW) = -20\ dBm \\
      RSS(0.001mW) = -30\ dBm \\
      RSS(0.00001mW) = -50\ dBm\\
      RSS(0.0000001mW) = -70\ dBm

      So what are good and bad RSSIs, well in generally, here are some levels and UniFi has their own rating called WiFi Experience that is excellent, good and poor and they have percentages so Excellent is 100%, so they assign on a scale of 0-100 a mapping of the RSSIs below and there doesn’t seem to be a decoder ring.

      Note how close things are in the -67 to -80 range, the post I saw shows much higher signal required for different things, so I put what they say and UniFi seems to be doing is that it quite a few dB better than, note that that the Throughtput is to the Internet, so the maximum on this day was about 300Mbps. The UniFi breaks seem to Excellent to -65dBM, then Good to -75 to -78 dBm, then Poor is below that

      RSSI (dBm)MetageekWiFi ExperiencePerformance Notes
      -12ExcellentUniFi way more sensitive
      -30Few feet from APExcellent300Mbps
      -66ExcellentMin for Excellent
      -67Streaming MinGoodMin RSSI you can set
      -70Email, Web minGood100Mbps
      -74GoodPoor split is probably 75dB
      -78Poor
      -79Poor11Mbps
      -80Bad packetsPoor2Mbps barely usable
      -90UnusablePoorUnusable
      UniFi is more sensitive and tolerates less signal than the Metageek recommendations

      So what can you conclude from this:

      1. For inside primary APs, it probably means you should set around at -67 everything roams a lot, but you have to make sure you don’t have blank spots. This is the RSSI minimum for UniFi
      2. For the inside fill-in APs, it’s more likely you just want excellent, so -67 is fine as well
      3. For boomer APs, given that you can get performance out to -79dB, you can set it there since even at the poor setting, you are getting 11Mbps. The main issue will be that you will get leakers, that is even with a 10dBm reduction with the foil, some inside clients will get attached. I fix this by rebooting these and then the clients should roam to inside APs. In the end, I end with more like -76dB to balance the inside problems with the booming needed to get out across the yard.
      4. For the APs that act as both, it’s a real tradeoff what to do, but I’ve found that the foil is just enough so that if you increase to -73 like the outside, it is about right at least for me.

      Note how close these figures on, but as I said, 3 dBm is twice as much power, so you have to see how well this works and see where the holes are. The higher you set the RSSI, the faster the roaming, but also the more likelihood, there will be enough coverage, but the APs kick off clients repeatedly (users see this as I have the Internet and then it goes away).

      Sectorization for Non-overlapping frequencies

      This means laying out your 2.4GHz channels well, the best compromise for me is three 20MHz channels at 1, 6, and 11. This gets you plenty for internet browsing. And for 5GHz channels, I do 80MHz channels as these are close and provide 1.2Gbps if you are lucky. That means there are only two high-performance channels at channels 36 and 149 that are available everywhere, but there the lower-power DFS channels that are great for indoor use since they likely won’t interfere with existing users in those bands, but you have channels 52, 100, 116, and 132 to play with inside the house. It’s actually more complicated than that since different UniFI APs have different maximum power in this band, but in general the UAP U6 LR is really powerful at 31dBm.

        The minimum RSSIs and other parameters that I use will vary from what you need, but these worked pretty well for me:

        1. Indoor Primary APs. Since I’m pretty dense, I set the 5GHz to medium and the 2.4GHz to low because 2.4GHz penetrates through walls better. I typically set Band Steering to “prefer 5GHz” to force clients to use 5GHz which is going to have smaller cells. Then I set the 2.4GHz RSSI typically higher so that it roams faster at -70 (still considered poor) and 5GHz also to -73. I might end up turning these but the default is to hang on forever, so this is still better.
        2. Indoor Fill-in APs. OK, for these APS, I set the power at low 2.4 and medium 5Ghz or the same way as the primaries because by definition they are in places the Primary APs can’t reach. I normally leave them at -70 RSSI minimum for the same reason
        3. Outdoor Boomer APs. The main point of these is they need to be high power, so with the pie pan, I normally set them all to Auto (the maximum setting) and turn off Prefer 5GHz so that clients will roam to 2.4GHz.

        There are some difficult cases and I’ll cover two of mine:

        1. Outdoor Boomer AP that is meshed. The problem here is that for placement sometimes, you can’t get a wire out to the location so you have to have a boomer which is mesh networked and it’s hard to have it at full power. If you shield it, then you lose the mesh. The compromise is to turn down the power to Medium for both and then play with the RSSI to try to get it not to reach into the house.
        2. Combo AP that is both indoor and outdoor. I have one AP that is primary and also needs to radiate outwards. There is no good solution to this problem which is why I went with a single Outdoor Boomer above. You can have a small cell in one direction and a big power well in another. So the solution is to have one AP which is low power there and then have another AP with my foil shielding for booming.

        I’m Rich & Co.

        Welcome to Tongfamily, our cozy corner of the internet dedicated to all things technology and interesting. Here, we invite you to join us on a journey of tips, tricks, and traps. Let’s get geeky!

        Let’s connect

        Recent posts

        Loading Mastodon feed…