Harvest House Internet

Setup

Summary

  • ISP: ITV-3
  • Current Plan: 1Gbps Down/ 250Mbps Up
  • Router: Unifi USG
  • Switch: Unifi Switch 8 Port 150W PoE
  • APs:
    • 1st Floor: Unifi AC HD (UAP-AC-HD)
    • 2nd Floor: Unifi nanoHD (uap-nanohd)
    • 3rd Floor: Unifi AC Pro (uap-ac-pro)
  • Management Portal
  • New Device Inform Adoption Address:
    • https://unifi.couchcooperative.org/inform (use this one by default)
    • https://unifi.couchcooperative.org:8338/inform (use the port version if the firmware is old)

Fiber Modem

Provided by ISP. Only Port 4 has internet. Unmanaged by us. Automatic WAN IP.

Topology

Fiber Modem->Router(LAN1)->Switch

  • Switch -> 1rd Floor AP (PoE via Cat 5e)
  • Switch -> 2rd Floor AP (PoE via Cat 6e)
  • Switch -> 3rd Floor AP (PoE via Cat 6e)

Wan

  • IPV4: DHCP
  • IPV6: unavailable

Lan

  • LAN1: 192.168.77.1/24 (LAN1 in use)
  • enable DHCPv6, Prefix Delegation (but not used)

DNS

For the main internet, we use Cloudflare DNS first, their query is discarded overnight and is the fastest public DNS around. Multiple previous incident has proved that Comcast DNS is not reliable.

IPV4 DNS

IPv6 DNS (not used)

APs

SSID

  • Harvest House
    • General purpose with dual DNS backups
    • Very stable
  • Harvest House Adblock
    • Adguard dns, no backup DNS since DNS protocol is device dependent and may not use the primary DNS, thus does not always use the dns which has adblock capability
    • It is less stable since this has single point of failure.
    • VLAN 50

Settings

  • 2G: high power
  • 5G: high power
  • disable mesh between access point
  • disable 5G band steering (by default)

Channels

  • 2G channel non-overlapped. #1, #6, #11
  • 5G channel non-overlapped 80Mhz channel: #45, #122(DFS radar channel, require 1 min wait time after restart before showing up), #155

Electrical

3 APs were provided power via PoE via ethernet cable. There is no additional equipments that were plugged in. USG(router) was connected to fiber modem via a ground block to protect surge. Router, switch and modem were all surge protected.

For future residents who wish to plug in physical cables. Make sure the other end (their computers) must be surge protected in order to use the physical cable line. Otherwise, it could destroy the equipment by having unprotected endpoints passing surge down to the switch.

Backup

Controller is automatically backed up daily. In the case of controller fail, recover the entire controller via:

/usr/lib/unifi/data/backup

If the management portal is still available -> Backup and can be downloaded there. Backup after 7 days will be deleted due to space restriction.

Export to a New Controller

Using this guide if you need to migrate Internet Management Portal to another controller. It is likely to happen if more houses decided to sign up for Unifi and current server unable to handle the Management Portal anymore.

Adding New Devices

  1. New devices must be first connected to the same subnet, meaning physically connected to a port on the switch first.
  2. Use the following 2 method to discover the new IP address of the device
    • Management Portal -> Client -> Wired
    • Unifi mobile app (use the address in section (Summary](#summary)-> More ->Remote Adoption
  3. SSH into the ip address default user/password: ubnt/ubnt
  4. Issue command in the ssh session
  5. After 1-3min, the new devices will show up in Management Portal->Devices
  6. Click adopt+upgrade on the right side of the device
  7. Re-issue command in SSH
  8. Be patient, wait for the device to adopt, upgrade and restart, this could take 5min, Management Portal may not immediately show the updates. When it is done,
    • Blue constant LED
    • Management Portal->Devices will show connected and green in status.
    • Do NOT UNPLUG THE DEVICE UNTIL THE UPGRADE IS DONE, YOU WILL BRICK THE DEVICE.

Upgrade and Maintenance

All upgrade and maintenance of firmware on Unifi can be scheduled in advance. Usually, a pop-up will notify you when you log into the Management Portal, firmware upgrade is available. Schedule by

Settings->Services->Scheduled Upgrade->Create New-> One Time Upgrade -> choose date and all devices.

It is recommended all upgrade be done around 5am and all house members be notified. The upgrade will happen automatically and will take around 5-15min, it cannot be interrupted or the device will brick.

Sometimes in device list, it actually shows a downgrade option, it is usually a glitch on the update server or a genuine recall, in which case you can choose to downgrade if any devices shows instability. Firmware are usually very stable and even if they are recalled, it is likely only very specific use case has glitch. So if no one is experience any adverse effect, you can hold off on downgrading.

Firmware upgrades usually comes out once per 3 months, it is recommended to upgrade.

Troubleshoot

WARNING: DO NOT UNPLUG ANY DEVICES UNTIL YOU READ THIS

In case your internet is down. Most likely it is not because of any Unifi equipments. The router, switch and wifi access points are enterprise grade, they have proved to be much more stable than the ISP in terms of uptime. In general, we are seeing 99% of outage by ISP, 1% by maintenance, close to 0% by actual equipment. Troubleshoot in the following order.

  1. Does ITV-3 Has Outage? -> check live outage map and comment section.
  2. Login to Management Portal, devices->see if all devices are green->online. If not all devices are offline, move mouse over to the right side of the device list, a restart button should appear, click on the device that is showing red that needs to be restarted.
  3. If all devices are offline however, and there is no reported outage from step 1, that means your modem needs to be restarted, the modem is not commercial grade, so it can fail. Unplug the comcast modem, wait 1min, plug back in. Do NOT unplug any unifi equipment, it is not necessary and will make the rebooting process significantly longer. Comcast modem restart generally takes 3min.

In most cases, Unifi equipment work 24/7/365 and do not need restart at all.