MacInTouch Amazon link...

AirPort issues/alternatives

Channels
Apple, Security, Products
Thank you all. MacInTouch is such a great resource!

After testing all the cables that I could test, I decided to upgrade my Farallon Starlet/8 !0 Base-T to a Netgear 8-Port Gigabit hub. It was in the process of switching the cables from one hub to another that I found that one of the Ethernet ports had died. Luckily, when I had the Ethernet wiring installed, I distributed the ports across the house. In the same room behind our upright piano, was a live port. Also, another bit of luck, the Netgear hub fit snugly into my crude wooden rack I had made for the Farallon over 15 years ago!

One of the things this episode taught me is that the Airport Utility display is not a "wiring" diagram, but a "connectivity" diagram. It’s therefore dependent on where you are standing and how strong the signal is, as to what you will see. In retrospect, duh!
 


Ric Ford

MacInTouch
I had my first experience today with a Ubiquiti AmpliFi HD, which I got based on recommendations from other folks on MacInTouch. I hope I'm not jinxing things, but I was stunned by how nice it is — like the very best products Apple ever did in the past and way, way better than AirPort — in every detail from packaging to software to documentation to hardware design.

The idea was to move to a mesh system for hopefully better performance in a largish 2-story house with lots of competing WiFi in neighboring houses. The jury is still out on the amount of improvement, partly because WiFi is so frustratingly inconsistent in general, but I am getting very good performance (around 20-25 Mbps), given the FiOS service at the location.

As mentioned previously, I'd switched from 5GHz back to 2.4GHz after test results were better at the slower speed, but the AmpliFi is at 5GHz and seems OK on the opposite end of the house from the router (and near a neighbor's WiFi).

Other notes:
  • The remote mesh points take a while to get up and running after being powered up (including when they're moved from one wall plug to another).
  • The management app needs to be on the same LAN as the AmpliFi (of course), and a VPN can interfere with that (i.e. needs to be disabled).
  • The installation guide says the ISP router needs to be turned off when connecting the AmpliFi, but that wasn't necessary. (I did have WiFi disabled already on the Verizon router.)
  • The iOS app, beautifully designed, provides a wealth of information, although it's not clear exactly how clients are assigned to access points (though you can work out which one each client is connected to).
  • There's a web interface (http, not https) that provides access to some "advanced" settings (802.11k, 802.11v, A-MSDU, etc.).
  • I shut down an AirPort Extreme and an AirPort Express, hoping to improve results by eliminating contention from them, but it didn't seem to have much effect.
Additional tips:
  • The Backblaze Bandwidth Test is a handy tool to check performance.
  • As has been noted before, you can hold down the Option key while selecting the WiFi menu in the macOS menu bar to get extra useful information (e.g. signal levels, transmission rates, channel, security, etc.) in faint gray text.
 


Ric Ford

MacInTouch
The idea was to move to a mesh system for hopefully better performance in a largish 2-story house with lots of competing WiFi in neighboring houses. The jury is still out on the amount of improvement, partly because WiFi is so frustratingly inconsistent in general, but I am getting very good performance (around 20-25 Mbps), given the FiOS service at the location.
For comparison, I tested Ethernet over power-line adapters*... which were slower than the AmpliFi set-up.


* 2015 MacBook Pro to Thunderbolt 2-3 adapter to CalDigit TS3+ to Zyxel to Zyxel to FiOS router.
 


Ric Ford

MacInTouch
For comparison, I tested Ethernet over power-line adapters*... which were slower than the AmpliFi set-up.
For good measure, I connected the Intel NUC directly to the Internet router with an Ethernet cable (since, gee, it actually has an Ethernet port...). No improvement from the direct connection vs. AmpliFi wireless at the other end of the house from the router and base station with intervening walls/floors.
 


Ric Ford

MacInTouch
The jury is still out on the amount of improvement...
Apart from benchmarks, I'm getting notably better/smoother Internet performance, particularly where a neighbor's WiFi signal is strong on the opposite side of the house from my wireless routers. The MeshPoints don't seem to be overly sensitive to location and orientation, but they're very adjustable and offer built-in signal strength indicator lights (on top of the detailed information provided by the iOS app).
 


I had my first experience today with a Ubiquiti AmpliFi HD, which I got based on recommendations from other folks on MacInTouch. ...
May I ask, do we know anything about the Ubiquiti routers with regard to security and hacking? I know there has been talk about how some of the inexpensive routers can be easily hacked. I'm a little suspicious of the "internet of things" in that regard.
 


I had my first experience today with a Ubiquiti AmpliFi HD, which I got based on recommendations from other folks on MacInTouch. I hope I'm not jinxing things, but I was stunned by how nice it is
I have a few comments and questions, and absolutely no experience with the company's products... [but I think] reviews on Amazon suggest caution, both as regards the quality of the hardware itself and as regards the privacy of the device. For example (from one review):
Ok, let me first say that I am a certified security professional, so this review is a caution for those concerned about their network security and personal information.
Cons:
1. You can not access the logs of what is happening on your wi-fi network. You can not see if someone is trying to attack your system or if you have a misconfigured device causing issues. The logs can only be viewed by the development team of the company, and they refuse to decrypt it and send it back to the customer. They may answer some vague question, but I have been trying for over a month now to find out if my neighbor is still trying to hack my wi-fi with only "i'm sorry we can't give you that" as answers.

2. The boosters are much larger than I thought, and the magnetic mount, while it can turn to accommodate almost any space, the side of the plug part itself and it's inability to turn makes it difficult to place in some spaces.
3. The application can reach the AP through your firewall without you being able to configure any additional security. That means your network is connected to their hub, which is outside of your control and collecting unknown data. So it could be collecting passwords or system information. With them hiding the logs, you can not know for sure.
I'm decidedly an end-user, not a techie, but the product description on Amazon [didn't answer my questions] in regards to whether the router can broadast separate secure and open (guest) SSIDs (a PDF on the website says it uses an "open time window concept to permit instant guest access"), or how it handles iOT clients that need to connect at 2.4 GHz).

Other reviews on the website [note some] hardware failures and other concerns about inability to conceal the router's logs from the manufacturer.

I've just moved from CA to MT, where I was surprised to discover remarkably inexpensive 100 Gb/sec internet in a tiny rural community, and that configuring my LAN (Spectrum instead of Comcast) was almost as simple as finding the packing carton containing my AirPort Extreme and DOCSIS 3.1 cable modem, connecting to Spectrum's website to prove I had a compatible cable modem (I had to enter its MAC address to introduce myself to their server, and reconnecting my mobile clients to the router - no reconfiguration required.

One other question/comment about the Ubiquiti system. You mention that the ISP's router needs to be inactive during setup. Seems to me the ISP's router should be disabled all the time (or, even better, WAN access obtained through a customer-owned router and cable modem) to avoid double NAT situations, as well as my personal least favorite - the ISP, e.g., Comcast, using my personal internet access to host their xfinitiwifi SSIDs while charging me monthly to rent their device!

Finally, I'm wondering whether any other readers with Airport Time Capsules can confirm my inference regarding a quirk of that router/Time Machine backup point: Periodically, when I'm seated close to the Time Capsule, I can hear the noise it makes when I plug it in to a/c power. This is not accompanied by any connection lapses or data transmission degradation. My guess is that it's the internal hard drive spinning up for Time Machine backup sessions, but that's just a guess.
 


May I ask, do we know anything about the Ubiquiti routers with regard to security and hacking? I know there has been talk about how some of the inexpensive routers can be easily hacked. I'm a little suspicious of the "internet of things" in that regard.
if you go to Amazon (Ubiquiti AmpliFi HD) there is one reply from a customer ("certified security professional"). His take is
Cons: 1. You can not access the logs of what is happening on your wi-fi network. You can not see if someone is trying to attack your system or if you have a misconfigured device causing issues. The logs can only be viewed by the development team of the company, and they refuse to decrypt it and send it back to the customer. They may answer some vague question, but I have been trying for over a month now to find out if my neighbor is still trying to hack my wi-fi with only "i'm sorry we can't give you that" as answers.
 


May I ask, do we know anything about the Ubiquiti routers with regard to security and hacking? I know there has been talk about how some of the inexpensive routers can be easily hacked. I'm a little suspicious of the "internet of things" in that regard.
Three years ago, there were valid concerns. Haven't been able to find anything more recent than that.
 


After reading Ric's post, I used Speedtest and an iPad Pro to measure throughput in four different places in/around my house: the top floor, where the AirPort Extreme is, the middle floor, the ground floor, and just outside the (closed) front door, where my Ring doorbell is mounted (and continually complains about low signal level).

Testing on the 5 GHz network, the iPad Pro was able to get 80 Mbps downloads (via supposedly 100/100 Verizon Fios as uphaul) consistently in all four locations. Upload throughput [varied] considerably, with ~ 80 Mbps on the top and ground floors, and ~ 32 Mbps on the middle floor and outside the front door.

My house is a mid-1980s construction, end-unit townhouse, with a wooden frame (but some sheet metal interior framing elements for hanging drywall), brick front, and aluminum siding side and back walls. The front door is steel.

All I can conclude from the above is that, for my home at least, the AirPort Extreme is more than adequate for anything I'm likely to do on a handheld device. (I should also add anecdotally that an older iMac about thirty feet from the Extreme, and through two sheetrock walls, downloads OS updates in the same time as does my "production" machine, which is connected by Cat 5e and a couple of small switches, to one of the Verizon router's LAN ports. So for anything I currently do, it appears the Extreme is good enough, and I don't see any reason to replace it.

It also appears that Ring must have been implementing a limit on the power its WiFi can radiate, in order to preserve battery life. (I've had less salutary experiences with at least one other piece of Ring hardware, a Doorbell Pro with a different WiFi chipset from that in the doorbell, that refused to connect to the AirPort network. But who needs an audible chime from the wall when one gets one from one's phone and iPad?)
 


Ric Ford

MacInTouch
I have a few comments and questions (and absolutely no experience with the company's products)... [but I think] reviews on Amazon suggest caution, both as regards the quality of the hardware itself...
I constantly check Amazon reviews for a great many products (and constantly assess whether the reviews are fake or not). The Ubiquiti AmpliFi review score is very good overall. Yes, there is a percentage of failures, but this is true for almost all products. Here on MacInTouch, where people have recommended Ubiquiti products in the past, I don't recall seeing reports of problems. Certainly, if this device fails, I'll report it, and I do have a bunch of backup routers, in case that happens (given how critical Internet access is for my work).
I'm decidedly an end-user, not a techie, but the product description on Amazon [didn't answer my questions] in regards to whether the router can broadast separate secure and open (guest) SSIDs (a PDF on the website says it uses an "open time window concept to permit instant guest access"), or how it handles iOT clients that need to connect at 2.4 GHz).
It has much more flexible guest options than Apple's AirPort. It can broadcast separate SSIDs, and use separate passwords, for the main access and guest access. It can easily handle both 2.4GHz and 5GHz, and you get several related options/controls, including the option of adding an additional SSID to separate 2.4GHz and 5GHz networks.
One other question/comment about the Ubiquiti system. You mention that the ISP's router needs to be inactive during setup. Seems to me the ISP's router should be disabled all the time (or, even better, WAN access obtained through a customer-owned router and cable modem) to avoid double NAT situations...
It makes sense, certainly, to disable WiFi on the Internet provider's own router, and I forgot to mention that I had already disabled WiFi on the FiOS router when I added AirPort devices long ago. I didn't get any complaints from the AmpliFi about double-NAT, though it seems like I have things set up that way — it doesn't seem to be creating any performance problems. There are options for Hardware NAT, Bridge Mode, and Clone MAC Address, all of which I have currently disabled.

More information is available in the AmpliFi User Guide and at the AmpliFi Help Center.
 


Need to crow a bit. A new product, Sonos Boost, solved Wifi issues within my house.

I've had been fighting dropped music streams, room disconnects, and slow controller speed, along with Netflix dropouts. Sonos claims that Boost moves Wifi streams to a separate dedicated Sonos channel, away from normal Wifi. My Wifi issues went away on install. Sonos is snappier, stable, and fun again in my house of 6 speakers and lots of wifi devices.

Separately, they've fixed the issue where an SMB-shared music library on a Mac Mini server could be indexed but not played — it now works.

I'm not sure exactly what Boost does, but Sonos did something major to clear up Wifi issues. It was $99, but they sent me coupon for 30% off, since it was replacing their bridge product, which I owned. Amazon comments are mixed, but happy camper here.
 


Ric Ford

MacInTouch
My house is a mid-1980s construction, end-unit townhouse, with a wooden frame (but some sheet metal interior framing elements for hanging drywall), brick front, and aluminum siding side and back walls. The front door is steel. All I can conclude from the above is that, for my home at least, the AirPort Extreme is more than adequate for anything I'm likely to do on a handheld device.
That's interesting. Thanks for sharing the test results. I wonder if the aluminum siding helps performance in your house by blocking neighboring WiFi? The issue I was dealing with was very strong neighboring WiFi signals, and the Ubiquiti AmpliFi seems to have helped significantly with that.

Another option, which I never got around to trying, would be using powerline adapters from the Internet router to a second AirPort device located on the opposite side of the house. (Ethernet would be another option, if the wiring is available.)
 


Ric Ford

MacInTouch
For example (from one review):
2. The boosters are much larger than I thought, and the magnetic mount, while it can turn to accommodate almost any space, the side of the plug part itself and it's inability to turn makes it difficult to place in some spaces.
The complaint about MeshPoint size seems petty/unrealistic. Presumably their height is needed to accomodate good antennas, and they don't extend far out from the wall, so I was able to place them in fairly tight spots. They're quite adjustable with their unique magnetic-ball mount, but they didn't need adjustment in my experience.
3. The application can reach the AP through your firewall without you being able to configure any additional security. That means your network is connected to their hub, which is outside of your control and collecting unknown data. So it could be collecting passwords or system information. With them hiding the logs, you can not know for sure.
I could not reach the AmpliFi at all from outside my network, only when connected to its own wireless access point directly, though I do have NAT in the pathway on my Verizon router and haven't tested disabling that. I believe the AmpliFi supports Bluetooth, so perhaps that's a means of direct access without WiFi (something I haven't tested). I wonder if they're talking about Ubiquiti's Teleport feature (something else I haven't tried yet).
 


I had my first experience today with a Ubiquiti AmpliFi HD, which I got based on recommendations from other folks on MacInTouch. I hope I'm not jinxing things, but I was stunned by how nice it is — like the very best products Apple ever did in the past and way, way better than AirPort — in every detail from packaging to software to documentation to hardware design.
I second that. I recently switched from an AirPort Extreme with multiple AirPort Expresses (I have speakers on AirPlay all around the house). I have a Netgate pfSense SG-1100 firewall/router and two Ubiquiti AmpliFi NanoHD — one in the front and one in the back of the house. Rock-solid WiFi everywhere. The UniFi software is very detailed and very beautifully designed — iOS apps, cloud login, the whole nine-yards. I still use the AirPort Expresses in both wired and wireless client mode to provide AirPlay. It was recommended to me by a friend who works in network security.

I use the Netgate SG-1100 as the main router and DHCP provider to the wired and wireless networks, and the Ubiquiti devices just provide WiFi (they are both on ethernet, so they're extending and not meshing). I also recommend the SG-1100, Netgate has done a great job with making it work right out of the box while still making everything configurable. I haven't been completely successful setting up the pfSense VPN yet, though.
 


That's interesting. Thanks for sharing the test results. I wonder if the aluminum siding helps performance in your house by blocking neighboring WiFi? The issue I was dealing with was very strong neighboring WiFi signals, and the Ubiquiti AmpliFi seems to have helped significantly with that.
There are several neighbors with WiFi networks, but their signals are always 2/3 or less of the strength of mine (assuming there's any quantitative information in iOS's little icons). Don't know, however, whether that's because of the siding or simply location: at the end of a row of townhouses, except from my immediate neighbor across a masonry wall (also a good absorber of GHz radiation, if I recall correctly), the two nearest houses are each across a street from me (I'm on a corner) and the third is about 30 feet away — and the nearest side of their unit is brick as well. Location, location, location?
 


As mentioned previously, I'd switched from 5GHz back to 2.4GHz after test results were better at the slower speed, but the AmpliFi is at 5GHz and seems OK on the opposite end of the house from the router (and near a neighbor's WiFi).
Ric, I'm curious to know if you are using a hard-wired backhaul between the satellites and the router. I use a Netgear Orbi system and when I first set it up I got terrible performance on the 5GHz spectrum. After some poking around in the settings and a bit of research I decided to forego the wireless backhaul in favor of hard-wired. The difference in performance was astonishing, to say the least. The wireless backhaul was apparently using nearly all the bandwidth available on the 5GHz spectrum. The other thing that helped me was manually changing both the 5GHz and 2.4GHz channels until I got an optimal setting. your milage may vary of course.
 



.... I believe the AmpliFi supports Bluetooth, so perhaps that's a means of direct access without WiFi (something I haven't tested). I wonder if they're talking about Ubiquiti's Teleport feature (something else I haven't tried yet).
The AmpliFi routers have a remote admin feature. It uses other logins for authentication (Google / Facebook) and there's a pretty good chance that's an open authentication (OAuth) hook. It could have also been the case the reviewer turned on that feature (trying out all the features) and left it on. If you turn on remote access, it is pretty likely you can get back in from the outside. :-) It isn't on by default, though.

The documentation seems to be dated, because they mainly talk about Teleport the product (it used to be a separate device). They have now woven it into the routers, but the control/settings interface for it is probably the same. Once again, though, I think you have to turn it on (off by default).

The Teleport VPN needs a another app to run/manage the VPN.

The router security site has some minor issues with the autoupdate feature. It won't do it unattended (so the user has to pick the 'time'). But the user also can't force a "go look" either. (I'm not sure if the latter is still true. that would seem like a reasonable update to the GUI.)
 


I had my first experience today with a Ubiquiti AmpliFi HD, which I got based on recommendations from other folks on MacInTouch. I hope I'm not jinxing things, but I was stunned by how nice it is — like the very best products Apple ever did in the past and way, way better than AirPort — in every detail from packaging to software to documentation to hardware design.
Interesting, but does this include the router itself (WiFi router) or simply the hardware to extend an existing system? I'm investigating routers that can replace an old AirPort Extreme. Looking for something equally simply to set up and operate.
 


I second that. I recently switched from an AirPort Extreme with multiple AirPort Expresses (I have speakers on AirPlay all around the house). I have a Netgate pfSense SG-1100 firewall/router and two Ubiquiti AmpliFi NanoHD — one in the front and one in the back of the house. Rock-solid WiFi everywhere. The UniFi software is very detailed and very beautifully designed — iOS apps, cloud login, the whole nine-yards. I still use the AirPort Expresses in both wired and wireless client mode to provide AirPlay. It was recommended to me by a friend who works in network security.
I use the Netgate SG-1100 as the main router and DHCP provider to the wired and wireless networks, and the Ubiquiti devices just provide WiFi (they are both on ethernet, so they're extending and not meshing). I also recommend the SG-1100, Netgate has done a great job with making it work right out of the box while still making everything configurable. I haven't been completely successful setting up the pfSense VPN yet, though.
The UniFi NanoHD units are a very different beast (enterprise lineup with far more features and control — really nice product). The UniFi gear can also do mesh, but the AmpliFi does a lot to make it simple.

I wouldn’t be worried so much about security, as they seem to have been pretty good over the years (I’ve been using UniFi gear for 4 years now), but they do make some questionable decisions about releasing products early. For example, the latest v2 firmware for the EdgeMax routers has been remarkably half-baked.

But the most egregious thing was the recent redo of their support forums to an unstructured mass of messages sorted by keyword tags — went from being easy and straightforward to navigate, and now it’s terrible. That has me reconsidering their product line altogether, since they only do forum-based support. (I’ve found the online chat from within the UniFi interface is spotty.)
 


I had my first experience today with a Ubiquiti AmpliFi HD
I "internet met" Tom Lawrence by emailing with him about topics covered on the Sunday Morning Linux Review podcast. He's a very active YouTuber, and I think does a good job, at least on the videos he makes about things that aren't too technical for me.

Relevant here are his videos:
If you find the SG1100 of interest, you may want to watch:
 


Ric Ford

MacInTouch
Interesting, but does this include the router itself (WiFi router) or simply the hardware to extend an existing system? I'm investigating routers that can replace an old AirPort Extreme. Looking for something equally simply to set up and operate.
It absolutely replaces the router. It's a 3-part package: main router, beautifully designed with a touch-screen and four Gigabit Ethernet ports, plus the WAN port, and two additional "MeshPoints", which are also very nice designs: compact, adjustable units to plug into a/c wall plugs with LED indicators to show signal strength and status (but no Ethernet port). And the iOS management app is beautiful, as well, with lots of information and user-friendly configuration options.

I disconnected my AirPort routers after setting up the AmpliFi, which handles everything. It's a "better than Apple" Apple-type experience....
 


Ric Ford

MacInTouch
The router security site has some minor issues with the autoupdate feature. It won't do it unattended (so the user has to pick the 'time'). But the user also can't force a "go look" either. (I'm not sure if the latter is still true. that would seem like a reasonable update to the GUI.)
In the iOS app, tap the router, then tap Firmware Update:
AmpliFi app said:
Up to date
Firmware is up to date.
 


It has much more flexible guest options than Apple's AirPort. It can broadcast separate SSIDs, and use separate passwords, for the main access and guest access. It can easily handle both 2.4GHz and 5GHz, and you get several related options/controls, including the option of adding an additional SSID to separate 2.4GHz and 5GHz networks.
Thanks for the info about the Ubiquiti AmpliFi HD. It looks like this is available in Europe, too, which is a bonus when I look to upgrade.

Regarding your statement above, I'm either reading it wrong or there is no difference to the Airport base station (ac model). My Airport base station "broadcasts separate SSIDs, and uses separate passwords, for the main access and guest access". It handles "both 2.4GHz and 5GHz", and I have both these networks with different SSIDs. Am I missing something?
 


One reason I haven't looked more closely at the Ubiquiti AmpliFi HD for my clients is because they are wireless only. That's fine for some (many) setups but certainly not all, and having wired backhaul is obviously desirable when possible.

My go-to for years now has been Eero -- only the Eero proper, not the smaller wireless-only Beacon units -- and I have a similar feeling about the whole experience that Ric describes -- nicely designed app, easy setup, good overall Apple-at-its-best type experience. And, to address a concern above, it offers a separate isolated Guest network.

What I particularly like is it completely self-configures any combination of wired and wireless access points in any layout (whereas Orbi tend to be happiest in a star configuration), and it's just as happy to act as a router, or bridge to another one (something, for example, that Google WiFi can't do). So for example I have one home where there are a bunch of Eeros connected via wire, but the client needed a VoIP phone attached via Ethernet in a room that didn't have Ethernet, so I just threw in another Eero. and it instantly wirelessly bridged the WiFi to its Ethernet ports.

I don't have enough good things to say about it. Complaints would be that configuration is app-only -- no web interface -- and it's unsuitable for multiple administrators, because you always need to receive an email or text to log in (there's no password). And the app itself is attractive but doesn't provide a ton of info and only offers the most basic router configuration options if you're using it that way. (It's better than the Linksys Velop app, though.)

I'm not thrilled that Eero is now owned by Amazon (apart from the fact that it means it's likely to continue to exist). I certainly see why they'd be interested in having Eero mesh technology in their various Alexa units -- why have dedicated mesh access points when your smart speaker/screen/etc can do that for you -- but privacy is certainly a concern.
 



Here on MacInTouch, where people have recommended Ubiquiti products in the past, I don't recall seeing reports of problems. Certainly, if this device fails, I'll report it, and I do have a bunch of backup routers, in case that happens (given how critical Internet access is for my work).
I have Ubiquiti product in use at a few sites — business sites — and I'm using the UniFi product line. I've several wireless access points, a few switches and a few of the Cloud Keys (original and Gen 2). Performance and reliability have been, quite simply, excellent. No failures in about two years of use. Perhaps two instances of connectivity issues requiring a power cycle of a device. The equipment has played well with my Netgate pfSense firewalls. Coverage has been, if anything, too good.

My complaints:
  • Like Apple's network products, the only access to the equipment is via a proprietary interface, be it device app, web interface to cloud presence, or direct IP addressing. That interface is powerful and full-featured, though.
  • If you're not using a full complement of Ubiquiti hardware, you are always made aware of the missing component(s), because the interface shows you an overview with gaps where you don't have a relevant item. For example, in one site I'm using a Cloud Key, one of their switches, and 3 access points but no UniFi gateway. So I'll "see" options for deep traffic analytics, but selecting them will note the absence of any gateway that would allow said analysis.
I have other minor quibbles and items of praise, but largely I love the fact that, once configured well, the stuff is just as invisible as it gets. It just doesn't occur to me anymore to check if it's working.
 


One reason I haven't looked more closely at the Ubiquiti Amplifi HD for my clients is because they are wireless only. That's fine for some (many) setups but certainly not all, and having wired backhaul is obviously desirable when possible. My go-to for years now has been Eero -- only the Eero proper, not the smaller wireless-only Beacon units -- and I have a similar feeling about the whole experience that Ric describes -- nicely designed app, easy setup, good overall Apple-at-its-best type experience. And, to address a concern above, it offers a separate isolated Guest network.
Though I recommend, deploy and administer Ubiquiti equipment into several environments under my purview, at home I'm using Eero. I'm very satisfied with the setup (it took over from two Time Capsules + AirPort Express that had been the only previous working solution* to my wifi challenges).

My only complaint is that the LAN (internal) network is entirely dependent on your broadband connection staying up -- if you lose connection due to an outage, for example, then your internal stuff, such as connecting to a server in the next room, will stop working for the duration.

I still have an AirPort Express in my mix for connection to my living room stereo.

* I tried, over the years, LinkSys, NetGear, AirLink+, D-Link, TP-link, Bountiful, Cisco and Belkin.
 


Ric Ford

MacInTouch
I was stunned by how nice it is — like the very best products Apple ever did in the past and way, way better than AirPort — in every detail from packaging to software to documentation to hardware design.
The UniFi software is very detailed and very beautifully designed — iOS apps, cloud login, the whole nine-yards.
I have a similar feeling about the whole experience that Ric describes -- nicely designed app, easy setup, good overall Apple-at-its-best type experience.
Well, I guess this makes sense then...
Ubiquiti said:
Board of Directors
Mr. Pera has served as our Chief Executive Officer and a member of our Board since our inception, and as our Chairman of the Board since December 2012. From January 2003 to February 2005, Mr. Pera was a wireless engineer with Apple, Inc.
 


Ric Ford

MacInTouch
One reason I haven't looked more closely at the Ubiquiti AmpliFi HD for my clients is because they are wireless only.
I understand that, but it seems that Ubiquiti has an amazing collection of networking products with a lot of wired options, too. I don't know how well these integrate with the AmpliFi software, but they'd obviously be network-compatible.
 


Ric Ford

MacInTouch
This thorough review of the Ubiquiti AmpliFi HD system may help answer a few more questions. (I liked the coverage map comparison.)
Scott Hanselman said:
There's an interesting comment below the review about backhaul:
Brad Guilford
I currently live in a historic home with lathe and plaster walls that eats up wi-fi signals like nowhere else I've ever lived. I'm using 3 of the Amplifi routers all with wired backhaul and I now have perfect wi-fi coverage even in this challenging environment. I tried using a wireless connection for the routers first, but the signal strength was terrible and having wired backhaul as an option is what made the system workable for me. Like you I had several friends tell me I should use the Ubiquiti access points instead, but the highest performance Ubiquiti APs are designed for ceiling mount and my wife was having none of that. The Amplifi routers have been a great compromise, providing excellent coverage without having commercial AP "UFOs" on the ceilings ruining the historic vibe.
 


... I tried, over the years, LinkSys, NetGear, AirLink+, D-Link, TP-link, Bountiful, Cisco and Belkin.
Having seen a few of this kind of experience here, I wonder if some manufacturers' businesses depend on people failing to use their hardware and then trashing the hardware or recycling it (to other users), if the "I give up" date is beyond the reseller's return period. (I know I've gotten to that point with three different WiFi extenders and one Ring accessory.)
 


Our smallish, ranch-style townhouse (1300 sq. ft.) has had dead zones in it from the onset of our use of WiFi, but it took the purchase of an Apple TV that paused the streaming program every few minutes to finally prompt action.

We ended up getting a 3-pack of xFi cubes (Xfinity is our ISP), and they greatly improved our house-wide WiFi. But here's a piece of information that wasn't offered at either the Xfinity store or, later, at Best Buy:

While you have a choice to rent a gateway (or modem) from Xfinity, they also support a small handful of purchase options. These are available at Best Buy and Xfinity stores and are branded 'Xfinity' right on the box. I bought a nicely spec'd Motorola and made the switch. That's when I discovered (after an afternoon's absolute torture on the phone with Xfinity) that xFi pods do not work unless the gateway is rented. By the time I got around to buying the Motorola, the return window on xFi Pods had closed. So, the Motorola went back.

I'm not unhappy with the pods, just that I'm locked into renting my device if I want to use them. (I wonder if it may be possible to rent the modem, buy my own router, and still be able to use the pods, though my space is limited and I don't need another device on my desk.)

You can read an xFi Pod review elsewhere on MacInTouch: Post 2189.
 


One reason I haven't looked more closely at the Ubiquiti AmpliFi HD for my clients is because they are wireless only. That's fine for some (many) setups but certainly not all, and having wired backhaul is obviously desirable when possible.
The pre-bundled kits are wireless only (well, don't combine as easily). If you want to build your own mesh (at a higher price), you can. You can combine different elements of the AmpliFi line with each other but have to choose carefully. There is a compatibility guide
in the docs. So, for example, you can buy three standalone HD routers and combine them into a mesh. You set up the first to be the main router and then can set up the others on backhaul in what they call "Router as mesh point" (RAMP), admittedly a two-step process. The standalone AmpliFi Instant also can work in RAMP mode....

The pre-bundled ones are better at "buy once and done". If you need something more custom or evolutionary, then it works better to not buy the kits and just do the manual configurations.

AmpliFi has also made some progress in bridge meshes and guest mode. Systems on a LAN can see devices on a Guest network but not vice versa. So if you put the IoT devices on the guest network, you can reach them for control, but if they get compromised, the ioT devices don't get back in. There isn't all the flexibility of the UniFi devices, but there is a reasonable amount of relatively common use cases available there.

I can't find it explicitly in the user docs, but I suspect the RAMP mode routers can still wirelessly bridge to their LAN ports in RAMP mode. The 'upstream' port is the 'WAN' port, so I suspect they can still traffic data to the upstream/WAN port in RAMP mode just as they would if were the 'main' router. For example:
AmpliFi Community said:
The main router has a bridge mode, too.

The dedicated MeshPoint "coverage extenders' are wireless only. They have some upsides in being somewhat directional and have more convenient placement. But the standalone AmpliFi Instant is actually less expensive (and has one LAN port).
 


.... Regarding your statement above, I'm either reading it wrong or there is no difference to the Airport base station (ac model). My Airport base station "broadcasts separate SSIDs, and uses separate passwords, for the main access and guest access". It handles "both 2.4GHz and 5GHz", and I have both these networks with different SSIDs. Am I missing something?
"Out of the box", the Amplifi products implement 'band steering'. They'll present the 2.4GHz and 5GHz bands under one SSID and negotiate with the clients as to which one to join (or get off). So, the 'different' SSD is to add yet another SSID on top of that (and the Guest one).

The additional SSID would be very useful for older Wi-Fi devices, which are 2.4GHz only and "don't like" or are incompatible (if old enough) with band steering.... Technically, you can turn band steering off, also, if you're having problems with devices. Or if you simply prefer to keep 5GHz ones explicitly segregated. Having the additional SSID means one can have both approaches at the same time.

The Additional SSIDs don't deploy over the whole mesh, so they are useful for edge-case devices.
 


FWIW, I have a second home in Normandy, France. Some fine US products aren't certified for use there (Eero, for example) and so I had to look elsewhere.

It's a three-story house. There's no fibre or cable or... and so internet connection is via a 4g 'box' - cellular radio on one side, wifi and ethernet on the other. I've had an old, flat AirPort Express for years, and dragged it over. With it and the 4G box on the middle floor, there was some wifi connectivity throughout the house, but weak, so I bought a pair of refurbed tower AirpPort Expresses. Installed one at home, the other here. Of course, the second was DOA...

My use case may not be general, but it imposes some restrictions: in the living room lives the hifi system, which is a NAD preamp driving a power amp driving stereo speakers, with music being sourced from either a Mac Mini running Roon or an FM tuner. (Roon is like a high-end iTunes program, if you've not heard of it before.)

Roon works best (the preamp shows you on its front panel what is playing from Roon) if you use a network connection between the Roon box and the preamp. Using wifi for this caused many hiccups and stuttered music; the obvious thing was an Ethernet switch, which meant a wifi range extender or equivalent. But the extender I tried was no improvement.

So, in the end, I bought into the LinkSys Velop system online from Amazon.fr. There are four units scattered around the house (which is an 18th century building, unfriendly to the transmission of wifi through walls), one wired to the 4G box, and the one in the living room wired to an ethernet switch which is connected to the NAD and Mac Mini/Roon.

The Velop units seem to work, but three criticisms (all livable-with):
  • Their "all is working well" indicator is a steady light-blue glow from the top-mounted LED. This is disturbingly close in color to the "I've just reset/been turned on and am booting up" blue.
  • They take a looooong time to go from being turned on to being happily meshed (minutes).
  • They de-mesh themselves from time to time for no apparent reason.
 


Finally replaced an AirPort wireless network with Plume devices and am very happy with the results so far. Upgraded to a gigabit broadband connection, added a relatively inexpensive TP Link 8-port gigabit switched hub to interconnect Plume pods (you can daisy-chain dual-port Ethernet Plume pods via a backbone hub this way) and, across eight Plume SuperPods, now have upwards of 50 devices running smoothly. This includes live streaming TV access and a lifetime support subscription at $200 flat fee.
 


This is helpful info. I am under the task of recommending a new wifi setup for an old (time, not age) client I had. I originally installed Airport TC with AE throughout the home. However, they are building a new home, and I asked them make sure the electrician is Low-Voltage certified and pulls some Cat6 runs to ceiling space (attic) and rooms while the walls aren't even up yet. But I was going to suggest access pointes from Ubiquiti (Unifi AP HD, Unifi Gateway, 16-150W PoE switch, AP Outdoor for coverage near poolside). House not exactly wifi-friendly (metal roof, cement-lapboard siding, thermal-coated window panes).
Without a heatmap, I can't predict if one access point per floor will suffice or be overkill.
 


No, the AmpliFi MeshPoints are wireless only.
Note that the router unit of an AmplifiHD system can also serve as a mesh point, and the system is capable of working via an Ethernet cable connecting routers and using the ones in bridge mode as mesh points. My railroad-style apartment uses this setup with the ISP connection and one AmplifiHD router at one end and one in my office at the other end serving as a mesh point (and clock on my desk). It was only slightly more expensive to purchase the routers separately then purchasing a router+one mesh point system.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts