Ubiquiti Unifi Software Defined Networking

Ubiquiti provides a stack of IT solutions to the prosumer (Professional Consumer) and the small to medium sized business. Ubiquiti stack of solutions offers networking (Unifi), video and voice, all with software management and cloud integration.

Bugs Byte has just delivered a solution from Ubiquiti for Dayton Place. In this deployment Dayton Place can now have complete visibility to their internal network and video security from anywhere with Internet access.


The Ubquiti Cloud Key is at the heart of the Ubiquiti Unifi solution to software defined networking (SDN). The Cloud Key is the local software that ties in the management of the entire Unifi solution – including wireless, connectivity, security and monitoring. The Cloud Key software can be installed on any computer (Window, Mac and Linux); however, is also sold as a PoE powered appliance needing only connected by one port to a PoE switch. With properly configured network and security settings, a Cloud Key can reside on any connected network and manage equipment at remote Internet connected sites. Once the Cloud Key is paired up with a Unifi cloud account, all of its management and monitoring features are accessible in the cloud.

All of the Ubiquiti services, video, voice and networking, are available to be installed on computers of various operating systems (PC, Mac etc.), but also provide decentralized management through apps for IOS and Android (sorry BlackBerry). In the Dayton Place application the Cloud Key and Network Video Recorder (NVR) appliances were selected  for their relative low cost and compatibility when comparing to Windows/Intel implementation.

The Cloud Key when connected to a Unifi account enables cloud access to settings, monitoring and firmware updates for WiFi, ethernet and firewall equipment.


Ubiquiti Access points (UAP) were installed to provide up to four independant SSIDs each. Ubiquiti offers a range of wireless access points (WAP) in two distinct applications. The range of coverages offered start with the residential customer in homes and scale up to the wireless fiber for line-of-site connection between distant buildings. Applications include conventional ceiling and wall mount as well as an innovative recepticle design. The receptical design replaces a convential ethernet wall jack with with and all-in-one PoE powered WAP and RJ45 jack with PoE pass-thru.

During this process it was learned that the UAPs required a legacy version of PoE (24-volt passive) that is not supported by current Ubiquiti switches. in essence, current PoE standards (802.11at) incorporate a power negotiation between the device providing the power and the device consuming it. While some lines of Ubiquiti switches have maintained support for legacy PoE, Ubuquiti has committed to phasing it out entirely. In the mean time, the legacy PoE is available with the in-box PoE injector as well as in-line converters from the current standards to the legacy. Using the converters will allow remote power cycling devices via the switch port management where as the injector will require hands-on effort.

The current WiFi implementation provides conventional password protected (WPA-PSK) access to WiFi. Additionally the solution does offer custom portals, walled gardens, hot spots and other guest access features.

This solution is planned to segment SSIDs for each tenant/guest as well as to implement guest services feature for transient use without needing to provide a password.


Dayton Place is serviced by RCN cable internet broadband for its internet up-link. The service installed includes 155Mb download and 25Mb upload with a dynamically assigned IP address.

The Arris Gateway was provided by RCN and set to bridged mode. This will pass expose any downstream device to public Internet. In this mode the all routing, NATing and firwall functions can be handed off to the downstream device – Ubiquiti Secure Gateway in this case.

An unexpected condition occurred with this particular Arris gateway once set to bridge mode – The WiFi remained enabled but now handed out public IP addresses to wireless clients. And there is evidence that settings for dynamic DNS (DDNS) were retained after factory reset and despite bridge mode.

The gateway is planned to be replaced with a customer owned device in order for a 4-month return on investment (ROI).

… See more about the video, switch and firewall implementations in the next post.